about summary refs log tree commit diff
path: root/lib
diff options
context:
space:
mode:
authorAzat Bahawi <azat@bahawi.net>2022-08-12 22:53:53 +0300
committerAzat Bahawi <azat@bahawi.net>2022-08-12 22:53:53 +0300
commit61b94f0dd06cac0f7dcd38cce80f2a7ab8376098 (patch)
treeb703a9fe11eae6c4cae4e4682f02caf0caa171d0 /lib
2022-08-12
Diffstat (limited to 'lib')
-rw-r--r--lib/default.nix20
-rw-r--r--lib/dns.nix14
-rw-r--r--lib/my.nix202
3 files changed, 236 insertions, 0 deletions
diff --git a/lib/default.nix b/lib/default.nix
new file mode 100644
index 0000000..7a8dfbf
--- /dev/null
+++ b/lib/default.nix
@@ -0,0 +1,20 @@
+lib: _: rec {
+  my = import ./my.nix lib;
+
+  dns = import ./dns.nix lib;
+
+  isEven = number:
+    assert (builtins.isInt number) || (builtins.isFloat number);
+      builtins.div number 2 == 0;
+
+  isOdd = !isEven;
+
+  pow = base: exponent:
+    assert (builtins.isInt base) && (builtins.isInt exponent);
+    assert exponent > 0;
+      builtins.foldl' (x: _: x * base) 1 (builtins.genList _ exponent);
+
+  comcat = lib.concatStringsSep ",";
+
+  mkTcpMem = min: ini: max: (lib.concatMapStrings (x: toString x + " ") [(pow 2 min) (pow 2 ini) (pow 2 max)]);
+}
diff --git a/lib/dns.nix b/lib/dns.nix
new file mode 100644
index 0000000..e486f1c
--- /dev/null
+++ b/lib/dns.nix
@@ -0,0 +1,14 @@
+_: {
+  const = {
+    quad9 = {
+      default = ["9.9.9.9" "149.112.112.112" "2620:fe::fe" "2620:fe::9"];
+      unsecured = ["9.9.9.10" "149.112.112.10" "2620:fe::10" "2620:fe::fe:10"];
+      ecs = ["9.9.9.11" "149.112.112.11" "2620:fe::11" "2620:fe::fe:11"];
+    };
+    cloudflare = {
+      default = ["1.1.1.1" "1.0.0.1" "2606:4700:4700::1111" "2606:4700:4700::1001"];
+      blocking = ["1.1.1.2" "1.0.0.2" "2606:4700:4700::1112" "2606:4700:4700::1002"];
+      blockingPlus = ["1.1.1.3" "1.0.0.3" "2606:4700:4700::1113" "2606:4700:4700::1003"];
+    };
+  };
+}
diff --git a/lib/my.nix b/lib/my.nix
new file mode 100644
index 0000000..f7c4141
--- /dev/null
+++ b/lib/my.nix
@@ -0,0 +1,202 @@
+lib:
+with lib;
+  (evalModules {
+    modules = [
+      {
+        options.configurations = mkOption {
+          description = "My configurations.";
+          type = with types;
+            attrsOf (submodule ({name, ...}: {
+              freeformType = attrs;
+              options = let
+                mkConfigurationTypeOption = type:
+                  mkOption {
+                    description = "Whether the machine is a ${type} one.";
+                    type = bool;
+                    default = false;
+                  };
+              in {
+                hostname = mkOption {
+                  description = "The machine's hostname";
+                  type = str;
+                  default = name;
+                  readOnly = true;
+                };
+
+                isHeadless = mkConfigurationTypeOption "headless";
+                isHeadful = mkConfigurationTypeOption "headful";
+                isOther = mkConfigurationTypeOption "other";
+
+                ipv4 = {
+                  address = mkOption {
+                    description = "The machine's public IPv4 addresses.";
+                    type = nullOr str;
+                    default = null;
+                  };
+                  gateway = mkOption {
+                    description = "The machine's IPv4 gateway.";
+                    type = nullOr str;
+                    default = null;
+                  };
+                };
+                ipv6 = {
+                  address = mkOption {
+                    description = "The machine's public IPv6 addresses.";
+                    type = nullOr str;
+                    default = null;
+                  };
+                  gateway = mkOption {
+                    description = "The machine's IPv6 gateway.";
+                    type = nullOr str;
+                    default = null;
+                  };
+                };
+
+                wireguard = {
+                  ipv4.address = mkOption {
+                    description = "The machine's internal IPv4 addresses.";
+                    type = nullOr str;
+                    default = null;
+                  };
+                  ipv6.address = mkOption {
+                    description = "The machine's internal IPv4 addresses.";
+                    type = nullOr str;
+                    default = null;
+                  };
+                  publicKey = mkOption {
+                    description = "The machine's public key.";
+                    type = nullOr str;
+                    default = null;
+                  };
+                };
+
+                domains = mkOption {
+                  description = "External domains that resovle to this address.";
+                  type = listOf str;
+                  default = [];
+                };
+
+                syncthing.id = mkOption {
+                  description = "Syncthing ID.";
+                  type = nullOr str;
+                  default = null;
+                };
+              };
+            }));
+
+          default = {};
+        };
+
+        config = {
+          _module.freeformType = types.attrs;
+
+          fullname = "Azat Bahawi";
+          username = "azahi";
+          domain = {
+            azahi = "azahi.cc";
+            rohan = "rohan.net";
+            gondor = "gondor.net";
+            shire = "shire.me";
+          };
+          email = "frodo@${my.domain.gondor}";
+          pgp = {
+            key = "[REDACTED]";
+            fingerprint = "[REDACTED]";
+            grip = "[REDACTED]";
+          };
+          ssh = rec {
+            type = "ed25519";
+            id = my.email;
+            key = "ssh-${type} [REDACTED] ${id}";
+          };
+          hashedPassword = "[REDACTED]";
+
+          configurations = {
+            manwe = {
+              isHeadless = true;
+              ipv4 = {
+                address = "[IPv4]";
+                gateway = "[IPv4]";
+              };
+              ipv6 = {
+                address = "[IPv6]";
+                gateway = "[IPv6]";
+              };
+              wireguard = {
+                ipv4.address = "10.69.0.1";
+                ipv6.address = "fd69::0:1";
+                publicKey = "[REDACTED]";
+              };
+              domains = with my.domain; [
+                "frodo.${rohan}"
+                "frodo.${gondor}"
+                "gotify.${shire}"
+                "monitoring.${shire}"
+                azahi
+                rohan
+                gondor
+                shire
+              ];
+            };
+            varda = {
+              isHeadless = true;
+              ipv4 = {
+                address = "[IPv4]";
+                gateway = "[IPv4]";
+              };
+              ipv6 = {
+                address = "[IPv6]";
+                gateway = "[IPv6]";
+              };
+              wireguard = {
+                ipv4.address = "10.69.1.1";
+                ipv6.address = "fd69::1:1";
+                publicKey = "[REDACTED]";
+              };
+              domains = with my.domain; [
+                "radicale.${shire}"
+                "rss-bridge.${shire}"
+              ];
+            };
+            yavanna = {
+              isHeadless = true;
+              ipv4 = {
+                address = "[IPv4]";
+                gateway = "[IPv4]";
+              };
+              ipv6 = {
+                address = "[IPv6]";
+                gateway = "[IPv6]";
+              };
+              wireguard = {
+                ipv4.address = "10.69.1.2";
+                ipv6.address = "fd69::1:2";
+                publicKey = "[REDACTED]";
+              };
+              domains = with my.domain; ["flood.${shire}"];
+              syncthing.id = "[Syncthing ID]";
+            };
+            melian = {
+              isHeadful = true;
+              wireguard = {
+                ipv4.address = "10.69.4.1";
+                ipv6.address = "fd69::4:1";
+                publicKey = "[REDACTED]";
+              };
+              syncthing.id = "[Syncthing ID]";
+            };
+            gothmog = {
+              isOther = true;
+              wireguard = {
+                ipv4.address = "10.69.5.1";
+                ipv6.address = "fd69::5:1";
+                publicKey = "[REDACTED]";
+              };
+              syncthing.id = "[Syncthing ID]";
+            };
+          };
+        };
+      }
+    ];
+  })
+  .config

Consider giving Nix/NixOS a try! <3