diff options
Diffstat (limited to '')
-rw-r--r-- | lib/my.nix | 526 |
1 files changed, 267 insertions, 259 deletions
diff --git a/lib/my.nix b/lib/my.nix index 1044211..391d0ee 100644 --- a/lib/my.nix +++ b/lib/my.nix @@ -1,289 +1,297 @@ lib: with lib; - (evalModules { - modules = [ - { - options.configurations = mkOption { - description = "My configurations."; - type = with types; - attrsOf (submodule ({name, ...}: { - freeformType = attrs; - options = let - mkConfigurationTypeOption = type: - mkOption { - description = "Whether the machine's functional type is a ${type} one."; - type = bool; - default = false; - }; - in { - hostname = mkOption { - description = "The machine's hostname."; - type = str; - default = name; - readOnly = true; - }; +(evalModules { + modules = [ + { + options.configurations = mkOption { + description = "My configurations."; + type = + with types; + attrsOf ( + submodule ( + { name, ... }: + { + freeformType = attrs; + options = + let + mkConfigurationTypeOption = + type: + mkOption { + description = "Whether the machine's functional type is a ${type} one."; + type = bool; + default = false; + }; + in + { + hostname = mkOption { + description = "The machine's hostname."; + type = str; + default = name; + readOnly = true; + }; - system = mkOption { - description = "The machine's system."; - type = nullOr (enum platforms.all); - default = null; - }; + system = mkOption { + description = "The machine's system."; + type = nullOr (enum platforms.all); + default = null; + }; - isHeadless = mkConfigurationTypeOption "headless"; - isHeadful = mkConfigurationTypeOption "headful"; - isOther = mkConfigurationTypeOption "other"; + isHeadless = mkConfigurationTypeOption "headless"; + isHeadful = mkConfigurationTypeOption "headful"; + isOther = mkConfigurationTypeOption "other"; - ipv4 = { - address = mkOption { - description = "The machine's public IPv4 address."; - type = nullOr str; - default = null; - }; - prefixLength = mkOption { - description = "The machine's public IPv4 prefix length."; - type = nullOr int; - default = null; - }; - gatewayAddress = mkOption { - description = "The machine's public IPv4 gateway address."; - type = nullOr str; - default = null; - }; - }; - ipv6 = { - address = mkOption { - description = "The machine's public IPv6 address."; - type = nullOr str; - default = null; - }; - prefixLength = mkOption { - description = "The machine's public IPv6 prefix length."; - type = nullOr int; - default = null; - }; - gatewayAddress = mkOption { - description = "The machine's public IPv6 gateway address."; - type = nullOr str; - default = null; - }; - }; + ipv4 = { + address = mkOption { + description = "The machine's public IPv4 address."; + type = nullOr str; + default = null; + }; + prefixLength = mkOption { + description = "The machine's public IPv4 prefix length."; + type = nullOr int; + default = null; + }; + gatewayAddress = mkOption { + description = "The machine's public IPv4 gateway address."; + type = nullOr str; + default = null; + }; + }; + ipv6 = { + address = mkOption { + description = "The machine's public IPv6 address."; + type = nullOr str; + default = null; + }; + prefixLength = mkOption { + description = "The machine's public IPv6 prefix length."; + type = nullOr int; + default = null; + }; + gatewayAddress = mkOption { + description = "The machine's public IPv6 gateway address."; + type = nullOr str; + default = null; + }; + }; - wireguard = { - ipv4.address = mkOption { - description = "The machine's internal IPv4 addresses."; - type = nullOr str; - default = null; - }; - ipv6.address = mkOption { - description = "The machine's internal IPv6 addresses."; - type = nullOr str; - default = null; - }; - publicKey = mkOption { - description = "The machine's public key."; - type = nullOr str; - default = null; + wireguard = { + ipv4.address = mkOption { + description = "The machine's internal IPv4 addresses."; + type = nullOr str; + default = null; + }; + ipv6.address = mkOption { + description = "The machine's internal IPv6 addresses."; + type = nullOr str; + default = null; + }; + publicKey = mkOption { + description = "The machine's public key."; + type = nullOr str; + default = null; + }; + }; + + # TODO Automate filling of this from the NSD service module. + # Right now I need to copy domain definitions from there to here + # manually. + # + # Something like taking `config.services.nsd.zones[$domain]` and + # filtering for actual subdomains. We can remove this option + # altogether then. + domains = mkOption { + description = "External domains that resolve to this address."; + type = listOf str; + default = [ ]; + }; + + syncthing.id = mkOption { + description = "Syncthing ID."; + type = nullOr str; + default = null; + }; }; - }; + } + ) + ); - # TODO Automate filling of this from the NSD service module. - # Right now I need to copy domain definitions from there to here - # manually. - # - # Something like taking `config.services.nsd.zones[$domain]` and - # filtering for actual subdomains. We can remove this option - # altogether then. - domains = mkOption { - description = "External domains that resolve to this address."; - type = listOf str; - default = []; - }; + default = { }; + }; - syncthing.id = mkOption { - description = "Syncthing ID."; - type = nullOr str; - default = null; - }; - }; - })); + config = { + _module.freeformType = types.attrs; - default = {}; + fullname = "Azat Bahawi"; + username = "azahi"; + domain = { + azahi = "azahi.cc"; + rohan = "rohan.net"; + gondor = "gondor.net"; + shire = "shire.net"; }; + email = "frodo@${my.domain.gondor}"; + pgp = { + key = "@PGP_KEY@"; + fingerprint = "@PGP_FINGERPRINT@"; + grip = "@PGP_GRIP@"; + }; + ssh = rec { + type = "ed25519"; + id = my.email; + key = "ssh-${type} @PUBLIC_KEY@ ${id}"; + }; + hashedPassword = "@HASHED_PASSWORD@"; - config = { - _module.freeformType = types.attrs; - - fullname = "Azat Bahawi"; - username = "azahi"; - domain = { - azahi = "azahi.cc"; - rohan = "rohan.net"; - gondor = "gondor.net"; - shire = "shire.net"; - }; - email = "frodo@${my.domain.gondor}"; - pgp = { - key = "@PGP_KEY@"; - fingerprint = "@PGP_FINGERPRINT@"; - grip = "@PGP_GRIP@"; - }; - ssh = rec { - type = "ed25519"; - id = my.email; - key = "ssh-${type} @PUBLIC_KEY@ ${id}"; + configurations = { + # VPS in Germany. + manwe = { + system = "x86_64-linux"; + isHeadless = true; + ipv4 = { + gatewayAddress = "@IPV4_ADDRESS@"; + address = "@IPV4_ADDRESS@"; + prefixLength = 22; + }; + ipv6 = { + gatewayAddress = "@IPV6_ADDRESS@"; + address = "@IPV6_ADDRESS@]"; + prefixLength = 64; + }; + wireguard = { + ipv4.address = "10.69.0.1"; + ipv6.address = "fd69::0:1"; + publicKey = "@PUBLIC_KEY@"; + }; + domains = with my.domain; [ + "alertmanager.${shire}" + "frodo.${rohan}" + "frodo.${gondor}" + "bitwarden.${shire}" + "git.${azahi}" + "git.${shire}" + "grafana.${shire}" + "loki.${shire}" + "ntfy.${shire}" + "plausible.${shire}" + "prometheus.${shire}" + "radicale.${shire}" + "rss-bridge.${shire}" + "start.local" + "vaultwarden.${shire}" + azahi + rohan + gondor + shire + ]; }; - hashedPassword = "@HASHED_PASSWORD@"; - configurations = { - # VPS in Germany. - manwe = { - system = "x86_64-linux"; - isHeadless = true; - ipv4 = { - gatewayAddress = "@IPV4_ADDRESS@"; - address = "@IPV4_ADDRESS@"; - prefixLength = 22; - }; - ipv6 = { - gatewayAddress = "@IPV6_ADDRESS@"; - address = "@IPV6_ADDRESS@]"; - prefixLength = 64; - }; - wireguard = { - ipv4.address = "10.69.0.1"; - ipv6.address = "fd69::0:1"; - publicKey = "@PUBLIC_KEY@"; - }; - domains = with my.domain; [ - "alertmanager.${shire}" - "frodo.${rohan}" - "frodo.${gondor}" - "bitwarden.${shire}" - "git.${azahi}" - "git.${shire}" - "grafana.${shire}" - "loki.${shire}" - "ntfy.${shire}" - "plausible.${shire}" - "prometheus.${shire}" - "radicale.${shire}" - "rss-bridge.${shire}" - "start.local" - "vaultwarden.${shire}" - azahi - rohan - gondor - shire - ]; + # VPS in Germany. + varda = { + system = "x86_64-linux"; + isHeadless = true; + ipv4 = { + gatewayAddress = "@IPV4_ADDRESS@"; + address = "@IPV4_ADDRESS@"; + prefixLength = 22; }; - - # VPS in Germany. - varda = { - system = "x86_64-linux"; - isHeadless = true; - ipv4 = { - gatewayAddress = "@IPV4_ADDRESS@"; - address = "@IPV4_ADDRESS@"; - prefixLength = 22; - }; - ipv6 = { - gatewayAddress = "@IPV6_ADDRESS@"; - address = "@IPV6_ADDRESS@"; - prefixLength = 64; - }; - wireguard = { - ipv4.address = "10.69.1.1"; - ipv6.address = "fd69::1:1"; - publicKey = "@PUBLIC_KEY@"; - }; + ipv6 = { + gatewayAddress = "@IPV6_ADDRESS@"; + address = "@IPV6_ADDRESS@"; + prefixLength = 64; + }; + wireguard = { + ipv4.address = "10.69.1.1"; + ipv6.address = "fd69::1:1"; + publicKey = "@PUBLIC_KEY@"; }; + }; - # VPS in France. - yavanna = { - system = "x86_64-linux"; - isHeadless = true; - ipv4 = { - gatewayAddress = "@IPV4_ADDRESS@"; - address = "@IPV4_ADDRESS@"; - prefixLength = 24; - }; - ipv6 = { - gatewayAddress = "@IPV6_ADDRESS@"; - address = "@IPV6_ADDRESS@"; - prefixLength = 128; - }; - wireguard = { - ipv4.address = "10.69.1.2"; - ipv6.address = "fd69::1:2"; - publicKey = "@PUBLIC_KEY@"; - }; - domains = with my.domain; [ - "flood.${shire}" - "jackett.${shire}" - "lidarr.${shire}" - ]; - syncthing.id = "@SYNCTHING_ID@"; + # VPS in France. + yavanna = { + system = "x86_64-linux"; + isHeadless = true; + ipv4 = { + gatewayAddress = "@IPV4_ADDRESS@"; + address = "@IPV4_ADDRESS@"; + prefixLength = 24; }; + ipv6 = { + gatewayAddress = "@IPV6_ADDRESS@"; + address = "@IPV6_ADDRESS@"; + prefixLength = 128; + }; + wireguard = { + ipv4.address = "10.69.1.2"; + ipv6.address = "fd69::1:2"; + publicKey = "@PUBLIC_KEY@"; + }; + domains = with my.domain; [ + "flood.${shire}" + "jackett.${shire}" + "lidarr.${shire}" + ]; + syncthing.id = "@SYNCTHING_ID@"; + }; - # A beefy desktop: 7950x/rx6750xt/128GB. - eonwe = { - system = "x86_64-linux"; - isHeadful = true; - wireguard = { - ipv4.address = "10.69.3.1"; - ipv6.address = "fd69::3:1"; - publicKey = "@PUBLIC_KEY@"; - }; - syncthing.id = "@SYNCTHING_ID@"; + # A beefy desktop: 7950x/rx6750xt/128GB. + eonwe = { + system = "x86_64-linux"; + isHeadful = true; + wireguard = { + ipv4.address = "10.69.3.1"; + ipv6.address = "fd69::3:1"; + publicKey = "@PUBLIC_KEY@"; }; + syncthing.id = "@SYNCTHING_ID@"; + }; - # ThinkPad T480. - melian = { - system = "x86_64-linux"; - isHeadful = true; - wireguard = { - ipv4.address = "10.69.4.1"; - ipv6.address = "fd69::4:1"; - publicKey = "@PUBLIC_KEY@"; - }; - syncthing.id = "@SYNCTHING_ID@"; + # ThinkPad T480. + melian = { + system = "x86_64-linux"; + isHeadful = true; + wireguard = { + ipv4.address = "10.69.4.1"; + ipv6.address = "fd69::4:1"; + publicKey = "@PUBLIC_KEY@"; }; + syncthing.id = "@SYNCTHING_ID@"; + }; - # Macbook Air M1. - mairon = { - system = "aarch64-darwin"; - isHeadful = true; - wireguard = { - ipv4.address = "10.69.4.2"; - ipv6.address = "fd69::4:2"; - publicKey = "@PUBLIC_KEY@"; - }; + # Macbook Air M1. + mairon = { + system = "aarch64-darwin"; + isHeadful = true; + wireguard = { + ipv4.address = "10.69.4.2"; + ipv6.address = "fd69::4:2"; + publicKey = "@PUBLIC_KEY@"; }; + }; - # Google Pixel 4a w/ GrapheneOS. - gothmog = { - isOther = true; - wireguard = { - ipv4.address = "10.69.5.1"; - ipv6.address = "fd69::5:1"; - publicKey = "@PUBLIC_KEY@"; - }; - syncthing.id = "@SYNCTHING_ID@"; + # Google Pixel 4a w/ GrapheneOS. + gothmog = { + isOther = true; + wireguard = { + ipv4.address = "10.69.5.1"; + ipv6.address = "fd69::5:1"; + publicKey = "@PUBLIC_KEY@"; }; + syncthing.id = "@SYNCTHING_ID@"; + }; - # Google Pixel 7a w/ GrapheneOS. - lungorthin = { - isOther = true; - wireguard = { - ipv4.address = "10.69.5.2"; - ipv6.address = "fd69::5:2"; - publicKey = "@PUBLIC_KEY@"; - }; - syncthing.id = "@SYNCTHING_ID@"; + # Google Pixel 7a w/ GrapheneOS. + lungorthin = { + isOther = true; + wireguard = { + ipv4.address = "10.69.5.2"; + ipv6.address = "fd69::5:2"; + publicKey = "@PUBLIC_KEY@"; }; + syncthing.id = "@SYNCTHING_ID@"; }; }; - } - ]; - }) - .config + }; + } + ]; +}).config |