diff options
Diffstat (limited to 'lib')
-rw-r--r-- | lib/default.nix | 20 | ||||
-rw-r--r-- | lib/dns.nix | 14 | ||||
-rw-r--r-- | lib/my.nix | 202 |
3 files changed, 236 insertions, 0 deletions
diff --git a/lib/default.nix b/lib/default.nix new file mode 100644 index 0000000..7a8dfbf --- /dev/null +++ b/lib/default.nix @@ -0,0 +1,20 @@ +lib: _: rec { + my = import ./my.nix lib; + + dns = import ./dns.nix lib; + + isEven = number: + assert (builtins.isInt number) || (builtins.isFloat number); + builtins.div number 2 == 0; + + isOdd = !isEven; + + pow = base: exponent: + assert (builtins.isInt base) && (builtins.isInt exponent); + assert exponent > 0; + builtins.foldl' (x: _: x * base) 1 (builtins.genList _ exponent); + + comcat = lib.concatStringsSep ","; + + mkTcpMem = min: ini: max: (lib.concatMapStrings (x: toString x + " ") [(pow 2 min) (pow 2 ini) (pow 2 max)]); +} diff --git a/lib/dns.nix b/lib/dns.nix new file mode 100644 index 0000000..e486f1c --- /dev/null +++ b/lib/dns.nix @@ -0,0 +1,14 @@ +_: { + const = { + quad9 = { + default = ["9.9.9.9" "149.112.112.112" "2620:fe::fe" "2620:fe::9"]; + unsecured = ["9.9.9.10" "149.112.112.10" "2620:fe::10" "2620:fe::fe:10"]; + ecs = ["9.9.9.11" "149.112.112.11" "2620:fe::11" "2620:fe::fe:11"]; + }; + cloudflare = { + default = ["1.1.1.1" "1.0.0.1" "2606:4700:4700::1111" "2606:4700:4700::1001"]; + blocking = ["1.1.1.2" "1.0.0.2" "2606:4700:4700::1112" "2606:4700:4700::1002"]; + blockingPlus = ["1.1.1.3" "1.0.0.3" "2606:4700:4700::1113" "2606:4700:4700::1003"]; + }; + }; +} diff --git a/lib/my.nix b/lib/my.nix new file mode 100644 index 0000000..f7c4141 --- /dev/null +++ b/lib/my.nix @@ -0,0 +1,202 @@ +lib: +with lib; + (evalModules { + modules = [ + { + options.configurations = mkOption { + description = "My configurations."; + type = with types; + attrsOf (submodule ({name, ...}: { + freeformType = attrs; + options = let + mkConfigurationTypeOption = type: + mkOption { + description = "Whether the machine is a ${type} one."; + type = bool; + default = false; + }; + in { + hostname = mkOption { + description = "The machine's hostname"; + type = str; + default = name; + readOnly = true; + }; + + isHeadless = mkConfigurationTypeOption "headless"; + isHeadful = mkConfigurationTypeOption "headful"; + isOther = mkConfigurationTypeOption "other"; + + ipv4 = { + address = mkOption { + description = "The machine's public IPv4 addresses."; + type = nullOr str; + default = null; + }; + gateway = mkOption { + description = "The machine's IPv4 gateway."; + type = nullOr str; + default = null; + }; + }; + ipv6 = { + address = mkOption { + description = "The machine's public IPv6 addresses."; + type = nullOr str; + default = null; + }; + gateway = mkOption { + description = "The machine's IPv6 gateway."; + type = nullOr str; + default = null; + }; + }; + + wireguard = { + ipv4.address = mkOption { + description = "The machine's internal IPv4 addresses."; + type = nullOr str; + default = null; + }; + ipv6.address = mkOption { + description = "The machine's internal IPv4 addresses."; + type = nullOr str; + default = null; + }; + publicKey = mkOption { + description = "The machine's public key."; + type = nullOr str; + default = null; + }; + }; + + domains = mkOption { + description = "External domains that resovle to this address."; + type = listOf str; + default = []; + }; + + syncthing.id = mkOption { + description = "Syncthing ID."; + type = nullOr str; + default = null; + }; + }; + })); + + default = {}; + }; + + config = { + _module.freeformType = types.attrs; + + fullname = "Azat Bahawi"; + username = "azahi"; + domain = { + azahi = "azahi.cc"; + rohan = "rohan.net"; + gondor = "gondor.net"; + shire = "shire.me"; + }; + email = "frodo@${my.domain.gondor}"; + pgp = { + key = "[REDACTED]"; + fingerprint = "[REDACTED]"; + grip = "[REDACTED]"; + }; + ssh = rec { + type = "ed25519"; + id = my.email; + key = "ssh-${type} [REDACTED] ${id}"; + }; + hashedPassword = "[REDACTED]"; + + configurations = { + manwe = { + isHeadless = true; + ipv4 = { + address = "[IPv4]"; + gateway = "[IPv4]"; + }; + ipv6 = { + address = "[IPv6]"; + gateway = "[IPv6]"; + }; + wireguard = { + ipv4.address = "10.69.0.1"; + ipv6.address = "fd69::0:1"; + publicKey = "[REDACTED]"; + }; + domains = with my.domain; [ + "frodo.${rohan}" + "frodo.${gondor}" + "gotify.${shire}" + "monitoring.${shire}" + azahi + rohan + gondor + shire + ]; + }; + varda = { + isHeadless = true; + ipv4 = { + address = "[IPv4]"; + gateway = "[IPv4]"; + }; + ipv6 = { + address = "[IPv6]"; + gateway = "[IPv6]"; + }; + wireguard = { + ipv4.address = "10.69.1.1"; + ipv6.address = "fd69::1:1"; + publicKey = "[REDACTED]"; + }; + domains = with my.domain; [ + "radicale.${shire}" + "rss-bridge.${shire}" + ]; + }; + yavanna = { + isHeadless = true; + ipv4 = { + address = "[IPv4]"; + gateway = "[IPv4]"; + }; + ipv6 = { + address = "[IPv6]"; + gateway = "[IPv6]"; + }; + wireguard = { + ipv4.address = "10.69.1.2"; + ipv6.address = "fd69::1:2"; + publicKey = "[REDACTED]"; + }; + domains = with my.domain; ["flood.${shire}"]; + syncthing.id = "[Syncthing ID]"; + }; + melian = { + isHeadful = true; + wireguard = { + ipv4.address = "10.69.4.1"; + ipv6.address = "fd69::4:1"; + publicKey = "[REDACTED]"; + }; + syncthing.id = "[Syncthing ID]"; + }; + gothmog = { + isOther = true; + wireguard = { + ipv4.address = "10.69.5.1"; + ipv6.address = "fd69::5:1"; + publicKey = "[REDACTED]"; + }; + syncthing.id = "[Syncthing ID]"; + }; + }; + }; + } + ]; + }) + .config |