c3d2/nix-config
c3d2
/
nix-config
24
7
Fork 3
Code Issues 12 Pull Requests 2 Releases Wiki Activity

Deadnix, statix, other cleanups

This commit is contained in:
Sandro - 2022-12-04 08:53:28 +01:00
parent 32dd3e9d8a
commit 6b8d8541c6
Signed by: sandro
GPG Key ID: 3AF5A43A3EECC2E5
59 changed files with 139 additions and 192 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
flake.nix
View File

@ -207,7 +207,7 @@
inherit (inputs) tracer bevy-mandelbrot bevy-julia;
};
legacyPackages = lib.attrsets.mapAttrs (system: pkgs:
legacyPackages = lib.attrsets.mapAttrs (_: pkgs:
pkgs.appendOverlays [
fenix.overlays.default
naersk.overlay
@ -224,7 +224,7 @@
inherit specialArgs system;
modules = [
({ pkgs, ... }: {
({ ... }: {
_module.args = extraArgs // {
inherit hostRegistry inputs zentralwerk;
};
@ -327,7 +327,7 @@
radiobert = nixosSystem' {
modules = [
({ modulesPath, ... }:
({ ... }:
{
nixpkgs.overlays = [ heliwatch.overlay ];
})
@ -763,7 +763,7 @@
else nixosSystem.config.system.build.toplevel
) self.nixosConfigurations
// nixos.lib.filterAttrs (name: attr:
(builtins.match ".+-tftproot" name != null && lib.isDerivation attr)
(lib.match ".+-tftproot" name != null && lib.isDerivation attr)
) self.packages.aarch64-linux
);
};

4
hosts/auth/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, config, lib, pkgs, ... }:
{ config, ... }:
{
c3d2 = {
@ -58,7 +58,7 @@
age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = ./secrets.yaml;
secrets."portunus/seed" = {
group = config.services.portunus.group;
inherit (config.services.portunus) group;
owner = config.services.portunus.user;
};
};

2
hosts/blogs/default.nix
View File

@ -1,4 +1,4 @@
{ hostRegistry, zentralwerk, config, ... }:
{ config, ... }:
{
microvm.mem = 2048;
c3d2.deployment = {

2
hosts/broker/default.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, zentralwerk, ... }:
{ config, pkgs, ... }:
let
mymqttui = pkgs.writeScriptBin "mqttui" ''

12
hosts/c3d2-web/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, nixpkgs, config, lib, pkgs, ... }:
{ config, pkgs, ... }:
let
webroot = "/var/www";
geminiRoot = "/var/gemini";
@ -150,11 +150,11 @@ in
home = "/var/lib/c3d2-web";
};
systemd.tmpfiles.rules = [
"d ${webroot}/c3d2 0755 c3d2-web ${config.users.users.c3d2-web.group} -"
"d ${webroot}/log 0755 c3d2-web ${config.users.users.c3d2-web.group} -"
"d ${geminiRoot} 0755 c3d2-web ${config.users.users.c3d2-web.group} -"
"d ${config.users.users.c3d2-web.home} 0700 c3d2-web ${config.users.users.c3d2-web.group} -"
systemd.tmpfiles.rules = with config.users.users.c3d2-web; [
"d ${webroot}/c3d2 0755 c3d2-web ${group} -"
"d ${webroot}/log 0755 c3d2-web ${group} -"
"d ${geminiRoot} 0755 c3d2-web ${group} -"
"d ${home} 0700 c3d2-web ${group} -"
];
# Build script

2
hosts/dacbert/default.nix
View File

@ -1,4 +1,4 @@
{ hostRegistry, config, lib, pkgs, modulesPath, ... }:
{ hostRegistry, config, lib, pkgs, ... }:
{
c3d2 = {

11
hosts/direkthilfe/default.nix
View File

@ -1,7 +1,6 @@
{ pkgs, ... }:
let
domain = "direkthilfe.c3d2.de";
in {
{ config, pkgs, ... }:
{
networking.hostName = "direkthilfe";
microvm.mem = 1024;
c3d2.deployment = {
@ -27,7 +26,7 @@ in {
services.engelsystem = {
enable = true;
domain = domain;
domain = "direkthilfe.c3d2.de";
createDatabase = true;
package = pkgs.engelsystem.override { php = pkgs.php74; };
config = {
@ -64,7 +63,7 @@ in {
services.phpfpm.phpPackage = pkgs.php74;
services.nginx = {
enable = true;
virtualHosts."${domain}" = {
virtualHosts."${config.services.engelsystem.domain}" = {
default = true;
forceSSL = true;
enableACME = true;

2
hosts/dn42/default.nix
View File

@ -140,7 +140,7 @@ in {
}
'' else
"";
interface = if conf ? interface then conf.interface else name;
interface = conf.interface or name;
in "${neighbor4}${neighbor6}") neighbors));
in ''
protocol kernel {

2
hosts/factorio/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, config, lib, pkgs, ... }:
{ config, lib, ... }:
{
c3d2 = {

2
hosts/ftp/default.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, zentralwerk, ... }:
{ config, pkgs, ... }:
{
c3d2 = {

2
hosts/gitea/default.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, lib, zentralwerk, ... }:
{ config, pkgs, lib, ... }:
{
c3d2 = {

2
hosts/glotzbert/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, config, pkgs, ... }:
{ config, pkgs, ... }:
{
imports = [ ./hardware-configuration.nix ];

2
hosts/glotzbert/hardware-configuration.nix
View File

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ lib, modulesPath, ... }:
{
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

2
hosts/grafana/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, config, pkgs, lib, modulesPath, ... }:
{ config, pkgs, ... }:
let
restartServices = [ "grafana" "influxdb" ];

2
hosts/hedgedoc/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, config, lib, pkgs, ... }:
{ config, pkgs, ... }:
{
c3d2 = {

4
hosts/hydra/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, config, pkgs, lib, ... }:
{ config, pkgs, ... }:
{
imports = [
@ -52,5 +52,5 @@
c3d2.hq.statistics.enable = true;
services.smartd.enable = true;
system.stateVersion = "20.09"; # Did you read the comment?
system.stateVersion = "20.09";
}

2
hosts/hydra/hardware-configuration.nix
View File

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ config, lib, modulesPath, ... }:
{
imports =

2
hosts/hydra/hydra.nix
View File

@ -1,4 +1,4 @@
{ self, hostRegistry, hydra-ca, config, lib, pkgs, ... }:
{ config, lib, ... }:
let
cachePort = 5000;

2
hosts/leon/default.nix
View File

@ -26,7 +26,7 @@
# `...-' `...-'
#--------------------------------------------------------------------------------
{ config, lib, pkgs, ... }:
{ lib, pkgs, ... }:
{
deployment = {
persistedShares = [ "/etc" "/home" "/var" ];

2
hosts/leoncloud/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, config, lib, pkgs, ... }:
{ config, lib, pkgs, ... }:
{
deployment = {

2
hosts/matemat/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, config, lib, pkgs, ... }:
{ pkgs, ... }:
{
c3d2 = {

2
hosts/mediawiki/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, config, lib, pkgs, ... }:
{ config, lib, pkgs, ... }:
{
networking.hostName = "mediawiki";

2
hosts/mobilizon/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, config, pkgs, ... }:
{ config, pkgs, ... }:
{
microvm.mem = 1024;
c3d2.isInHq = false;

2
hosts/mucbot/default.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, tigger, ... }:
{ pkgs, tigger, ... }:
{
deployment = {

4
hosts/network-homepage/default.nix
View File

@ -1,6 +1,4 @@
{ zentralwerk, config, lib, pkgs, ... }:
with lib;
{ zentralwerk, pkgs, ... }:
{
system.stateVersion = "22.05";

4
hosts/nfsroot/default.nix
View File

@ -1,7 +1,5 @@
{ zentralwerk, config, lib, pkgs, ... }:
{ lib, ... }:
let
netConfig = zentralwerk.lib.config.site.net.serv;
nfsExports = [
"var/lib/nfsroot/dacbert"
"var/lib/nfsroot/riscbert"

2
hosts/nncp/default.nix
View File

@ -37,7 +37,7 @@
xx = "tx"; # transmit only
when-tx-exists = true;
};
in lib.mapAttrs (name: value:
in lib.mapAttrs (_: value:
value // {
via = lib.lists.remove "c3d2" value.via;
} // (lib.attrsets.optionalAttrs (value.addrs or { } != { }) {

8
hosts/nncp/neighbours.nix
View File

@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }:
{ config, pkgs, ... }:
let
exec = {
{
programs.nncp.settings.neigh.emery.exec = {
# A command to asynchronously export store paths to a remote caller.
nix-store-export = with pkgs;
[
@ -16,4 +16,4 @@ let
# A command to import store paths from a remote caller.
nix-store-import = [ "${config.nix.package}/bin/nix-store" "--import" ];
};
in { programs.nncp.settings.neigh = { emery = { inherit exec; }; }; }
}

8
hosts/oparl/default.nix
View File

@ -1,9 +1,7 @@
{ zentralwerk, oparl-scraper, config, pkgs, ... }:
{ oparl-scraper, config, pkgs, ... }:
let
ratsinfo-scraper = import oparl-scraper { inherit pkgs; };
netConfig = zentralwerk.lib.config.site.net.serv;
in
{
c3d2.deployment = {
@ -41,7 +39,7 @@ in
path = with pkgs; [
git openssh poppler_utils ratsinfo-scraper
];
script = ''
script = /* bash */ ''
if [ -d data ]; then
pushd data
git pull

4
hosts/prometheus/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, config, pkgs, lib, ... }:
{ zentralwerk, config, lib, ... }:
{
sops.defaultSopsFile = ./secrets.yaml;
@ -64,7 +64,7 @@
static_configs =
let
zwNets = zentralwerk.lib.config.site.net;
fromNet = net: filter:
fromNet = net: _:
map (host:
"${host}.${net}.zentralwerk.org:9100"
) (builtins.attrNames zwNets.${net}.hosts4);

63
hosts/public-access-proxy/proxy.nix
View File

@ -1,50 +1,48 @@
{ config, lib, pkgs, ... }:
{ config, lib, ... }:
with lib;
let cfg = config.services.proxy;
canonicalize = builtins.replaceStrings ["*" "." ":" "[" "]"] ["all" "_" "_" "" ""];
in {
let
cfg = config.services.proxy;
canonicalize = builtins.replaceStrings [ "*" "." ":" "[" "]" ] [ "all" "_" "_" "" "" ];
in
{
options.services.proxy = {
enable = mkOption {
enable = lib.mkOption {
default = false;
description = "whether to enable proxy";
type = types.bool;
type = lib.types.bool;
};
proxyHosts = mkOption {
type = types.listOf (types.submodule {
proxyHosts = lib.mkOption {
type = lib.types.listOf (lib.types.submodule {
options = {
hostNames = mkOption {
type = types.listOf types.str;
hostNames = lib.mkOption {
type = with lib.types; listOf str;
default = [ ];
description = ''
Proxy these hostNames.
'';
};
proxyTo = mkOption {
type = types.submodule {
proxyTo = lib.mkOption {
type = lib.types.submodule {
options = {
host = mkOption {
type = types.nullOr types.string;
host = lib.mkOption {
type = with lib.types; nullOr string;
default = null;
description = ''
Host to forward traffic to.
Any hostname may only be used once
'';
};
httpPort = mkOption {
type = types.int;
httpPort = lib.mkOption {
type = lib.types.int;
default = 80;
description = ''
Port to forward http to.
'';
};
httpsPort = mkOption {
type = types.int;
httpsPort = lib.mkOption {
type = lib.types.int;
default = 443;
description = ''
Port to forward http to.
@ -57,8 +55,8 @@ in {
'';
default = { };
};
matchArg = mkOption {
type = types.str;
matchArg = lib.mkOption {
type = lib.types.str;
default = "";
description = "Optional argument to HAProxy `req.ssl_sni -i`";
};
@ -76,11 +74,9 @@ in {
};
}];
};
};
config = mkIf cfg.enable {
config = lib.mkIf cfg.enable {
services.haproxy = {
enable = true;
config = ''
@ -101,10 +97,9 @@ in {
option forwardfor
http-request set-header X-Forwarded-Proto http
http-request set-header X-Forwarded-Port 80
${
concatMapStrings ({ proxyTo, hostNames, matchArg }:
optionalString (hostNames != [ ] && proxyTo.host != null) (
concatMapStrings (hostname: ''
${lib.concatMapStrings ({ proxyTo, hostNames, matchArg }:
lib.optionalString (hostNames != [ ] && proxyTo.host != null) (
lib.concatMapStrings (hostname: ''
use-server ${canonicalize hostname}-http if { req.hdr(host) -i ${matchArg} ${hostname} }
server ${canonicalize hostname}-http ${proxyTo.host}:${
toString proxyTo.httpPort
@ -118,13 +113,13 @@ in {
bind :::443 v4v6
tcp-request inspect-delay 5s
tcp-request content accept if { req.ssl_hello_type 1 }
${concatMapStrings ({ proxyTo, hostNames, matchArg }:
concatMapStrings (hostname: ''
${lib.concatMapStrings ({ proxyTo, hostNames, matchArg }:
lib.concatMapStrings (hostname: ''
use_backend ${canonicalize proxyTo.host}-https if { req.ssl_sni -i ${matchArg} ${hostname} }
'') hostNames
) cfg.proxyHosts}
${concatMapStrings ({ proxyTo, hostNames, matchArg }: ''
${lib.concatMapStrings ({ proxyTo, ... }: ''
backend ${canonicalize proxyTo.host}-https
server ${canonicalize proxyTo.host}-https ${proxyTo.host}:${
toString proxyTo.httpsPort

2
hosts/public-access-proxy/stats.nix
View File

@ -1,4 +1,4 @@
{ pkgs, lib, ... }:
{ pkgs, ... }:
{
c3d2.hq.statistics.enable = true;

2
hosts/pulsebert/hardware-configuration.nix
View File

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ lib, ... }:
{
#imports =

2
hosts/rpi-netboot/default.nix
View File

@ -1,4 +1,4 @@
{ hostRegistry, nixpkgs, config, lib, pkgs, modulesPath, ... }:
{ hostRegistry, lib, pkgs, ... }:
{
c3d2 = {

2
hosts/scrape/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, pkgs, config, scrapers, ... }:
{ pkgs, config, scrapers, ... }:
let
freifunkNodes = {

2
hosts/sdrweb/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, config, pkgs, ... }:
{ config, pkgs, ... }:
{
deployment = {
# needs to keep just its ssh key for sops-nix

2
hosts/server10/default.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ config, ... }:
{
imports = [

2
hosts/server10/hardware-configuration.nix
View File

@ -1,4 +1,4 @@
{ config, lib, pkgs, modulesPath, ... }:
{ config, lib, modulesPath, ... }:
{
imports =

2
hosts/server8/default.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
{ ... }:
{
imports = [

2
hosts/server8/hardware-configuration.nix
View File

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ config, lib, modulesPath, ... }:
{
imports =

2
hosts/server9/default.nix
View File

@ -1,4 +1,4 @@
{ config, pkgs, ... }:
_:
{
imports = [

2
hosts/server9/hardware-configuration.nix
View File

@ -1,7 +1,7 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }:
{ config, lib, modulesPath, ... }:
{
imports =

3
hosts/spaceapi/default.nix
View File

@ -1,4 +1,5 @@
{ zentralwerk, ... }:
_:
{
c3d2.deployment = {
server = "server10";

4
hosts/ticker/default.nix
View File

@ -1,6 +1,4 @@
{ zentralwerk, config, lib, pkgs, ... }:
with lib;
{ zentralwerk, config, ... }:
{
system.stateVersion = "22.05";

11
hosts/zengel/default.nix
View File

@ -1,7 +1,6 @@
{ pkgs, ... }:
let
domain = "zengel.datenspuren.de";
in {
{ config, pkgs, ... }:
{
networking.hostName = "zengel";
microvm.mem = 1024;
c3d2.deployment = {
@ -13,7 +12,7 @@ in {
services.engelsystem = {
enable = true;
domain = domain;
domain = "zengel.datenspuren.de";
createDatabase = true;
package = pkgs.engelsystem.override { php = pkgs.php74; };
config = {
@ -50,7 +49,7 @@ in {
services.phpfpm.phpPackage = pkgs.php74;
services.nginx = {
enable = true;
virtualHosts."${domain}" = {
virtualHosts."${config.services.engelsystem.domain}" = {
default = true;
forceSSL = true;
enableACME = true;

2
modules/audio-server.nix
View File

@ -35,7 +35,7 @@
bluetoothSupport = true;
advancedBluetoothCodecs = true;
zeroconfSupport = true;
}).overrideAttrs (oldAttrs: {
}).overrideAttrs (_: {
# one test times out
doCheck = false;
});

2
modules/backup.nix
View File

@ -2,7 +2,7 @@
{
config.services.postgresqlBackup = {
enable = config.services.postgresql.enable;
inherit (config.services.postgresql) enable;
backupAll = true;
compression = "zstd";
# compressionLevel = 9; # TODO: only available with 21.11

8
modules/c3d2.nix
View File

@ -169,21 +169,21 @@ in
config =
let
adminKeys = (with builtins; lib.lists.flatten (
adminKeys = with builtins; lib.lists.flatten (
map
(getAttr "sshKeys")
(attrValues cfg.users)
));
);
mkIfIsInHq = x: lib.mkIf cfg.isInHq (lib.mkDefault x);
in
{
networking.hosts = lib.mkIf cfg.mergeHostsFile
((
lib.attrsets.mapAttrs' (n: v: { name = v.ip4; value = [ "${n}.c3d2" ]; })
(lib.attrsets.filterAttrs (n: v: v.ip4 != null) cfg.hosts)
(lib.attrsets.filterAttrs (_: v: v.ip4 != null) cfg.hosts)
) // (
lib.attrsets.mapAttrs' (n: v: { name = v.ip6; value = [ "${n}.c3d2" ]; })
(lib.attrsets.filterAttrs (n: v: v.ip6 != null) cfg.hosts)
(lib.attrsets.filterAttrs (_: v: v.ip6 != null) cfg.hosts)
));
programs.nncp.settings = lib.optionalAttrs cfg.mergeNncpSettings cfg.nncp;

6
modules/cluster/default.nix
View File

@ -1,4 +1,4 @@
{ zentralwerk, hostRegistry, config, lib, pkgs, ... }:
{ zentralwerk, hostRegistry, config, lib, ... }:
let
inherit (config.networking) hostName;
@ -15,8 +15,6 @@ let
then net
else result
) null [ "cluster" "serv" ];
ipv4Addr = zentralwerk.lib.config.site.net.${serverNet hostName}.hosts4.${hostName};
in {
# Open firewall between cluster members
networking.firewall.extraCommands = lib.concatMapStrings (server:
@ -41,7 +39,7 @@ in {
);
nomad = {
datacenter = "c3d2";
servers = servers;
inherit servers;
# run tasks only on these:
client.enable = builtins.elem hostName microvmServers;
client.meta =

4
modules/cluster/deployment-options.nix
View File

@ -13,9 +13,9 @@
networks = mkOption {
type = with types; listOf str;
default = builtins.attrNames (
lib.filterAttrs (net: { hosts4, hosts6, ... }:
lib.filterAttrs (_: { hosts4, hosts6, ... }:
hosts4 ? ${config.networking.hostName} ||
lib.filterAttrs (ctx: hosts6:
lib.filterAttrs (_: hosts6:
hosts6 ? ${config.networking.hostName}
) hosts6 != {}
) zentralwerk.lib.config.site.net

3
modules/cluster/deployment.nix
View File

@ -31,8 +31,7 @@ in
{
microvm = {
hypervisor = "cloud-hypervisor";
vcpu = config.deployment.vcpu;
mem = config.deployment.mem;
inherit (config.deployment) mem vcpu;
preStart = ''
# Discard old writable store overlay

26
modules/logging.nix
View File

@ -1,28 +1,6 @@
{ hostRegistry, config, pkgs, lib, ... }:
{ config, pkgs, lib, ... }:
let
nginxGlobalLogging = ''
log_format graylog2_json escape=json '{ "timestamp": "$time_iso8601", '
'"remote_addr": "$remote_addr", '
'"body_bytes_sent": $body_bytes_sent, '
'"request_time": $request_time, '
'"response_status": $status, '
'"request": "$request", '
'"request_method": "$request_method", '
'"host": "$host",'
'"upstream_cache_status": "$upstream_cache_status",'
'"upstream_addr": "$upstream_addr",'
'"http_x_forwarded_for": "$http_x_forwarded_for",'
'"http_referrer": "$http_referer", '
'"http_user_agent": "$http_user_agent" }';
# replace the hostnames with the IP or hostname of your Graylog2 server
access_log syslog:server=graylog.server.org:12301 graylog2_json;
error_log syslog:server=graylog.server.org:12302;
'';
in {
{
# add central logging
services.journalbeat = {
enable = false;

4
modules/microvm.nix
View File

@ -19,9 +19,9 @@ let
"${builtins.substring 0 1 hash}2:${c 2}:${c 4}:${c 6}:${c 8}:${c 10}";
nets = builtins.attrNames (
lib.filterAttrs (net: { hosts4, hosts6, ... }:
lib.filterAttrs (_: { hosts4, hosts6, ... }:
hosts4 ? ${hostName} ||
lib.filterAttrs (ctx: hosts6:
lib.filterAttrs (_: hosts6:
hosts6 ? ${hostName}
) hosts6 != {}
) zentralwerk.lib.config.site.net

38
modules/nncp.nix
View File

@ -1,13 +1,10 @@
{ config, lib, pkgs, ... }:
with lib;
{ config, lib, ... }:
let
nncpCfgFile = "/run/nncp.hjson";
programCfg = lib.optionalAttrs (config.programs ? nncp) config.programs.nncp;
callerCfg = config.services.nncp.caller;
daemonCfg = config.services.nncp.daemon;
settingsFormat = pkgs.formats.json { };
jsonCfgFile = settingsFormat.generate "nncp.json" programCfg.settings;
pkg = programCfg.package;
in
{
@ -15,13 +12,13 @@ in
services.nncp = {
caller = {
enable = mkEnableOption ''
enable = lib.mkEnableOption ''
croned NNCP TCP daemon caller.
The daemon will take configuration from
<xref linkend="opt-programs.nncp.settings"/>
'';
extraArgs = mkOption {
type = with types; listOf str;
extraArgs = lib.mkOption {
type = with lib.types; listOf str;
description = "Extra command-line arguments to pass to caller.";
default = [ ];
example = [ "-autotoss" ];
@ -29,18 +26,18 @@ in
};
daemon = {
enable = mkEnableOption ''
enable = lib.mkEnableOption ''
NNCP TCP synronization daemon.
The daemon will take configuration from
<xref linkend="opt-programs.nncp.settings"/>
'';
socketActivation = {
enable = mkEnableOption ''
enable = lib.mkEnableOption ''
Whether to run nncp-daemon persistently or socket-activated.
'';
listenStreams = mkOption {
type = with types; listOf str;
listenStreams = lib.mkOption {
type = with lib.types; listOf str;
description = ''
TCP sockets to bind to.
See <xref linkend="opt-systemd.sockets._name_.listenStreams"/>.
@ -49,8 +46,8 @@ in
};
};
extraArgs = mkOption {
type = with types; listOf str;
extraArgs = lib.mkOption {
type = with lib.types; listOf str;
description = "Extra command-line arguments to pass to daemon.";
default = [ ];
example = [ "-autotoss" ];
@ -60,15 +57,14 @@ in
};
};
config = mkIf (programCfg.enable or callerCfg.enable or daemonCfg.enable) {
config = lib.mkIf (programCfg.enable or callerCfg.enable or daemonCfg.enable) {
assertions = [{
assertion = with builtins;
assertion =
let
callerCongfigured =
let neigh = config.programs.nncp.settings.neigh or { };
in lib.lists.any (x: hasAttr "calls" x && x.calls != [ ])
(attrValues neigh);
in lib.lists.any (x: lib.hasAttr "calls" x && x.calls != [ ])
(lib.attrValues neigh);
in !callerCfg.enable || callerCongfigured;
message = "NNCP caller enabled but call configuration is missing";
}];
@ -89,7 +85,7 @@ in
};
};
systemd.services."nncp-daemon" = mkIf daemonCfg.enable {
systemd.services."nncp-daemon" = lib.mkIf daemonCfg.enable {
enable = !daemonCfg.socketActivation.enable;
description = "NNCP TCP syncronization daemon.";
documentation = [ "http://www.nncpgo.org/nncp_002ddaemon.html" ];
@ -106,7 +102,7 @@ in
};
};
systemd.services."nncp-daemon@" = mkIf daemonCfg.socketActivation.enable {
systemd.services."nncp-daemon@" = lib.mkIf daemonCfg.socketActivation.enable {
description = "NNCP TCP syncronization daemon.";
documentation = [ "http://www.nncpgo.org/nncp_002ddaemon.html" ];
after = [ "network.target" ];
@ -123,7 +119,7 @@ in
};
};
systemd.sockets.nncp-daemon = mkIf daemonCfg.socketActivation.enable {
systemd.sockets.nncp-daemon = lib.mkIf daemonCfg.socketActivation.enable {
inherit (daemonCfg.socketActivation) listenStreams;
description = "socket for NNCP TCP syncronization.";
conflicts = [ "nncp-daemon.service" ];

9
modules/plume.nix
View File

@ -1,6 +1,5 @@
{ config, lib, pkgs, ... }:
let
inherit (pkgs) plume;
cfg = config.services.plume;
in
{
@ -33,7 +32,7 @@ in
ids.uids.plume = 499;
users.users.${cfg.user} = {
uid = config.ids.uids.plume;
group = cfg.group;
inherit (cfg) group;
home = "/var/lib/plume";
};
users.groups.${cfg.group} = {};
@ -52,11 +51,11 @@ in
after = [ "postgresql.service" ];
requires = [ "postgresql.service" ];
wantedBy = [ "multi-user.target" ];
path = [ plume ];
path = [ pkgs.plume ];
script = ''
ln -sf ${cfg.envFile} .env
mkdir -p static/media
for f in ${plume}/share/plume/static/*; do
for f in ${pkgs.plume}/share/plume/static/*; do
n=$(basename "$f")
if [ "$n" != media ]; then
rm -f "static/$n"
@ -79,7 +78,7 @@ in
#! ${pkgs.runtimeShell} -e
plm() {
sudo -u ${config.services.plume.user} -- ${plume}/bin/plm $@
sudo -u ${config.services.plume.user} -- ${pkgs.plume}/bin/plm $@
}
plm migration run

2
modules/rpi-netboot.nix
View File

@ -1,4 +1,4 @@
{ hostRegistry, config, pkgs, lib, ... }:
{ config, pkgs, lib, ... }:
{
boot = {
loader.generic-extlinux-compatible.enable = false;

2
overlays/bmxd.nix
View File

@ -1,4 +1,4 @@
{ stdenv, fetchgit, fetchpatch, }:
{ stdenv, fetchgit }:
stdenv.mkDerivation {
pname = "bmxd";

3
overlays/plume/default.nix
View File

@ -1,6 +1,5 @@
{ naersk
, fenix
, curl
, nodejs
, rustPlatform
, stdenv
@ -137,7 +136,7 @@ let
"--package=plume-front"
];
copyLibs = true;
overrideMain = oa: {
overrideMain = _: {
buildPhase = ''
wasm-pack build --mode no-install --target web --release plume-front
'';

12
packages.nix
View File

@ -5,12 +5,7 @@ let
let
hostConf = hostRegistry.hosts."${name}";
in
if hostConf ? ip4
then hostConf.ip4
else if hostConf ? ip6
then hostConf.ip6
else throw "Host ${name} has no ip4 or ip6 address";
hostConf.ip4 or (hostConf.ip6 or (throw "Host ${name} has no ip4 or ip6 address"));
# all the input flakes for `nix copy` to the build machine,
# allowing --override-input
@ -309,10 +304,7 @@ lib.attrsets.mapAttrs
];
}).config.microvm.declaredRunner;
"${host}-tftproot" =
if config.system.build ? tftproot
then config.system.build.tftproot
else lib.trace "No tftproot for ${host}" null;
"${host}-tftproot" = config.system.build.tftproot or (lib.trace "No tftproot for ${host}" null);
}
)
{ }