network/nix/pkgs/default.nix

{ self, nixpkgs, system, openwrt-imagebuilder }:

let
  inherit (self.lib) config;

  pkgs = nixpkgs.legacyPackages.${system};
  inherit (pkgs) lib;

  export-openwrt-models = pkgs.writeText "openwrt-models.nix" (
    lib.generators.toPretty {} self.lib.openwrtModels
  );
  export-config = pkgs.writeText "config.nix" (
    lib.generators.toPretty {} (
      lib.recursiveUpdate
        config
        { site.dns.localZones = self.lib.dns.localZones; }
    ));

  encrypt-secrets = pkgs.writeScriptBin "encrypt-secrets" ''
    #! ${pkgs.runtimeShell} -e

    cd config
    exec ${pkgs.gnupg}/bin/gpg --armor --batch --trust-model always \
      --encrypt -r 1F0F221A7483B5EF5D103D8B32EBADE870BAF886 \
      < secrets-production.nix \
      > secrets-production.nix.gpg
  '';
  decrypt-secrets = pkgs.writeScriptBin "decrypt-secrets" ''
    #! ${pkgs.runtimeShell} -e

    cd config
    [ -e secrets-production.nix ] && \
      mv secrets-production.nix secrets-production.nix.old
    exec ${pkgs.gnupg}/bin/gpg -d \
      > secrets-production.nix \
      < secrets-production.nix.gpg
  '';
  switch-to-production = pkgs.writeScriptBin "decrypt-secrets" ''
    #! ${pkgs.runtimeShell} -e

    ${decrypt-secrets}/bin/decrypt-secrets

    cd config
    cp secrets-production.nix secrets.nix
  '';

  network-cypher-graphs = import ./network-cypher-graphs.nix { inherit config pkgs; };
  network-graphs = import ./network-graphs.nix { inherit config lib pkgs; };

  mkRootfs = hostName:
    self.nixosConfigurations.${hostName}.config.system.build.toplevel;

  rootfs-packages =
    builtins.foldl' (rootfs: hostName: rootfs // {
      "${hostName}-rootfs" = mkRootfs hostName;
    }) {} (
      builtins.attrNames (
        lib.filterAttrs (_: { role, ... }: builtins.elem role ["server" "container"])
          config.site.hosts
      )
    );

  mkLxcConfig = hostName:
    self.nixosConfigurations.${hostName}.config.system.build.lxcConfig;

  lxc-configs =
    builtins.foldl' (rootfs: hostName: rootfs // {
      "${hostName}-lxc-config" = mkLxcConfig hostName;
    }) {} (
      builtins.attrNames (
        lib.filterAttrs (_: { role, ... }: role == "container")
          config.site.hosts
      )
    );

  vm-packages =
    builtins.foldl' (rootfs: hostName: rootfs // {
      "${hostName}-vm" = self.nixosConfigurations.${hostName}.config.system.build.vm
        .overrideAttrs (_oa: {
          meta.mainProgram = "run-${hostName}-vm";
        });
    }) {} (
      builtins.attrNames (
        lib.filterAttrs (_: { role, ... }: role == "server")
          config.site.hosts
      )
    );

  openwrt = import ./openwrt { inherit self nixpkgs system openwrt-imagebuilder; };

  openwrt-packages = builtins.foldl' (images: hostName: images // {
    ${hostName} = pkgs.writeScriptBin "${hostName}.sh" (
      openwrt.sshScript hostName
    );
    "${hostName}-image" = openwrt.buildImage hostName;
  }) {} (
    builtins.attrNames (
      lib.filterAttrs (_: { role, ... }:
        role == "ap"
      ) config.site.hosts
    )
  );

  device-templates = import ./device-templates.nix {
    inherit self nixpkgs system openwrt;
  };

  dns-slaves = import ./dns-slaves.nix {
    inherit self nixpkgs system;
  };

  starlink = import ./starlink {
    inherit pkgs;
  };

  subnetplans = import ./subnetplans.nix {
    inherit self nixpkgs system;
  };

  gateway-report = import ./gateway-report.nix {
    inherit self nixpkgs system;
  };

  switch-report = import ./switch-report.nix {
    inherit self nixpkgs system;
  };

  vlan-report = import ./vlan-report.nix {
    inherit self nixpkgs system;
  };

  homepage = pkgs.callPackage ./homepage {
    inherit self;
  };
in
rootfs-packages // lxc-configs // vm-packages // device-templates // openwrt-packages // network-graphs // network-cypher-graphs // starlink // subnetplans // {
  inherit export-openwrt-models export-config dns-slaves
    encrypt-secrets decrypt-secrets switch-to-production
    homepage gateway-report switch-report vlan-report
    ;
}
add nix-openwrt-imagebuilder 2022-04-29 00:49:45 +02:00			`{ self, nixpkgs, system, openwrt-imagebuilder }:`
nix/pkgs/default: init, add export-config 2021-03-19 22:11:25 +01:00
			`let`
			`inherit (self.lib) config;`

nix/pkgs: build *-vm packages 2021-03-31 01:23:58 +02:00			`pkgs = nixpkgs.legacyPackages.${system};`
Fix homepage generation 2022-12-22 00:27:17 +01:00			`inherit (pkgs) lib;`
nix/pkgs: build *-vm packages 2021-03-31 01:23:58 +02:00
lib/openwrt-models: add code to get port definitions 2021-11-03 23:21:43 +01:00			`export-openwrt-models = pkgs.writeText "openwrt-models.nix" (`
pkgs/default: s/nixpkgs.lib/lib/ 2023-11-13 23:35:30 +01:00			`lib.generators.toPretty {} self.lib.openwrtModels`
lib/openwrt-models: add code to get port definitions 2021-11-03 23:21:43 +01:00			`);`
			`export-config = pkgs.writeText "config.nix" (`
pkgs/default: s/nixpkgs.lib/lib/ 2023-11-13 23:35:30 +01:00			`lib.generators.toPretty {} (`
			`lib.recursiveUpdate`
pkgs/default: fix #export-config to contain both config and localZones 2023-11-13 23:34:38 +01:00			`config`
			`{ site.dns.localZones = self.lib.dns.localZones; }`
nix/lib/config/options: remove net-combined 2023-11-13 23:33:35 +01:00			`));`
nix/pkgs/default: init, add export-config 2021-03-19 22:11:25 +01:00
config: nixify everything 2021-11-13 01:23:23 +01:00			`encrypt-secrets = pkgs.writeScriptBin "encrypt-secrets" ''`
			`#! ${pkgs.runtimeShell} -e`

			`cd config`
			`exec ${pkgs.gnupg}/bin/gpg --armor --batch --trust-model always \`
			`--encrypt -r 1F0F221A7483B5EF5D103D8B32EBADE870BAF886 \`
			`< secrets-production.nix \`
			`> secrets-production.nix.gpg`
			`'';`
			`decrypt-secrets = pkgs.writeScriptBin "decrypt-secrets" ''`
			`#! ${pkgs.runtimeShell} -e`

			`cd config`
			`[ -e secrets-production.nix ] && \`
			`mv secrets-production.nix secrets-production.nix.old`
			`exec ${pkgs.gnupg}/bin/gpg -d \`
			`> secrets-production.nix \`
			`< secrets-production.nix.gpg`
			`'';`
			`switch-to-production = pkgs.writeScriptBin "decrypt-secrets" ''`
			`#! ${pkgs.runtimeShell} -e`

nix/pkgs: fix switch-to-production 2021-11-15 21:56:16 +01:00			`${decrypt-secrets}/bin/decrypt-secrets`
config: nixify everything 2021-11-13 01:23:23 +01:00
			`cd config`
			`cp secrets-production.nix secrets.nix`
			`'';`
nix/lib/salt-support: implement saltPillarFor by hostName 2021-03-20 01:00:18 +01:00
adding cypher graph generation utitlies 2021-12-28 18:43:42 +01:00			`network-cypher-graphs = import ./network-cypher-graphs.nix { inherit config pkgs; };`
Fix eval 2023-05-26 22:31:54 +02:00			`network-graphs = import ./network-graphs.nix { inherit config lib pkgs; };`
pkgs/network-graphs: init 2021-11-06 19:47:34 +01:00
move rootfs nixos-module to nix/pkgs 2021-03-22 23:47:19 +01:00			`mkRootfs = hostName:`
lxc-containers.nix: start with non-ephemeral rootfs 2021-04-04 20:00:40 +02:00			`self.nixosConfigurations.${hostName}.config.system.build.toplevel;`
move rootfs nixos-module to nix/pkgs 2021-03-22 23:47:19 +01:00
nix/pkgs: build *-vm packages 2021-03-31 01:23:58 +02:00			`rootfs-packages =`
move rootfs nixos-module to nix/pkgs 2021-03-22 23:47:19 +01:00			`builtins.foldl' (rootfs: hostName: rootfs // {`
			`"${hostName}-rootfs" = mkRootfs hostName;`
			`}) {} (`
			`builtins.attrNames (`
pkgs/default: s/nixpkgs.lib/lib/ 2023-11-13 23:35:30 +01:00			`lib.filterAttrs (_: { role, ... }: builtins.elem role ["server" "container"])`
nix/pkgs: build *-vm packages 2021-03-31 01:23:58 +02:00			`config.site.hosts`
			`)`
			`);`

nix/nixos-module/server/lxc-containers: make container config independend of host system 2023-06-05 01:17:05 +02:00			`mkLxcConfig = hostName:`
			`self.nixosConfigurations.${hostName}.config.system.build.lxcConfig;`

			`lxc-configs =`
			`builtins.foldl' (rootfs: hostName: rootfs // {`
			`"${hostName}-lxc-config" = mkLxcConfig hostName;`
			`}) {} (`
			`builtins.attrNames (`
pkgs/default: s/nixpkgs.lib/lib/ 2023-11-13 23:35:30 +01:00			`lib.filterAttrs (_: { role, ... }: role == "container")`
nix/nixos-module/server/lxc-containers: make container config independend of host system 2023-06-05 01:17:05 +02:00			`config.site.hosts`
			`)`
			`);`

nix/pkgs: build *-vm packages 2021-03-31 01:23:58 +02:00			`vm-packages =`
			`builtins.foldl' (rootfs: hostName: rootfs // {`
nix/pkgs: specify meta.mainProgram for vm-packages enables `nix run .#server1-vm` 2021-04-01 01:14:26 +02:00			`"${hostName}-vm" = self.nixosConfigurations.${hostName}.config.system.build.vm`
*.nix: remove unused code 2022-03-22 18:13:17 +01:00			`.overrideAttrs (_oa: {`
nix/pkgs: specify meta.mainProgram for vm-packages enables `nix run .#server1-vm` 2021-04-01 01:14:26 +02:00			`meta.mainProgram = "run-${hostName}-vm";`
			`});`
nix/pkgs: build *-vm packages 2021-03-31 01:23:58 +02:00			`}) {} (`
			`builtins.attrNames (`
pkgs/default: s/nixpkgs.lib/lib/ 2023-11-13 23:35:30 +01:00			`lib.filterAttrs (_: { role, ... }: role == "server")`
move rootfs nixos-module to nix/pkgs 2021-03-22 23:47:19 +01:00			`config.site.hosts`
			`)`
			`);`
nix/pkgs/default: init, add export-config 2021-03-19 22:11:25 +01:00
openwrt-images: add uci-config 2022-05-27 01:37:03 +02:00			`openwrt = import ./openwrt { inherit self nixpkgs system openwrt-imagebuilder; };`

pkgs/device-templates: exclude all ap* from all-device-scripts 2022-06-23 23:11:56 +02:00			`openwrt-packages = builtins.foldl' (images: hostName: images // {`
			`${hostName} = pkgs.writeScriptBin "${hostName}.sh" (`
			`openwrt.sshScript hostName`
			`);`
pkgs: readability 2022-06-01 01:07:44 +02:00			`"${hostName}-image" = openwrt.buildImage hostName;`
			`}) {} (`
pkgs/openwrt-images: refactor, embed hostName in extraImageName 2022-04-30 02:55:01 +02:00			`builtins.attrNames (`
pkgs/default: s/nixpkgs.lib/lib/ 2023-11-13 23:35:30 +01:00			`lib.filterAttrs (_: { role, ... }:`
pkgs: readability 2022-06-01 01:07:44 +02:00			`role == "ap"`
			`) config.site.hosts`
pkgs/openwrt-images: refactor, embed hostName in extraImageName 2022-04-30 02:55:01 +02:00			`)`
			`);`
add nix-openwrt-imagebuilder 2022-04-29 00:49:45 +02:00
nix/pkgs/default: init, add export-config 2021-03-19 22:11:25 +01:00			`device-templates = import ./device-templates.nix {`
openwrt-images: add uci-config 2022-05-27 01:37:03 +02:00			`inherit self nixpkgs system openwrt;`
nix/pkgs/default: init, add export-config 2021-03-19 22:11:25 +01:00			`};`

pkgs/dns-slaves: init 2021-05-06 17:42:26 +02:00			`dns-slaves = import ./dns-slaves.nix {`
			`inherit self nixpkgs system;`
			`};`

nixos-module/collectd: add starlink-stats 2021-05-23 23:16:28 +02:00			`starlink = import ./starlink {`
			`inherit pkgs;`
			`};`
nix/pkgs/subnetplan: init 2021-11-17 23:57:16 +01:00
			`subnetplans = import ./subnetplans.nix {`
			`inherit self nixpkgs system;`
			`};`
pkgs/vlan-report: add 2022-01-24 21:04:11 +01:00
pkgs/gateway-report: init 2022-10-22 22:40:33 +02:00			`gateway-report = import ./gateway-report.nix {`
			`inherit self nixpkgs system;`
			`};`

pkgs/switch-report: init 2022-10-23 22:39:06 +02:00			`switch-report = import ./switch-report.nix {`
			`inherit self nixpkgs system;`
			`};`

pkgs/vlan-report: add 2022-01-24 21:04:11 +01:00			`vlan-report = import ./vlan-report.nix {`
			`inherit self nixpkgs system;`
			`};`
pkgs/homepage: init 2022-10-22 21:02:38 +02:00
			`homepage = pkgs.callPackage ./homepage {`
			`inherit self;`
			`};`
nix/pkgs/default: init, add export-config 2021-03-19 22:11:25 +01:00			`in`
nix/nixos-module/server/lxc-containers: make container config independend of host system 2023-06-05 01:17:05 +02:00			`rootfs-packages // lxc-configs // vm-packages // device-templates // openwrt-packages // network-graphs // network-cypher-graphs // starlink // subnetplans // {`
pkgs: remove all-rootfs to avoid huge evaluations 2022-05-31 20:39:21 +02:00			`inherit export-openwrt-models export-config dns-slaves`
nix/pkgs/subnetplan: init 2021-11-17 23:57:16 +01:00			`encrypt-secrets decrypt-secrets switch-to-production`
pkgs/switch-report: init 2022-10-23 22:39:06 +02:00			`homepage gateway-report switch-report vlan-report`
nix/pkgs/subnetplan: init 2021-11-17 23:57:16 +01:00			`;`
nix/pkgs/default: init, add export-config 2021-03-19 22:11:25 +01:00			`}`