2022-04-29 00:49:45 +02:00
|
|
|
{ self, nixpkgs, system, openwrt-imagebuilder }:
|
2021-03-19 22:11:25 +01:00
|
|
|
|
|
|
|
let
|
|
|
|
inherit (self.lib) config;
|
|
|
|
|
2021-03-31 01:23:58 +02:00
|
|
|
pkgs = nixpkgs.legacyPackages.${system};
|
2022-12-22 00:27:17 +01:00
|
|
|
inherit (pkgs) lib;
|
2021-03-31 01:23:58 +02:00
|
|
|
|
2021-11-03 23:21:43 +01:00
|
|
|
export-openwrt-models = pkgs.writeText "openwrt-models.nix" (
|
|
|
|
nixpkgs.lib.generators.toPretty {} self.lib.openwrtModels
|
|
|
|
);
|
|
|
|
export-config = pkgs.writeText "config.nix" (
|
2022-12-22 00:27:17 +01:00
|
|
|
nixpkgs.lib.generators.toPretty {} (lib.filterAttrsRecursive (n: v: n != "net-combined") config)
|
2021-03-19 22:11:25 +01:00
|
|
|
);
|
|
|
|
|
2021-11-13 01:23:23 +01:00
|
|
|
encrypt-secrets = pkgs.writeScriptBin "encrypt-secrets" ''
|
|
|
|
#! ${pkgs.runtimeShell} -e
|
|
|
|
|
|
|
|
cd config
|
|
|
|
exec ${pkgs.gnupg}/bin/gpg --armor --batch --trust-model always \
|
|
|
|
--encrypt -r 1F0F221A7483B5EF5D103D8B32EBADE870BAF886 \
|
|
|
|
< secrets-production.nix \
|
|
|
|
> secrets-production.nix.gpg
|
|
|
|
'';
|
|
|
|
decrypt-secrets = pkgs.writeScriptBin "decrypt-secrets" ''
|
|
|
|
#! ${pkgs.runtimeShell} -e
|
|
|
|
|
|
|
|
cd config
|
|
|
|
[ -e secrets-production.nix ] && \
|
|
|
|
mv secrets-production.nix secrets-production.nix.old
|
|
|
|
exec ${pkgs.gnupg}/bin/gpg -d \
|
|
|
|
> secrets-production.nix \
|
|
|
|
< secrets-production.nix.gpg
|
|
|
|
'';
|
|
|
|
switch-to-production = pkgs.writeScriptBin "decrypt-secrets" ''
|
|
|
|
#! ${pkgs.runtimeShell} -e
|
|
|
|
|
2021-11-15 21:56:16 +01:00
|
|
|
${decrypt-secrets}/bin/decrypt-secrets
|
2021-11-13 01:23:23 +01:00
|
|
|
|
|
|
|
cd config
|
|
|
|
cp secrets-production.nix secrets.nix
|
|
|
|
'';
|
2021-03-20 01:00:18 +01:00
|
|
|
|
2021-12-28 18:43:42 +01:00
|
|
|
network-cypher-graphs = import ./network-cypher-graphs.nix { inherit config pkgs; };
|
2023-05-26 22:31:54 +02:00
|
|
|
network-graphs = import ./network-graphs.nix { inherit config lib pkgs; };
|
2021-11-06 19:47:34 +01:00
|
|
|
|
2021-03-22 23:47:19 +01:00
|
|
|
mkRootfs = hostName:
|
2021-04-04 20:00:40 +02:00
|
|
|
self.nixosConfigurations.${hostName}.config.system.build.toplevel;
|
2021-03-22 23:47:19 +01:00
|
|
|
|
2021-03-31 01:23:58 +02:00
|
|
|
rootfs-packages =
|
2021-03-22 23:47:19 +01:00
|
|
|
builtins.foldl' (rootfs: hostName: rootfs // {
|
|
|
|
"${hostName}-rootfs" = mkRootfs hostName;
|
|
|
|
}) {} (
|
|
|
|
builtins.attrNames (
|
2021-03-31 01:23:58 +02:00
|
|
|
nixpkgs.lib.filterAttrs (_: { role, ... }: builtins.elem role ["server" "container"])
|
|
|
|
config.site.hosts
|
|
|
|
)
|
|
|
|
);
|
|
|
|
|
|
|
|
vm-packages =
|
|
|
|
builtins.foldl' (rootfs: hostName: rootfs // {
|
2021-04-01 01:14:26 +02:00
|
|
|
"${hostName}-vm" = self.nixosConfigurations.${hostName}.config.system.build.vm
|
2022-03-22 18:13:17 +01:00
|
|
|
.overrideAttrs (_oa: {
|
2021-04-01 01:14:26 +02:00
|
|
|
meta.mainProgram = "run-${hostName}-vm";
|
|
|
|
});
|
2021-03-31 01:23:58 +02:00
|
|
|
}) {} (
|
|
|
|
builtins.attrNames (
|
|
|
|
nixpkgs.lib.filterAttrs (_: { role, ... }: role == "server")
|
2021-03-22 23:47:19 +01:00
|
|
|
config.site.hosts
|
|
|
|
)
|
|
|
|
);
|
2021-03-19 22:11:25 +01:00
|
|
|
|
2022-05-27 01:37:03 +02:00
|
|
|
openwrt = import ./openwrt { inherit self nixpkgs system openwrt-imagebuilder; };
|
|
|
|
|
2022-06-23 23:11:56 +02:00
|
|
|
openwrt-packages = builtins.foldl' (images: hostName: images // {
|
|
|
|
${hostName} = pkgs.writeScriptBin "${hostName}.sh" (
|
|
|
|
openwrt.sshScript hostName
|
|
|
|
);
|
2022-06-01 01:07:44 +02:00
|
|
|
"${hostName}-image" = openwrt.buildImage hostName;
|
|
|
|
}) {} (
|
2022-04-30 02:55:01 +02:00
|
|
|
builtins.attrNames (
|
2022-06-01 01:07:44 +02:00
|
|
|
nixpkgs.lib.filterAttrs (_: { role, ... }:
|
|
|
|
role == "ap"
|
|
|
|
) config.site.hosts
|
2022-04-30 02:55:01 +02:00
|
|
|
)
|
|
|
|
);
|
2022-04-29 00:49:45 +02:00
|
|
|
|
2021-03-19 22:11:25 +01:00
|
|
|
device-templates = import ./device-templates.nix {
|
2022-05-27 01:37:03 +02:00
|
|
|
inherit self nixpkgs system openwrt;
|
2021-03-19 22:11:25 +01:00
|
|
|
};
|
|
|
|
|
2021-05-06 17:42:26 +02:00
|
|
|
dns-slaves = import ./dns-slaves.nix {
|
|
|
|
inherit self nixpkgs system;
|
|
|
|
};
|
|
|
|
|
2021-05-23 23:16:28 +02:00
|
|
|
starlink = import ./starlink {
|
|
|
|
inherit pkgs;
|
|
|
|
};
|
2021-11-17 23:57:16 +01:00
|
|
|
|
|
|
|
subnetplans = import ./subnetplans.nix {
|
|
|
|
inherit self nixpkgs system;
|
|
|
|
};
|
2022-01-24 21:04:11 +01:00
|
|
|
|
2022-10-22 22:40:33 +02:00
|
|
|
gateway-report = import ./gateway-report.nix {
|
|
|
|
inherit self nixpkgs system;
|
|
|
|
};
|
|
|
|
|
2022-10-23 22:39:06 +02:00
|
|
|
switch-report = import ./switch-report.nix {
|
|
|
|
inherit self nixpkgs system;
|
|
|
|
};
|
|
|
|
|
2022-01-24 21:04:11 +01:00
|
|
|
vlan-report = import ./vlan-report.nix {
|
|
|
|
inherit self nixpkgs system;
|
|
|
|
};
|
2022-10-22 21:02:38 +02:00
|
|
|
|
|
|
|
homepage = pkgs.callPackage ./homepage {
|
|
|
|
inherit self;
|
|
|
|
};
|
2021-03-19 22:11:25 +01:00
|
|
|
in
|
2022-06-23 23:11:56 +02:00
|
|
|
rootfs-packages // vm-packages // device-templates // openwrt-packages // network-graphs // network-cypher-graphs // starlink // subnetplans // {
|
2022-05-31 20:39:21 +02:00
|
|
|
inherit export-openwrt-models export-config dns-slaves
|
2021-11-17 23:57:16 +01:00
|
|
|
encrypt-secrets decrypt-secrets switch-to-production
|
2022-10-23 22:39:06 +02:00
|
|
|
homepage gateway-report switch-report vlan-report
|
2021-11-17 23:57:16 +01:00
|
|
|
;
|
2021-03-19 22:11:25 +01:00
|
|
|
}
|