{ self, nixpkgs, system, openwrt-imagebuilder }: let inherit (self.lib) config; pkgs = nixpkgs.legacyPackages.${system}; inherit (pkgs) lib; export-openwrt-models = pkgs.writeText "openwrt-models.nix" ( lib.generators.toPretty {} self.lib.openwrtModels ); export-config = pkgs.writeText "config.nix" ( lib.generators.toPretty {} ( lib.recursiveUpdate config { site.dns.localZones = self.lib.dns.localZones; } )); encrypt-secrets = pkgs.writeScriptBin "encrypt-secrets" '' #! ${pkgs.runtimeShell} -e cd config exec ${pkgs.gnupg}/bin/gpg --armor --batch --trust-model always \ --encrypt -r 1F0F221A7483B5EF5D103D8B32EBADE870BAF886 \ < secrets-production.nix \ > secrets-production.nix.gpg ''; decrypt-secrets = pkgs.writeScriptBin "decrypt-secrets" '' #! ${pkgs.runtimeShell} -e cd config [ -e secrets-production.nix ] && \ mv secrets-production.nix secrets-production.nix.old exec ${pkgs.gnupg}/bin/gpg -d \ > secrets-production.nix \ < secrets-production.nix.gpg ''; switch-to-production = pkgs.writeScriptBin "decrypt-secrets" '' #! ${pkgs.runtimeShell} -e ${decrypt-secrets}/bin/decrypt-secrets cd config cp secrets-production.nix secrets.nix ''; network-cypher-graphs = import ./network-cypher-graphs.nix { inherit config pkgs; }; network-graphs = import ./network-graphs.nix { inherit config lib pkgs; }; mkRootfs = hostName: self.nixosConfigurations.${hostName}.config.system.build.toplevel; rootfs-packages = builtins.foldl' (rootfs: hostName: rootfs // { "${hostName}-rootfs" = mkRootfs hostName; }) {} ( builtins.attrNames ( lib.filterAttrs (_: { role, ... }: builtins.elem role ["server" "container"]) config.site.hosts ) ); mkLxcConfig = hostName: self.nixosConfigurations.${hostName}.config.system.build.lxcConfig; lxc-configs = builtins.foldl' (rootfs: hostName: rootfs // { "${hostName}-lxc-config" = mkLxcConfig hostName; }) {} ( builtins.attrNames ( lib.filterAttrs (_: { role, ... }: role == "container") config.site.hosts ) ); vm-packages = builtins.foldl' (rootfs: hostName: rootfs // { "${hostName}-vm" = self.nixosConfigurations.${hostName}.config.system.build.vm .overrideAttrs (_oa: { meta.mainProgram = "run-${hostName}-vm"; }); }) {} ( builtins.attrNames ( lib.filterAttrs (_: { role, ... }: role == "server") config.site.hosts ) ); openwrt = import ./openwrt { inherit self nixpkgs system openwrt-imagebuilder; }; openwrt-packages = builtins.foldl' (images: hostName: images // { ${hostName} = pkgs.writeScriptBin "${hostName}.sh" ( openwrt.sshScript hostName ); "${hostName}-image" = openwrt.buildImage hostName; }) {} ( builtins.attrNames ( lib.filterAttrs (_: { role, ... }: role == "ap" ) config.site.hosts ) ); device-templates = import ./device-templates.nix { inherit self nixpkgs system openwrt; }; dns-slaves = import ./dns-slaves.nix { inherit self nixpkgs system; }; starlink = import ./starlink { inherit pkgs; }; subnetplans = import ./subnetplans.nix { inherit self nixpkgs system; }; gateway-report = import ./gateway-report.nix { inherit self nixpkgs system; }; switch-report = import ./switch-report.nix { inherit self nixpkgs system; }; vlan-report = import ./vlan-report.nix { inherit self nixpkgs system; }; homepage = pkgs.callPackage ./homepage { inherit self; }; in rootfs-packages // lxc-configs // vm-packages // device-templates // openwrt-packages // network-graphs // network-cypher-graphs // starlink // subnetplans // { inherit export-openwrt-models export-config dns-slaves encrypt-secrets decrypt-secrets switch-to-production homepage gateway-report switch-report vlan-report ; }