network/nix/pkgs/default.nix

126 lines
3.6 KiB
Nix

{ self, nixpkgs, system, openwrt-imagebuilder }:
let
inherit (self.lib) config;
pkgs = nixpkgs.legacyPackages.${system};
inherit (pkgs) lib;
export-openwrt-models = pkgs.writeText "openwrt-models.nix" (
nixpkgs.lib.generators.toPretty {} self.lib.openwrtModels
);
export-config = pkgs.writeText "config.nix" (
nixpkgs.lib.generators.toPretty {} (lib.filterAttrsRecursive (n: v: n != "net-combined") config)
);
encrypt-secrets = pkgs.writeScriptBin "encrypt-secrets" ''
#! ${pkgs.runtimeShell} -e
cd config
exec ${pkgs.gnupg}/bin/gpg --armor --batch --trust-model always \
--encrypt -r 1F0F221A7483B5EF5D103D8B32EBADE870BAF886 \
< secrets-production.nix \
> secrets-production.nix.gpg
'';
decrypt-secrets = pkgs.writeScriptBin "decrypt-secrets" ''
#! ${pkgs.runtimeShell} -e
cd config
[ -e secrets-production.nix ] && \
mv secrets-production.nix secrets-production.nix.old
exec ${pkgs.gnupg}/bin/gpg -d \
> secrets-production.nix \
< secrets-production.nix.gpg
'';
switch-to-production = pkgs.writeScriptBin "decrypt-secrets" ''
#! ${pkgs.runtimeShell} -e
${decrypt-secrets}/bin/decrypt-secrets
cd config
cp secrets-production.nix secrets.nix
'';
network-cypher-graphs = import ./network-cypher-graphs.nix { inherit config pkgs; };
network-graphs = import ./network-graphs.nix { inherit config lib pkgs; };
mkRootfs = hostName:
self.nixosConfigurations.${hostName}.config.system.build.toplevel;
rootfs-packages =
builtins.foldl' (rootfs: hostName: rootfs // {
"${hostName}-rootfs" = mkRootfs hostName;
}) {} (
builtins.attrNames (
nixpkgs.lib.filterAttrs (_: { role, ... }: builtins.elem role ["server" "container"])
config.site.hosts
)
);
vm-packages =
builtins.foldl' (rootfs: hostName: rootfs // {
"${hostName}-vm" = self.nixosConfigurations.${hostName}.config.system.build.vm
.overrideAttrs (_oa: {
meta.mainProgram = "run-${hostName}-vm";
});
}) {} (
builtins.attrNames (
nixpkgs.lib.filterAttrs (_: { role, ... }: role == "server")
config.site.hosts
)
);
openwrt = import ./openwrt { inherit self nixpkgs system openwrt-imagebuilder; };
openwrt-packages = builtins.foldl' (images: hostName: images // {
${hostName} = pkgs.writeScriptBin "${hostName}.sh" (
openwrt.sshScript hostName
);
"${hostName}-image" = openwrt.buildImage hostName;
}) {} (
builtins.attrNames (
nixpkgs.lib.filterAttrs (_: { role, ... }:
role == "ap"
) config.site.hosts
)
);
device-templates = import ./device-templates.nix {
inherit self nixpkgs system openwrt;
};
dns-slaves = import ./dns-slaves.nix {
inherit self nixpkgs system;
};
starlink = import ./starlink {
inherit pkgs;
};
subnetplans = import ./subnetplans.nix {
inherit self nixpkgs system;
};
gateway-report = import ./gateway-report.nix {
inherit self nixpkgs system;
};
switch-report = import ./switch-report.nix {
inherit self nixpkgs system;
};
vlan-report = import ./vlan-report.nix {
inherit self nixpkgs system;
};
homepage = pkgs.callPackage ./homepage {
inherit self;
};
in
rootfs-packages // vm-packages // device-templates // openwrt-packages // network-graphs // network-cypher-graphs // starlink // subnetplans // {
inherit export-openwrt-models export-config dns-slaves
encrypt-secrets decrypt-secrets switch-to-production
homepage gateway-report switch-report vlan-report
;
}