From 22f93f23edb881cd2470fed0e97dcd327f8d5a6b Mon Sep 17 00:00:00 2001 From: asyncnomi Date: Sun, 3 Aug 2025 01:05:02 +0200 Subject: [PATCH] lib > builtins --- flake.nix | 19 ++++++++++--------- shared/commons/mesh.nix | 2 +- shared/commons/resolver.nix | 4 ++-- shared/db/postgres.nix | 8 ++++---- shared/dns/knot.nix | 34 +++++++++++++++++----------------- shared/mail/maddy.nix | 10 +++++----- 6 files changed, 39 insertions(+), 38 deletions(-) diff --git a/flake.nix b/flake.nix index 906b2ed..6424333 100644 --- a/flake.nix +++ b/flake.nix @@ -11,6 +11,7 @@ outputs = { self, nixpkgs-25-05, nixpkgs-unstable, deploy-rs, agenix }: let system = "x86_64-linux"; + lib = nixpkgs-25-05.lib; # Mapping version identifiers to nixpkgs nixpkgsMap = { @@ -40,16 +41,16 @@ nodes = import ./nodes.nix; mapping = import ./mapping.nix; - findRolesForHost = hostName: builtins.filter - (roleName: builtins.elem hostName mapping.${roleName}.hosts) - (builtins.attrNames mapping); + findRolesForHost = hostName: lib.filter + (roleName: lib.elem hostName mapping.${roleName}.hosts) + (lib.attrNames mapping); getModulesForHost = hostName: let roles = findRolesForHost hostName; - modulesList = builtins.map + modulesList = map (role: mapping.${role}._inherit or []) roles; - in builtins.concatLists modulesList; + in lib.lists.concatLists modulesList; defaultModules = [ agenix.nixosModules.default @@ -58,7 +59,7 @@ ]; in { - nixosConfigurations = builtins.mapAttrs (name: config: + nixosConfigurations = lib.mapAttrs (name: config: nixpkgsMap.${config.ver}.lib.nixosSystem { system = config.system; modules = getModulesForHost "${name}" ++ defaultModules ++ [{ hostName = "${name}"; }]; @@ -70,8 +71,8 @@ autoRollback = true; magicRollback = true; remoteBuild = true; - nodes = builtins.mapAttrs (name: config: { - hostname = builtins.head (builtins.split "/" config.ip4); + nodes = lib.mapAttrs (name: config: { + hostname = lib.lists.head (lib.strings.splitString "/" config.ip4); profilesOrder = [ "system" ]; profiles = { system = { @@ -82,6 +83,6 @@ }; # This is highly advised, and will prevent many possible mistakes, just run "deploy -s" to bypass it - checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; + checks = lib.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; }; } \ No newline at end of file diff --git a/shared/commons/mesh.nix b/shared/commons/mesh.nix index 0410816..f530baf 100644 --- a/shared/commons/mesh.nix +++ b/shared/commons/mesh.nix @@ -32,7 +32,7 @@ let "172.19.${toString (peerConfig.zone + 127)}.0/24" "fc00:f::${toString (peerConfig.zone + 127)}:0/112" ]; - Endpoint = "${builtins.head (builtins.split "/" peerConfig.ip4)}:51820"; + Endpoint = "${lib.lists.head (lib.strings.splitString "/" peerConfig.ip4)}:51820"; PersistentKeepalive = 25; }) peerConfigs; diff --git a/shared/commons/resolver.nix b/shared/commons/resolver.nix index 7aa95aa..55a9c95 100644 --- a/shared/commons/resolver.nix +++ b/shared/commons/resolver.nix @@ -1,4 +1,4 @@ -{ config, ... }: +{ config, lib, ... }: let # Import nodes @@ -17,7 +17,7 @@ in # Do not edit, will be overwritten by Nixos domain ${config.networking.domain} search ${config.networking.domain} - ${builtins.concatStringsSep "\n" (map (ip: "nameserver ${ip}") config.services.dnsmasq.settings.listen-address)} + ${lib.strings.concatStringsSep "\n" (map (ip: "nameserver ${ip}") config.services.dnsmasq.settings.listen-address)} options edns0 trust-ad ''; diff --git a/shared/db/postgres.nix b/shared/db/postgres.nix index 87d162d..da7ad96 100644 --- a/shared/db/postgres.nix +++ b/shared/db/postgres.nix @@ -28,7 +28,7 @@ in # Replication tasks are not authenticated # The wireguard mesh cryptographically # ensures the sender is who we expect. - authentication = lib.mkForce (builtins.concatStringsSep "\n" (['' + authentication = lib.mkForce (lib.strings.concatStringsSep "\n" (['' #type database DBuser auth-method optional_ident_map local all all peer map=superuser_map ''] @@ -36,7 +36,7 @@ in (map (slaveName: let slaveNode = nodes.${slaveName}; in "host replication replication 172.19.${toString slaveNode.zone}.${toString slaveNode.id}/32 trust" ) mapping.db.slaves) - ++ lib.optionals (builtins.elem myName mapping.db.slaves) [ + ++ lib.optionals (lib.elem myName mapping.db.slaves) [ "host replication replication ${masterIP}/32 trust" ])); ensureUsers = lib.mkIf (myName == mapping.db.master) [{ @@ -55,7 +55,7 @@ in } // lib.optionalAttrs (myName == mapping.db.master) { wal_sender_timeout = "60s"; wal_keep_size = 1000; # In MB - } // lib.optionalAttrs (builtins.elem myName mapping.db.slaves) { + } // lib.optionalAttrs (lib.elem myName mapping.db.slaves) { wal_receiver_timeout = "60s"; hot_standby = "on"; primary_conninfo = "host=${masterIP} port=5432 user=replication"; @@ -64,7 +64,7 @@ in # This preStart script sync the slaves to the master # systemd.services..preStart has a mergeable type, # this code will be prepend to the default one - systemd.services.postgresql.preStart = lib.mkIf (builtins.elem myName mapping.db.slaves) (lib.mkBefore '' + systemd.services.postgresql.preStart = lib.mkIf (lib.elem myName mapping.db.slaves) (lib.mkBefore '' if ! test -e ${cfg.dataDir}/PG_VERSION; then echo "Setting up PostgreSQL slave replication..." diff --git a/shared/dns/knot.nix b/shared/dns/knot.nix index 156c41a..70a5228 100644 --- a/shared/dns/knot.nix +++ b/shared/dns/knot.nix @@ -84,11 +84,11 @@ let ##### # host to dn - hostToDomain = hostname: builtins.replaceStrings ["-"] ["."] hostname; - hostToLfDomain = hostname: builtins.replaceStrings [".lasuite.federez"] [".lf."] (hostToDomain hostname); + hostToDomain = hostname: lib.replaceStrings ["-"] ["."] hostname; + hostToLfDomain = hostname: lib.replaceStrings [".lasuite.federez"] [".lf."] (hostToDomain hostname); # Remove cidr notation - rmCidr = ip: builtins.head (builtins.split "/" ip); + rmCidr = ip: lib.lists.head (lib.strings.splitString "/" ip); # Gen NS toNSRecord = host: "\tIN NS ${hostToDomain host}.net."; @@ -140,7 +140,7 @@ let ) nodes); # Gen first NS for SOA - firstNS = builtins.head mapping.dns.secondary; + firstNS = lib.lists.head mapping.dns.secondary; firstNSDn = "${hostToDomain firstNS}.net."; # Generate SPF record with all mail server IPs @@ -150,7 +150,7 @@ let spfIpv6Records = lib.flatten (lib.mapAttrsToList (hostname: node: lib.optional (supportsIPv6 node) "ip6:${rmCidr node.ip6}" ) mailConfigs); - spfRecord = "v=spf1 a:lasuite.federez.net ${builtins.concatStringsSep " " (spfIpv4Records ++ spfIpv6Records)} ~all"; + spfRecord = "v=spf1 a:lasuite.federez.net ${lib.strings.concatStringsSep " " (spfIpv4Records ++ spfIpv6Records)} ~all"; # Zone conf zone-lasuite-federez-net = pkgs.writeText "zone-lasuite-federez-net" '' @@ -165,15 +165,15 @@ let IN TXT "${spfRecord}" - ${builtins.concatStringsSep "\n" nsRecords} - ${builtins.concatStringsSep "\n" mxRecords} - ${builtins.concatStringsSep "\n" soaARecords} - ${builtins.concatStringsSep "\n" soaAAAARecords} + ${lib.strings.concatStringsSep "\n" nsRecords} + ${lib.strings.concatStringsSep "\n" mxRecords} + ${lib.strings.concatStringsSep "\n" soaARecords} + ${lib.strings.concatStringsSep "\n" soaAAAARecords} - ${builtins.concatStringsSep "\n" nsARecords} - ${builtins.concatStringsSep "\n" nsAAAARecords} - ${builtins.concatStringsSep "\n" mxARecords} - ${builtins.concatStringsSep "\n" mxAAAARecords} + ${lib.strings.concatStringsSep "\n" nsARecords} + ${lib.strings.concatStringsSep "\n" nsAAAARecords} + ${lib.strings.concatStringsSep "\n" mxARecords} + ${lib.strings.concatStringsSep "\n" mxAAAARecords} _dmarc IN TXT "v=DMARC1; p=quarantine; ruf=mailto:monitoring@federez.net" _mta-sts IN TXT "v=STSv1; id=1" @@ -191,8 +191,8 @@ let 60 ; expire 60 ) ; minimum TTL - ${builtins.concatStringsSep "\n" lfARecords} - ${builtins.concatStringsSep "\n" lfAAAARecords} + ${lib.strings.concatStringsSep "\n" lfARecords} + ${lib.strings.concatStringsSep "\n" lfAAAARecords} ''; in { @@ -266,12 +266,12 @@ in ] else [ { domain = "lasuite.federez.net"; - master = builtins.head remotesNames; + master = lib.lists.head remotesNames; acl = remotesACLNames; } { domain = "lf"; - master = builtins.head remotesNames; + master = lib.lists.head remotesNames; acl = remotesACLNames; module = "mod-queryacl/local"; } diff --git a/shared/mail/maddy.nix b/shared/mail/maddy.nix index a7664cf..f2cd1b0 100644 --- a/shared/mail/maddy.nix +++ b/shared/mail/maddy.nix @@ -13,18 +13,18 @@ let generatedCredsCommand = mbox: '' ${pkgs.maddy}/bin/maddyctl creds remove --yes ${mbox} - ${pkgs.maddy}/bin/maddyctl creds create --password $(cat ${config.age.secrets."mbox-${builtins.head (builtins.split "@" mbox)}".path}) ${mbox} + ${pkgs.maddy}/bin/maddyctl creds create --password $(cat ${config.age.secrets."mbox-${lib.lists.head (lib.strings.splitString "@" mbox)}".path}) ${mbox} ''; maddyDeployCreds = pkgs.writeShellScriptBin "maddyDeployCreds" '' - ${builtins.concatStringsSep "\n" (map generatedCredsCommand acct)} + ${lib.strings.concatStringsSep "\n" (map generatedCredsCommand acct)} ''; - hostToDomain = hostname: "${builtins.replaceStrings ["-"] ["."] hostname}.net"; + hostToDomain = hostname: "${lib.replaceStrings ["-"] ["."] hostname}.net"; buildSecret = mbox: { - "mbox-${builtins.head (builtins.split "@" mbox)}" = { - file = ./../../secrets/mail/mbox + ( "/" + builtins.head (builtins.split "@" mbox) + ".age" ); + "mbox-${lib.lists.head (lib.strings.splitString "@" mbox)}" = { + file = ./../../secrets/mail/mbox + ( "/" + lib.lists.head (lib.strings.splitString "@" mbox) + ".age" ); owner = "maddy"; group = "maddy"; };