lasuite-federez/nix
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

lib > builtins

Browse source
This commit is contained in:
asyncnomi 2025-08-03 01:05:02 +02:00
parent 47ccd698a9
commit 22f93f23ed
6 changed files with 39 additions and 38 deletions
Download patch file Download diff file Expand all files Collapse all files

19
flake.nix
View file

@ -11,6 +11,7 @@
outputs = { self, nixpkgs-25-05, nixpkgs-unstable, deploy-rs, agenix }: let outputs = { self, nixpkgs-25-05, nixpkgs-unstable, deploy-rs, agenix }: let
system = "x86_64-linux"; system = "x86_64-linux";
lib = nixpkgs-25-05.lib;
# Mapping version identifiers to nixpkgs # Mapping version identifiers to nixpkgs
nixpkgsMap = { nixpkgsMap = {
@ -40,16 +41,16 @@
nodes = import ./nodes.nix; nodes = import ./nodes.nix;
mapping = import ./mapping.nix; mapping = import ./mapping.nix;
findRolesForHost = hostName: builtins.filter findRolesForHost = hostName: lib.filter
(roleName: builtins.elem hostName mapping.${roleName}.hosts) (roleName: lib.elem hostName mapping.${roleName}.hosts)
(builtins.attrNames mapping); (lib.attrNames mapping);
getModulesForHost = hostName: let getModulesForHost = hostName: let
roles = findRolesForHost hostName; roles = findRolesForHost hostName;
modulesList = builtins.map modulesList = map
(role: mapping.${role}._inherit or []) (role: mapping.${role}._inherit or [])
roles; roles;
in builtins.concatLists modulesList; in lib.lists.concatLists modulesList;
defaultModules = [ defaultModules = [
agenix.nixosModules.default agenix.nixosModules.default
@ -58,7 +59,7 @@
]; ];
in { in {
nixosConfigurations = builtins.mapAttrs (name: config: nixosConfigurations = lib.mapAttrs (name: config:
nixpkgsMap.${config.ver}.lib.nixosSystem { nixpkgsMap.${config.ver}.lib.nixosSystem {
system = config.system; system = config.system;
modules = getModulesForHost "${name}" ++ defaultModules ++ [{ hostName = "${name}"; }]; modules = getModulesForHost "${name}" ++ defaultModules ++ [{ hostName = "${name}"; }];
@ -70,8 +71,8 @@
autoRollback = true; autoRollback = true;
magicRollback = true; magicRollback = true;
remoteBuild = true; remoteBuild = true;
nodes = builtins.mapAttrs (name: config: { nodes = lib.mapAttrs (name: config: {
hostname = builtins.head (builtins.split "/" config.ip4); hostname = lib.lists.head (lib.strings.splitString "/" config.ip4);
profilesOrder = [ "system" ]; profilesOrder = [ "system" ];
profiles = { profiles = {
system = { system = {
@ -82,6 +83,6 @@
}; };
# This is highly advised, and will prevent many possible mistakes, just run "deploy -s" to bypass it # This is highly advised, and will prevent many possible mistakes, just run "deploy -s" to bypass it
checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib; checks = lib.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;
}; };
} }

2
shared/commons/mesh.nix
View file

@ -32,7 +32,7 @@ let
"172.19.${toString (peerConfig.zone + 127)}.0/24" "172.19.${toString (peerConfig.zone + 127)}.0/24"
"fc00:f::${toString (peerConfig.zone + 127)}:0/112" "fc00:f::${toString (peerConfig.zone + 127)}:0/112"
]; ];
Endpoint = "${builtins.head (builtins.split "/" peerConfig.ip4)}:51820"; Endpoint = "${lib.lists.head (lib.strings.splitString "/" peerConfig.ip4)}:51820";
PersistentKeepalive = 25; PersistentKeepalive = 25;
}) peerConfigs; }) peerConfigs;

4
shared/commons/resolver.nix
View file

@ -1,4 +1,4 @@
{ config, ... }: { config, lib, ... }:
let let
# Import nodes # Import nodes
@ -17,7 +17,7 @@ in
# Do not edit, will be overwritten by Nixos # Do not edit, will be overwritten by Nixos
domain ${config.networking.domain} domain ${config.networking.domain}
search ${config.networking.domain} search ${config.networking.domain}
${builtins.concatStringsSep "\n" (map (ip: "nameserver ${ip}") config.services.dnsmasq.settings.listen-address)} ${lib.strings.concatStringsSep "\n" (map (ip: "nameserver ${ip}") config.services.dnsmasq.settings.listen-address)}
options edns0 trust-ad options edns0 trust-ad
''; '';

8
shared/db/postgres.nix
View file

@ -28,7 +28,7 @@ in
# Replication tasks are not authenticated # Replication tasks are not authenticated
# The wireguard mesh cryptographically # The wireguard mesh cryptographically
# ensures the sender is who we expect. # ensures the sender is who we expect.
authentication = lib.mkForce (builtins.concatStringsSep "\n" (['' authentication = lib.mkForce (lib.strings.concatStringsSep "\n" ([''
#type database DBuser auth-method optional_ident_map #type database DBuser auth-method optional_ident_map
local all all peer map=superuser_map local all all peer map=superuser_map
''] '']
@ -36,7 +36,7 @@ in
(map (slaveName: let slaveNode = nodes.${slaveName}; in (map (slaveName: let slaveNode = nodes.${slaveName}; in
"host replication replication 172.19.${toString slaveNode.zone}.${toString slaveNode.id}/32 trust" "host replication replication 172.19.${toString slaveNode.zone}.${toString slaveNode.id}/32 trust"
) mapping.db.slaves) ) mapping.db.slaves)
++ lib.optionals (builtins.elem myName mapping.db.slaves) [ ++ lib.optionals (lib.elem myName mapping.db.slaves) [
"host replication replication ${masterIP}/32 trust" "host replication replication ${masterIP}/32 trust"
])); ]));
ensureUsers = lib.mkIf (myName == mapping.db.master) [{ ensureUsers = lib.mkIf (myName == mapping.db.master) [{
@ -55,7 +55,7 @@ in
} // lib.optionalAttrs (myName == mapping.db.master) { } // lib.optionalAttrs (myName == mapping.db.master) {
wal_sender_timeout = "60s"; wal_sender_timeout = "60s";
wal_keep_size = 1000; # In MB wal_keep_size = 1000; # In MB
} // lib.optionalAttrs (builtins.elem myName mapping.db.slaves) { } // lib.optionalAttrs (lib.elem myName mapping.db.slaves) {
wal_receiver_timeout = "60s"; wal_receiver_timeout = "60s";
hot_standby = "on"; hot_standby = "on";
primary_conninfo = "host=${masterIP} port=5432 user=replication"; primary_conninfo = "host=${masterIP} port=5432 user=replication";
@ -64,7 +64,7 @@ in
# This preStart script sync the slaves to the master # This preStart script sync the slaves to the master
# systemd.services.<name>.preStart has a mergeable type, # systemd.services.<name>.preStart has a mergeable type,
# this code will be prepend to the default one # this code will be prepend to the default one
systemd.services.postgresql.preStart = lib.mkIf (builtins.elem myName mapping.db.slaves) (lib.mkBefore '' systemd.services.postgresql.preStart = lib.mkIf (lib.elem myName mapping.db.slaves) (lib.mkBefore ''
if ! test -e ${cfg.dataDir}/PG_VERSION; then if ! test -e ${cfg.dataDir}/PG_VERSION; then
echo "Setting up PostgreSQL slave replication..." echo "Setting up PostgreSQL slave replication..."

34
shared/dns/knot.nix
View file

@ -84,11 +84,11 @@ let
##### #####
# host to dn # host to dn
hostToDomain = hostname: builtins.replaceStrings ["-"] ["."] hostname; hostToDomain = hostname: lib.replaceStrings ["-"] ["."] hostname;
hostToLfDomain = hostname: builtins.replaceStrings [".lasuite.federez"] [".lf."] (hostToDomain hostname); hostToLfDomain = hostname: lib.replaceStrings [".lasuite.federez"] [".lf."] (hostToDomain hostname);
# Remove cidr notation # Remove cidr notation
rmCidr = ip: builtins.head (builtins.split "/" ip); rmCidr = ip: lib.lists.head (lib.strings.splitString "/" ip);
# Gen NS # Gen NS
toNSRecord = host: "\tIN NS ${hostToDomain host}.net."; toNSRecord = host: "\tIN NS ${hostToDomain host}.net.";
@ -140,7 +140,7 @@ let
) nodes); ) nodes);
# Gen first NS for SOA # Gen first NS for SOA
firstNS = builtins.head mapping.dns.secondary; firstNS = lib.lists.head mapping.dns.secondary;
firstNSDn = "${hostToDomain firstNS}.net."; firstNSDn = "${hostToDomain firstNS}.net.";
# Generate SPF record with all mail server IPs # Generate SPF record with all mail server IPs
@ -150,7 +150,7 @@ let
spfIpv6Records = lib.flatten (lib.mapAttrsToList (hostname: node: spfIpv6Records = lib.flatten (lib.mapAttrsToList (hostname: node:
lib.optional (supportsIPv6 node) "ip6:${rmCidr node.ip6}" lib.optional (supportsIPv6 node) "ip6:${rmCidr node.ip6}"
) mailConfigs); ) mailConfigs);
spfRecord = "v=spf1 a:lasuite.federez.net ${builtins.concatStringsSep " " (spfIpv4Records ++ spfIpv6Records)} ~all"; spfRecord = "v=spf1 a:lasuite.federez.net ${lib.strings.concatStringsSep " " (spfIpv4Records ++ spfIpv6Records)} ~all";
# Zone conf # Zone conf
zone-lasuite-federez-net = pkgs.writeText "zone-lasuite-federez-net" '' zone-lasuite-federez-net = pkgs.writeText "zone-lasuite-federez-net" ''
@ -165,15 +165,15 @@ let
IN TXT "${spfRecord}" IN TXT "${spfRecord}"
${builtins.concatStringsSep "\n" nsRecords} ${lib.strings.concatStringsSep "\n" nsRecords}
${builtins.concatStringsSep "\n" mxRecords} ${lib.strings.concatStringsSep "\n" mxRecords}
${builtins.concatStringsSep "\n" soaARecords} ${lib.strings.concatStringsSep "\n" soaARecords}
${builtins.concatStringsSep "\n" soaAAAARecords} ${lib.strings.concatStringsSep "\n" soaAAAARecords}
${builtins.concatStringsSep "\n" nsARecords} ${lib.strings.concatStringsSep "\n" nsARecords}
${builtins.concatStringsSep "\n" nsAAAARecords} ${lib.strings.concatStringsSep "\n" nsAAAARecords}
${builtins.concatStringsSep "\n" mxARecords} ${lib.strings.concatStringsSep "\n" mxARecords}
${builtins.concatStringsSep "\n" mxAAAARecords} ${lib.strings.concatStringsSep "\n" mxAAAARecords}
_dmarc IN TXT "v=DMARC1; p=quarantine; ruf=mailto:monitoring@federez.net" _dmarc IN TXT "v=DMARC1; p=quarantine; ruf=mailto:monitoring@federez.net"
_mta-sts IN TXT "v=STSv1; id=1" _mta-sts IN TXT "v=STSv1; id=1"
@ -191,8 +191,8 @@ let
60 ; expire 60 ; expire
60 ) ; minimum TTL 60 ) ; minimum TTL
${builtins.concatStringsSep "\n" lfARecords} ${lib.strings.concatStringsSep "\n" lfARecords}
${builtins.concatStringsSep "\n" lfAAAARecords} ${lib.strings.concatStringsSep "\n" lfAAAARecords}
''; '';
in in
{ {
@ -266,12 +266,12 @@ in
] else [ ] else [
{ {
domain = "lasuite.federez.net"; domain = "lasuite.federez.net";
master = builtins.head remotesNames; master = lib.lists.head remotesNames;
acl = remotesACLNames; acl = remotesACLNames;
} }
{ {
domain = "lf"; domain = "lf";
master = builtins.head remotesNames; master = lib.lists.head remotesNames;
acl = remotesACLNames; acl = remotesACLNames;
module = "mod-queryacl/local"; module = "mod-queryacl/local";
} }

10
shared/mail/maddy.nix
View file

@ -13,18 +13,18 @@ let
generatedCredsCommand = mbox: '' generatedCredsCommand = mbox: ''
${pkgs.maddy}/bin/maddyctl creds remove --yes ${mbox} ${pkgs.maddy}/bin/maddyctl creds remove --yes ${mbox}
${pkgs.maddy}/bin/maddyctl creds create --password $(cat ${config.age.secrets."mbox-${builtins.head (builtins.split "@" mbox)}".path}) ${mbox} ${pkgs.maddy}/bin/maddyctl creds create --password $(cat ${config.age.secrets."mbox-${lib.lists.head (lib.strings.splitString "@" mbox)}".path}) ${mbox}
''; '';
maddyDeployCreds = pkgs.writeShellScriptBin "maddyDeployCreds" '' maddyDeployCreds = pkgs.writeShellScriptBin "maddyDeployCreds" ''
${builtins.concatStringsSep "\n" (map generatedCredsCommand acct)} ${lib.strings.concatStringsSep "\n" (map generatedCredsCommand acct)}
''; '';
hostToDomain = hostname: "${builtins.replaceStrings ["-"] ["."] hostname}.net"; hostToDomain = hostname: "${lib.replaceStrings ["-"] ["."] hostname}.net";
buildSecret = mbox: { buildSecret = mbox: {
"mbox-${builtins.head (builtins.split "@" mbox)}" = { "mbox-${lib.lists.head (lib.strings.splitString "@" mbox)}" = {
file = ./../../secrets/mail/mbox + ( "/" + builtins.head (builtins.split "@" mbox) + ".age" ); file = ./../../secrets/mail/mbox + ( "/" + lib.lists.head (lib.strings.splitString "@" mbox) + ".age" );
owner = "maddy"; owner = "maddy";
group = "maddy"; group = "maddy";
}; };