diff options
| author | lassulus <git@lassul.us> | 2023-06-10 12:50:53 +0200 |
|---|---|---|
| committer | tv <tv@krebsco.de> | 2023-06-21 14:47:04 +0200 |
| commit | e174ef53caafbcee1e8a2ee83d6195f97afb9388 (patch) | |
| tree | 630c6d61843c4a6df904327316f8c3a02a68dd3d /krebs/3modules | |
| parent | d59586939d9530ee55a4c5a3310ae13042127e09 (diff) | |
flake: init
Diffstat (limited to 'krebs/3modules')
53 files changed, 136 insertions, 130 deletions
diff --git a/krebs/3modules/airdcpp.nix b/krebs/3modules/airdcpp.nix index 259f613cc..acd007cb8 100644 --- a/krebs/3modules/airdcpp.nix +++ b/krebs/3modules/airdcpp.nix @@ -1,6 +1,7 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; #genid +with lib; let + slib = import ../../lib/pure.nix { inherit lib; }; cfg = config.krebs.airdcpp; out = { @@ -265,14 +266,14 @@ let }; users = lib.mkIf (cfg.user == "airdcpp") { users.airdcpp = { - uid = genid "airdcpp"; + uid = slib.genid "airdcpp"; home = cfg.stateDir; createHome = true; isSystemUser = true; group = "airdcpp"; inherit (cfg) extraGroups; }; - groups.airdcpp.gid = genid "airdcpp"; + groups.airdcpp.gid = slib.genid "airdcpp"; }; }; in diff --git a/krebs/3modules/announce-activation.nix b/krebs/3modules/announce-activation.nix index a40ae8cef..fa0f1530c 100644 --- a/krebs/3modules/announce-activation.nix +++ b/krebs/3modules/announce-activation.nix @@ -1,20 +1,21 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: let +{ config, pkgs, lib, ... }: +let + slib = import ../../lib/pure.nix { inherit lib; }; cfg = config.krebs.announce-activation; announce-activation = pkgs.writeDash "announce-activation" '' set -efu message=$(${cfg.get-message}) exec ${pkgs.irc-announce}/bin/irc-announce \ - ${shell.escape cfg.irc.server} \ - ${shell.escape (toString cfg.irc.port)} \ - ${shell.escape cfg.irc.nick} \ - ${shell.escape cfg.irc.channel} \ - ${escapeShellArg cfg.irc.tls} \ + ${slib.shell.escape cfg.irc.server} \ + ${slib.shell.escape (toString cfg.irc.port)} \ + ${slib.shell.escape cfg.irc.nick} \ + ${slib.shell.escape cfg.irc.channel} \ + ${lib.escapeShellArg cfg.irc.tls} \ "$message" ''; default-get-message = pkgs.writeDash "announce-activation-get-message" '' set -efu - PATH=${makeBinPath [ + PATH=${lib.makeBinPath [ pkgs.coreutils pkgs.gawk pkgs.gnused @@ -28,37 +29,37 @@ with import <stockholm/lib>; ''; in { options.krebs.announce-activation = { - enable = mkEnableOption "announce-activation"; - get-message = mkOption { + enable = lib.mkEnableOption "announce-activation"; + get-message = lib.mkOption { default = default-get-message; - type = types.package; + type = lib.types.package; }; irc = { # TODO rename channel to target? - channel = mkOption { + channel = lib.mkOption { default = "#xxx"; - type = types.str; # TODO types.irc-channel + type = lib.types.str; # TODO types.irc-channel }; - nick = mkOption { + nick = lib.mkOption { default = config.krebs.build.host.name; - type = types.label; + type = slib.types.label; }; - port = mkOption { + port = lib.mkOption { default = 6667; - type = types.int; + type = lib.types.int; }; - server = mkOption { + server = lib.mkOption { default = "irc.r"; - type = types.hostname; + type = slib.types.hostname; }; - tls = mkOption { + tls = lib.mkOption { default = false; - type = types.bool; + type = lib.types.bool; }; }; }; - config = mkIf cfg.enable { - system.activationScripts.announce-activation = stringAfter [ "etc" ] '' + config = lib.mkIf cfg.enable { + system.activationScripts.announce-activation = lib.stringAfter [ "etc" ] '' ${announce-activation} ''; }; diff --git a/krebs/3modules/apt-cacher-ng.nix b/krebs/3modules/apt-cacher-ng.nix index f3c8ff0cd..0efe9ed43 100644 --- a/krebs/3modules/apt-cacher-ng.nix +++ b/krebs/3modules/apt-cacher-ng.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with import <stockholm/lib>; +with lib; let acng-config = pkgs.writeTextFile { name = "acng-configuration"; diff --git a/krebs/3modules/backup.nix b/krebs/3modules/backup.nix index c1d4d7211..900be5139 100644 --- a/krebs/3modules/backup.nix +++ b/krebs/3modules/backup.nix @@ -1,5 +1,5 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let out = { options.krebs.backup = api; diff --git a/krebs/3modules/bepasty-server.nix b/krebs/3modules/bepasty-server.nix index c374aa9af..33c825a80 100644 --- a/krebs/3modules/bepasty-server.nix +++ b/krebs/3modules/bepasty-server.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with lib; let gunicorn = pkgs.python3Packages.gunicorn; bepasty = pkgs.bepasty; diff --git a/krebs/3modules/bindfs.nix b/krebs/3modules/bindfs.nix index 7e3730e86..60736710f 100644 --- a/krebs/3modules/bindfs.nix +++ b/krebs/3modules/bindfs.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: +with lib; let cfg = config.krebs.bindfs; in { diff --git a/krebs/3modules/brockman.nix b/krebs/3modules/brockman.nix index 8427ca50b..3f0dd0861 100644 --- a/krebs/3modules/brockman.nix +++ b/krebs/3modules/brockman.nix @@ -1,6 +1,7 @@ -{ pkgs, config, ... }: -with import <stockholm/lib>; +{ pkgs, config, lib, ... }: +with lib; let + slib = import ../../lib/pure.nix { inherit lib; }; cfg = config.krebs.brockman; in { options.krebs.brockman = { @@ -14,7 +15,7 @@ in { group = "brockman"; createHome = true; isSystemUser = true; - uid = genid_uint31 "brockman"; + uid = slib.genid_uint31 "brockman"; }; users.groups.brockman = {}; diff --git a/krebs/3modules/build.nix b/krebs/3modules/build.nix index 5f961617f..bf20cb099 100644 --- a/krebs/3modules/build.nix +++ b/krebs/3modules/build.nix @@ -1,6 +1,6 @@ -{ config, ... }: +{ config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; { options.krebs.build = { diff --git a/krebs/3modules/ci/default.nix b/krebs/3modules/ci/default.nix index 022da5884..5035a11a8 100644 --- a/krebs/3modules/ci/default.nix +++ b/krebs/3modules/ci/default.nix @@ -1,6 +1,5 @@ { config, lib, pkgs, ... }: - -with import <stockholm/lib>; +with import ../../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.ci; @@ -25,7 +24,7 @@ let }; hostname = config.networking.hostName; - getJobs = pkgs.writeDash "get_jobs" '' + getJobs = pkgs.writers.writeDash "get_jobs" '' set -efu ${pkgs.nix}/bin/nix-build --no-out-link --quiet --show-trace -Q ./ci.nix >&2 json="$(${pkgs.nix}/bin/nix-instantiate --quiet -Q --eval --strict --json ./ci.nix)" @@ -116,7 +115,7 @@ let build_script = stages[stage], ), timeout = 3600, - command="${pkgs.writeDash "build.sh" '' + command="${pkgs.writers.writeDash "build.sh" '' set -xefu profile=${shell.escape profileRoot}/$build_name result=$("$build_script") diff --git a/krebs/3modules/current.nix b/krebs/3modules/current.nix index e97e53479..5c32203fd 100644 --- a/krebs/3modules/current.nix +++ b/krebs/3modules/current.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with import <stockholm/lib>; +with lib; let cfg = config.krebs.current; diff --git a/krebs/3modules/default.nix b/krebs/3modules/default.nix index 6d763afed..4a127fbb1 100644 --- a/krebs/3modules/default.nix +++ b/krebs/3modules/default.nix @@ -1,13 +1,12 @@ { config, lib, ... }: -with import <stockholm/lib>; +with lib; let cfg = config.krebs; out = { imports = [ ../../kartei - ../../submodules/disko/module.nix ./acl.nix ./airdcpp.nix ./announce-activation.nix diff --git a/krebs/3modules/dns.nix b/krebs/3modules/dns.nix index 8a74d3067..a268b931c 100644 --- a/krebs/3modules/dns.nix +++ b/krebs/3modules/dns.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, ... }: { +{ config, lib, pkgs, ... }: +with import ../../lib/pure.nix { inherit lib; }; { options = { krebs.dns.providers = mkOption { type = types.attrsOf types.str; @@ -8,7 +8,7 @@ with import <stockholm/lib>; type = types.nullOr types.hostname; }; }; - config = mkIf config.krebs.enable { + config = lib.mkIf config.krebs.enable { krebs.dns.providers = { "krebsco.de" = "zones"; shack = "hosts"; diff --git a/krebs/3modules/exim-retiolum.nix b/krebs/3modules/exim-retiolum.nix index a16661c9f..f78f1746c 100644 --- a/krebs/3modules/exim-retiolum.nix +++ b/krebs/3modules/exim-retiolum.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, pkgs, lib, ... }: let +{ config, pkgs, lib, ... }: +with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.exim-retiolum; # Due to improvements to the JSON notation, braces around top-level objects diff --git a/krebs/3modules/exim-smarthost.nix b/krebs/3modules/exim-smarthost.nix index 62f15027a..7b3dace6a 100644 --- a/krebs/3modules/exim-smarthost.nix +++ b/krebs/3modules/exim-smarthost.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.exim-smarthost; diff --git a/krebs/3modules/exim.nix b/krebs/3modules/exim.nix index 0f0aa67f0..917a8e5a4 100644 --- a/krebs/3modules/exim.nix +++ b/krebs/3modules/exim.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: with import <stockholm/lib>; let +{ config, lib, pkgs, ... }: with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.exim; in { options.krebs.exim = { diff --git a/krebs/3modules/fetchWallpaper.nix b/krebs/3modules/fetchWallpaper.nix index dc0133a63..79187adfa 100644 --- a/krebs/3modules/fetchWallpaper.nix +++ b/krebs/3modules/fetchWallpaper.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.fetchWallpaper; diff --git a/krebs/3modules/git.nix b/krebs/3modules/git.nix index 02c673e43..1ec216f62 100644 --- a/krebs/3modules/git.nix +++ b/krebs/3modules/git.nix @@ -6,14 +6,14 @@ # TODO when authorized_keys changes, then restart ssh # (or kill already connected users somehow) -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.git; out = { options.krebs.git = api; - config = with lib; mkIf cfg.enable (mkMerge [ - (mkIf cfg.cgit.enable cgit-imp) + config = with lib; lib.mkIf cfg.enable (mkMerge [ + (lib.mkIf cfg.cgit.enable cgit-imp) git-imp ]); }; @@ -446,7 +446,7 @@ let ]; locations."/".extraConfig = '' include ${pkgs.nginx}/conf/fastcgi_params; - fastcgi_param SCRIPT_FILENAME ${pkgs.writeDash "cgit-wrapper" '' + fastcgi_param SCRIPT_FILENAME ${pkgs.writers.writeDash "cgit-wrapper" '' set -efu exec 3>&1 ${pkgs.cgit}/cgit/cgit.cgi "$@" 2>&1 >&3 3>&- \ diff --git a/krebs/3modules/github/hosts-sync.nix b/krebs/3modules/github/hosts-sync.nix index 71eed6c69..6f9aee0ce 100644 --- a/krebs/3modules/github/hosts-sync.nix +++ b/krebs/3modules/github/hosts-sync.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with lib; let cfg = config.krebs.github-hosts-sync; diff --git a/krebs/3modules/go.nix b/krebs/3modules/go.nix index 80cd90e27..9dc8fe6d2 100644 --- a/krebs/3modules/go.nix +++ b/krebs/3modules/go.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with lib; let cfg = config.krebs.go; diff --git a/krebs/3modules/hidden-ssh.nix b/krebs/3modules/hidden-ssh.nix index acbe717d9..9ee4409e6 100644 --- a/krebs/3modules/hidden-ssh.nix +++ b/krebs/3modules/hidden-ssh.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with lib; let cfg = config.krebs.hidden-ssh; diff --git a/krebs/3modules/hosts.nix b/krebs/3modules/hosts.nix index bd1bb1652..2333d0a8d 100644 --- a/krebs/3modules/hosts.nix +++ b/krebs/3modules/hosts.nix @@ -1,17 +1,19 @@ -with import <stockholm/lib>; -{ config, ... }: let +{ config, lib, pkgs, ... }: +with lib; let check = hostname: any (domain: hasSuffix ".${domain}" hostname) domains; - domains = attrNames (filterAttrs (_: eq "hosts") config.krebs.dns.providers); + domains = attrNames (filterAttrs (_: slib.eq "hosts") config.krebs.dns.providers); + # we need this import because we have infinite recursion otherwise + slib = import ../../lib/pure.nix { inherit lib; }; in { options = { krebs.hosts = mkOption { default = {}; - type = types.attrsOf types.host; + type = types.attrsOf slib.types.host; }; }; - config = mkIf config.krebs.enable { + config = lib.mkIf config.krebs.enable { networking.hosts = filterAttrs (_name: value: value != []) @@ -91,7 +93,7 @@ in { (concatLists (attrValues netAliases)); } // - genAttrs' (attrNames netAliases) (netname: rec { + slib.genAttrs' (attrNames netAliases) (netname: rec { name = "krebs-hosts-${netname}"; value = writeHosts name netAliases.${netname}; }); diff --git a/krebs/3modules/htgen.nix b/krebs/3modules/htgen.nix index b760ea671..334a83cb3 100644 --- a/krebs/3modules/htgen.nix +++ b/krebs/3modules/htgen.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let optionalAttr = name: value: if name != null then diff --git a/krebs/3modules/iana-etc.nix b/krebs/3modules/iana-etc.nix index 9ed5f29c5..3195f71d9 100644 --- a/krebs/3modules/iana-etc.nix +++ b/krebs/3modules/iana-etc.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: { +{ config, pkgs, lib, ... }: +with lib; { options.krebs.iana-etc.services = mkOption { default = {}; diff --git a/krebs/3modules/iptables.nix b/krebs/3modules/iptables.nix index 052dad9c6..c1c5b68c8 100644 --- a/krebs/3modules/iptables.nix +++ b/krebs/3modules/iptables.nix @@ -1,6 +1,6 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with lib; let inherit (pkgs) writeText; diff --git a/krebs/3modules/kapacitor.nix b/krebs/3modules/kapacitor.nix index 2ec67c73d..89d2e2c14 100644 --- a/krebs/3modules/kapacitor.nix +++ b/krebs/3modules/kapacitor.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: with builtins; -with import <stockholm/lib>; +with lib; let cfg = config.krebs.kapacitor; diff --git a/krebs/3modules/konsens.nix b/krebs/3modules/konsens.nix index 81dbb33e1..0463de53f 100644 --- a/krebs/3modules/konsens.nix +++ b/krebs/3modules/konsens.nix @@ -1,6 +1,5 @@ { config, lib, pkgs, ... }: - -with import <stockholm/lib>; +with import ../../lib/pure.nix { inherit lib; }; let cfg = config.krebs.konsens; @@ -68,7 +67,7 @@ let serviceConfig = { Type = "simple"; PermissionsStartOnly = true; - ExecStart = pkgs.writeDash "konsens-${name}" '' + ExecStart = pkgs.writers.writeDash "konsens-${name}" '' set -efu git config --global --replace-all safe.directory * if ! test -e ${name}; then diff --git a/krebs/3modules/krebs-pages.nix b/krebs/3modules/krebs-pages.nix index 6dd046a8b..face9e3a0 100644 --- a/krebs/3modules/krebs-pages.nix +++ b/krebs/3modules/krebs-pages.nix @@ -1,6 +1,5 @@ -{ config, modulesPath, pkgs, ... }: let +{ config, modulesPath, pkgs, lib, ... }: let cfg = config.krebs.pages; - lib = import ../../lib; extraTypes.nginx-vhost = lib.types.submodule ( lib.recursiveUpdate (import (modulesPath + "/services/web-servers/nginx/vhost-options.nix") @@ -11,7 +10,7 @@ in { options.krebs.pages = { enable = lib.mkEnableOption "krebs-pages"; domain = lib.mkOption { - type = lib.types.hostname; + type = pkgs.stockholm.lib.types.hostname; default = "krebsco.de"; }; nginx = lib.mkOption { diff --git a/krebs/3modules/monit.nix b/krebs/3modules/monit.nix index cc4a1b208..717316224 100644 --- a/krebs/3modules/monit.nix +++ b/krebs/3modules/monit.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: with builtins; -with import <stockholm/lib>; +with lib; let cfg = config.krebs.monit; diff --git a/krebs/3modules/nixpkgs.nix b/krebs/3modules/nixpkgs.nix index 796ee537e..e560df51d 100644 --- a/krebs/3modules/nixpkgs.nix +++ b/krebs/3modules/nixpkgs.nix @@ -1,5 +1,5 @@ { config, lib, pkgs, ... }: -with import <stockholm/lib>; +with lib; let cfg = config.krebs.nixpkgs; diff --git a/krebs/3modules/on-failure.nix b/krebs/3modules/on-failure.nix index 4da303dec..11d2b4194 100644 --- a/krebs/3modules/on-failure.nix +++ b/krebs/3modules/on-failure.nix @@ -1,4 +1,4 @@ -{ config, lib, pkgs, ... }: with import <stockholm/lib>; let +{ config, lib, pkgs, ... }: with import ../../lib/pure.nix { inherit lib; }; let out = { options.krebs.on-failure = api; config = lib.mkIf cfg.enable imp; diff --git a/krebs/3modules/os-release.nix b/krebs/3modules/os-release.nix index 5fbfe6614..bfd352825 100644 --- a/krebs/3modules/os-release.nix +++ b/krebs/3modules/os-release.nix @@ -1,5 +1,5 @@ -{ config, ... }: -with import <stockholm/lib>; +{ config, lib, ... }: +with lib; let nixos-version-id = if (hasAttr "nixos" config.system) then "${config.system.nixos.version}" else "${config.system.nixosVersion}"; @@ -9,7 +9,7 @@ let nixos-pretty-name = "NixOS ${nixos-version}"; stockholm-version-id = let - eval = tryEval (removeSuffix "\n" (readFile <stockholm-version>)); + eval = builtins.tryEval (removeSuffix "\n" (readFile <stockholm-version>)); in if eval.success then eval.value else "unknown"; diff --git a/krebs/3modules/per-user.nix b/krebs/3modules/per-user.nix index 5beb859aa..c0368ee85 100644 --- a/krebs/3modules/per-user.nix +++ b/krebs/3modules/per-user.nix @@ -1,5 +1,5 @@ -with import <stockholm/lib>; -{ config, pkgs, ... }: let +{ config, pkgs, lib, ... }: +with lib; let cfg = config.krebs.per-user; in { options.krebs.per-user = |