summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--flake.lock44
-rw-r--r--flake.nix41
-rw-r--r--kartei/0x4A6F/default.nix7
-rw-r--r--kartei/dave/default.nix6
-rw-r--r--kartei/dbalan/default.nix9
-rw-r--r--kartei/default.nix2
-rw-r--r--kartei/feliks/default.nix9
-rw-r--r--kartei/jan/default.nix6
-rw-r--r--kartei/jeschli/default.nix8
-rw-r--r--kartei/kmein/default.nix9
-rw-r--r--kartei/krebs/default.nix15
-rw-r--r--kartei/lass/default.nix15
-rw-r--r--kartei/makefu/default.nix16
-rw-r--r--kartei/mic92/default.nix7
-rw-r--r--kartei/others/default.nix9
-rw-r--r--kartei/oxzi/default.nix8
-rw-r--r--kartei/palo/default.nix9
-rw-r--r--kartei/rtunreal/default.nix10
-rw-r--r--kartei/srounce/default.nix7
-rw-r--r--kartei/template/default.nix6
-rw-r--r--kartei/tv/default.nix20
-rw-r--r--kartei/tv/hosts/ni.nix6
-rw-r--r--kartei/xkey/default.nix9
-rw-r--r--kartei/ynnel/default.nix6
-rw-r--r--krebs/1systems/arcadeomat/config.nix14
-rw-r--r--krebs/1systems/filebitch/config.nix20
-rw-r--r--krebs/1systems/hotdog/config.nix28
-rw-r--r--krebs/1systems/news/config.nix12
-rw-r--r--krebs/2configs/backup.nix2
-rw-r--r--krebs/2configs/buildbot-stockholm.nix4
-rw-r--r--krebs/2configs/cal.nix7
-rw-r--r--krebs/2configs/default.nix2
-rw-r--r--krebs/2configs/exim-smarthost.nix5
-rw-r--r--krebs/2configs/go.nix1
-rw-r--r--krebs/2configs/hw/x220.nix1
-rw-r--r--krebs/2configs/reaktor2.nix44
-rw-r--r--krebs/2configs/repo-sync.nix3
-rw-r--r--krebs/2configs/secret-passwords.nix3
-rw-r--r--krebs/2configs/shack/drivedroid.nix4
-rw-r--r--krebs/2configs/shack/mqtt_sub.nix2
-rw-r--r--krebs/2configs/shack/muell_caller.nix2
-rw-r--r--krebs/2configs/shack/nix-cacher.nix2
-rw-r--r--krebs/2configs/shack/radioactive.nix2
-rw-r--r--krebs/2configs/shack/worlddomination.nix2
-rw-r--r--krebs/2configs/stats/shack-debugging.nix2
-rw-r--r--krebs/2configs/syncthing.nix4
-rw-r--r--krebs/2configs/wiki.nix8
-rw-r--r--krebs/3modules/airdcpp.nix7
-rw-r--r--krebs/3modules/announce-activation.nix47
-rw-r--r--krebs/3modules/apt-cacher-ng.nix2
-rw-r--r--krebs/3modules/backup.nix2
-rw-r--r--krebs/3modules/bepasty-server.nix2
-rw-r--r--krebs/3modules/bindfs.nix4
-rw-r--r--krebs/3modules/brockman.nix7
-rw-r--r--krebs/3modules/build.nix4
-rw-r--r--krebs/3modules/ci/default.nix7
-rw-r--r--krebs/3modules/current.nix2
-rw-r--r--krebs/3modules/default.nix228
-rw-r--r--krebs/3modules/dns.nix6
-rw-r--r--krebs/3modules/exim-retiolum.nix4
-rw-r--r--krebs/3modules/exim-smarthost.nix2
-rw-r--r--krebs/3modules/exim.nix2
-rw-r--r--krebs/3modules/fetchWallpaper.nix2
-rw-r--r--krebs/3modules/git.nix8
-rw-r--r--krebs/3modules/github/hosts-sync.nix2
-rw-r--r--krebs/3modules/go.nix2
-rw-r--r--krebs/3modules/hidden-ssh.nix2
-rw-r--r--krebs/3modules/hosts.nix14
-rw-r--r--krebs/3modules/htgen.nix2
-rw-r--r--krebs/3modules/iana-etc.nix4
-rw-r--r--krebs/3modules/iptables.nix2
-rw-r--r--krebs/3modules/kapacitor.nix2
-rw-r--r--krebs/3modules/konsens.nix5
-rw-r--r--krebs/3modules/krebs-pages.nix5
-rw-r--r--krebs/3modules/krebs.nix8
-rw-r--r--krebs/3modules/monit.nix2
-rw-r--r--krebs/3modules/nixpkgs.nix2
-rw-r--r--krebs/3modules/on-failure.nix2
-rw-r--r--krebs/3modules/os-release.nix6
-rw-r--r--krebs/3modules/per-user.nix4
-rw-r--r--krebs/3modules/permown.nix4
-rw-r--r--krebs/3modules/reaktor2.nix4
-rw-r--r--krebs/3modules/realwallpaper.nix2
-rw-r--r--krebs/3modules/repo-sync.nix2
-rw-r--r--krebs/3modules/retiolum-bootstrap.nix4
-rw-r--r--krebs/3modules/secret.nix6
-rw-r--r--krebs/3modules/setuid.nix5
-rw-r--r--krebs/3modules/shadow.nix7
-rw-r--r--krebs/3modules/sitemap.nix5
-rw-r--r--krebs/3modules/ssh.nix109
-rw-r--r--krebs/3modules/sync-containers.nix5
-rw-r--r--krebs/3modules/sync-containers3.nix2
-rw-r--r--krebs/3modules/systemd.nix15
-rw-r--r--krebs/3modules/tinc.nix4
-rw-r--r--krebs/3modules/tinc_graphs.nix2
-rw-r--r--krebs/3modules/upstream/default.nix5
-rw-r--r--krebs/3modules/upstream/desktop-managers/coma.nix5
-rw-r--r--krebs/3modules/upstream/desktop-managers/none.nix6
-rw-r--r--krebs/3modules/upstream/window-managers/default.nix4
-rw-r--r--krebs/3modules/urlwatch.nix2
-rw-r--r--krebs/3modules/users.nix6
-rw-r--r--krebs/3modules/zones.nix4
-rw-r--r--krebs/5pkgs/default.nix9
-rw-r--r--krebs/5pkgs/simple/reaktor2-plugins.nix16
-rw-r--r--krebs/default.nix4
-rw-r--r--lass/2configs/baseX.nix1
-rw-r--r--lass/3modules/default.nix1
-rw-r--r--lib/default.nix226
-rw-r--r--lib/impure.nix3
-rw-r--r--lib/pure.nix227
-rw-r--r--tv/2configs/sshd.nix17
111 files changed, 847 insertions, 723 deletions
diff --git a/flake.lock b/flake.lock
new file mode 100644
index 000000000..937db8871
--- /dev/null
+++ b/flake.lock
@@ -0,0 +1,44 @@
+{
+ "nodes": {
+ "nix-writers": {
+ "flake": false,
+ "locked": {
+ "lastModified": 1677612737,
+ "narHash": "sha256-UaCKZ4PbMZU6UZH7XNFcjRtd5jheswl66rjZDBfQgp8=",
+ "ref": "refs/heads/master",
+ "rev": "66a1f6833464bbb121b6d94247ad769f277351f8",
+ "revCount": 39,
+ "type": "git",
+ "url": "https://cgit.krebsco.de/nix-writers"
+ },
+ "original": {
+ "type": "git",
+ "url": "https://cgit.krebsco.de/nix-writers"
+ }
+ },
+ "nixpkgs": {
+ "locked": {
+ "lastModified": 1686135559,
+ "narHash": "sha256-pY8waAV8K/sbHBdLn5diPFnQKpNg0YS9w03MrD2lUGE=",
+ "owner": "NixOS",
+ "repo": "nixpkgs",
+ "rev": "381e92a35e2d196fdd6077680dca0cd0197e75cb",
+ "type": "github"
+ },
+ "original": {
+ "owner": "NixOS",
+ "ref": "nixos-unstable",
+ "repo": "nixpkgs",
+ "type": "github"
+ }
+ },
+ "root": {
+ "inputs": {
+ "nix-writers": "nix-writers",
+ "nixpkgs": "nixpkgs"
+ }
+ }
+ },
+ "root": "root",
+ "version": 7
+}
diff --git a/flake.nix b/flake.nix
new file mode 100644
index 000000000..6c094b6a9
--- /dev/null
+++ b/flake.nix
@@ -0,0 +1,41 @@
+{
+ inputs = {
+ nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
+ nix-writers = {
+ url = "git+https://cgit.krebsco.de/nix-writers";
+ flake = false;
+ };
+ # disko.url = "github:nix-community/disko";
+ # disko.inputs.nixpkgs.follows = "nixpkgs";
+ };
+
+ description = "stockholm";
+
+ outputs = { self, nixpkgs, nix-writers }: {
+ nixosConfigurations.hotdog = nixpkgs.lib.nixosSystem {
+ system = "x86_64-linux";
+ specialArgs.stockholm = self;
+ specialArgs.nix-writers = nix-writers;
+ specialArgs.secrets = toString ./krebs/0tests/data/secrets;
+ modules = [
+ ./krebs/1systems/hotdog/config.nix
+ ];
+ };
+
+ nixosModules =
+ let
+ inherit (nixpkgs) lib;
+ in builtins.listToAttrs
+ (map
+ (name: {name = lib.removeSuffix ".nix" name; value = import (./krebs/3modules + "/${name}");})
+ (lib.filter
+ (name: name != "default.nix" && !lib.hasPrefix "." name)
+ (lib.attrNames (builtins.readDir ./krebs/3modules))));
+
+ kartei = {
+ hosts = self.nixosConfigurations.hotdog.config.krebs.hosts;
+ users = self.nixosConfigurations.hotdog.config.krebs.users;
+ };
+ lib = import (self.outPath + "/lib/pure.nix") { lib = nixpkgs.lib; };
+ };
+}
diff --git a/kartei/0x4A6F/default.nix b/kartei/0x4A6F/default.nix
index 8939f267d..eb3d08e8d 100644
--- a/kartei/0x4A6F/default.nix
+++ b/kartei/0x4A6F/default.nix
@@ -1,12 +1,13 @@
-with import ../../lib;
-{ config, ... }: let
+{ config, lib, ... }: let
+ inherit (lib) flip mapAttrs optionalAttrs recursiveUpdate;
+ slib = import ../../lib/pure.nix { inherit lib; };
hostDefaults = hostName: host: flip recursiveUpdate host ({
ci = false;
external = true;
monitoring = false;
} // optionalAttrs (host.nets?retiolum) {
nets.retiolum.ip6.addr =
- (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
+ (slib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
});
in {
users = {
diff --git a/kartei/dave/default.nix b/kartei/dave/default.nix
index 053ec412b..04f226cc1 100644
--- a/kartei/dave/default.nix
+++ b/kartei/dave/default.nix
@@ -1,5 +1,5 @@
-{ config, ... }: let
- lib = import ../../lib;
+{ config, lib, ... }: let
+ slib = import ../../lib/pure.nix { inherit lib; };
in {
users.dave = {
mail = "hsngrmpf@gmail.com";
@@ -8,7 +8,7 @@ in {
owner = config.krebs.users.dave;
nets.retiolum = {
aliases = [ "dave.r" ];
- ip6.addr = (lib.krebs.genipv6 "retiolum" "dave" { hostName = "dave"; }).address;
+ ip6.addr = (slib.krebs.genipv6 "retiolum" "dave" { hostName = "dave"; }).address;
ip4.addr = "10.243.0.6";
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
diff --git a/kartei/dbalan/default.nix b/kartei/dbalan/default.nix
index fadf187db..6bf10b921 100644
--- a/kartei/dbalan/default.nix
+++ b/kartei/dbalan/default.nix
@@ -1,6 +1,7 @@
-with import ../../lib;
-{ config, ... }:
+{ config, lib, ... }:
let
+ inherit (lib) flip mapAttrs optionalAttrs recursiveUpdate;
+ slib = import ../../lib/pure.nix { inherit lib; };
hostDefaults = hostName: host: flip recursiveUpdate host ({
ci = false;
external = true;
@@ -8,11 +9,11 @@ let
owner = config.krebs.users.dbalan;
} // optionalAttrs (host.nets?retiolum) {
nets.retiolum = {
- ip6.addr = (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
+ ip6.addr = (slib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
};
} // optionalAttrs (host.nets?wiregrill) {
nets.wiregrill = {
- ip6.addr = (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
+ ip6.addr = (slib.krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
};
});
in
diff --git a/kartei/default.nix b/kartei/default.nix
index 6024e2351..046efdd7b 100644
--- a/kartei/default.nix
+++ b/kartei/default.nix
@@ -9,7 +9,7 @@ in {
(name: _type: let
path = ./. + "/${name}";
in {
- krebs = import path { inherit config; };
+ krebs = import path { inherit config lib; };
})
(removeTemplate
(lib.filterAttrs
diff --git a/kartei/feliks/default.nix b/kartei/feliks/default.nix
index e98da7bc6..96c20f602 100644
--- a/kartei/feliks/default.nix
+++ b/kartei/feliks/default.nix
@@ -1,5 +1,6 @@
-with import ../../lib;
-{ config, ... }: let
+{ config, lib, ... }: let
+ inherit (lib) flip mapAttrs optionalAttrs recursiveUpdate;
+ slib = import ../../lib/pure.nix { inherit lib; };
hostDefaults = hostName: host: flip recursiveUpdate host ({
owner = config.krebs.users.feliks;
ci = false;
@@ -7,10 +8,10 @@ with import ../../lib;
monitoring = false;
} // optionalAttrs (host.nets?retiolum) {
nets.retiolum.ip6.addr =
- (krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
+ (slib.krebs.genipv6 "retiolum" "external" { inherit hostName; }).address;
} // optionalAttrs (host.nets?wiregrill) {
nets.wiregrill.ip6.addr =
- (krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
+ (slib.krebs.genipv6 "wiregrill" "external" { inherit hostName; }).address;
});
in {
users.feliks = {
diff --git a/kartei/jan/default.nix b/kartei/jan/default.nix
index 6b90cfdc4..2276758b6 100644
--- a/kartei/jan/default.nix
+++ b/kartei/jan/default.nix
@@ -1,5 +1,5 @@
-{ config, ... }: let
- lib = import ../../lib;
+{ config, lib, ... }: let
+ slib = import ../../lib/pure.nix { inherit lib; };
in {
users.jan = {
@@ -68,7 +68,7 @@ in {
nets.retiolum = {
aliases = [ "grill.r" ];
ip4.addr = "10.243.217.217";
- ip6.addr = (lib.krebs.genipv6 "retiolum" "jan" { hostName = "grill"; }).address;
+ ip6.addr = (slib.krebs.genipv6 "retiolum" "jan" { hostName = "grill"; }).address;
tinc.pubkey = ''
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEAs4P6CfRcwFGCqkfv1tyTbbk2eHh08kEqxPNQ655sMKWxMhgRnRII
diff --git a/kartei/jeschli/default.nix b/kartei/jeschli/default.nix
index fe12c16a4..a53ff7a22 100644
--- a/kartei/jeschli/default.nix
+++ b/kartei/jeschli/default.nix
@@ -1,12 +1,12 @@
-with import ../../lib;
-{ config, ... }: let
-
+{ config, lib, ... }: let
+ inherit (lib) flip mapAttrs optionalAttrs recursiveUpdate;
+ slib = import ../../lib/pure.nix { inherit lib;