feat(nix-lib): Rename dgn-lib to lib.extra

2023-10-04 09:23:48 +02:00 · 2023-10-04 09:23:48 +02:00 · 86129fb971
commit 86129fb971
parent 143bc82d3e
10 changed files with 136 additions and 41 deletions
--- a/hive.nix
+++ b/hive.nix
@ -4,28 +4,29 @@ let
  lib = import (sources.nix-lib + "/src/trivial.nix");
-  mkNode = node: { name, nodes, ... }: {
+  mkNode = node:
-    # Import the base configuration for each node
+    { name, nodes, pkgs, ... }: {
-    imports = builtins.map (lib.mkRel ./machines/${node}) [
+      # Import the base configuration for each node
-      "_configuration.nix"
+      imports = builtins.map (lib.mkRel ./machines/${node}) [
-      "_hardware-configuration.nix"
+        "_configuration.nix"
-    ];
+        "_hardware-configuration.nix"
      ];
-    # Include default secrets
+      # Include default secrets
-    dgn-secrets.sources = [ ./machines/${node}/secrets ];
+      dgn-secrets.sources = [ ./machines/${node}/secrets ];
-    # Deployment config is specified in meta.nodes.${node}.deployment
+      # Deployment config is specified in meta.nodes.${node}.deployment
-    inherit (metadata.nodes.${node}) deployment;
+      inherit (metadata.nodes.${node}) deployment;
-    # Set NIX_PATH to the patched version of nixpkgs
+      # Set NIX_PATH to the patched version of nixpkgs
-    nix.nixPath = [ "nixpkgs=${mkNixpkgs node}" ];
+      nix.nixPath = [ "nixpkgs=${mkNixpkgs node}" ];
-    # Allow unfree packages
+      # Allow unfree packages
-    nixpkgs.config.allowUnfree = true;
+      nixpkgs.config.allowUnfree = true;
-    # Use the stateVersion declared in the metadata
+      # Use the stateVersion declared in the metadata
-    system = { inherit (metadata.nodes.${node}) stateVersion; };
+      system = { inherit (metadata.nodes.${node}) stateVersion; };
-  };
+    };
  mkNixpkgs = node:
    let
@ -42,23 +43,36 @@ let
  mkNixpkgs' = node: import (mkNixpkgs node) { };
-  mkArgs = node: {
+  ###
-    dgn-lib = import sources.nix-lib { inherit ((mkNixpkgs' node)) lib; keysRoot = ./keys; metaRoot = ./meta; };
+  # Function to create arguments based on the node
-  };
+  #
  mkArgs = node:
    let lib' = (mkNixpkgs' node).lib;
    in {
      lib = lib' // {
        extra = import sources.nix-lib {
          lib = lib';
          keysRoot = ./keys;
          metaRoot = ./meta;
        };
      };
    };
  nodes = builtins.attrNames metadata.nodes;
 in
-{
+in {
  meta = {
    nodeNixpkgs = lib.mapSingleFuse mkNixpkgs' nodes;
-    specialArgs = { inherit sources; meta = metadata; };
+    specialArgs = {
      inherit sources;
      meta = metadata;
    };
    nodeSpecialArgs = lib.mapSingleFuse mkArgs nodes;
  };
-  defaults = { ... }: {
+  defaults = { pkgs, ... }: {
    # Import the default modules
    imports = [ ./modules ];
  };
--- a/machines/compute01/_configuration.nix
+++ b/machines/compute01/_configuration.nix
@ -1,6 +1,6 @@
-{ dgn-lib, ... }:
+{ lib, ... }:
-dgn-lib.mkConfig {
+lib.extra.mkConfig {
  enabledModules = [
    # List of modules to enable
    "dgn-dns"
--- a/machines/storage01/_configuration.nix
+++ b/machines/storage01/_configuration.nix
@ -1,6 +1,6 @@
-{ dgn-lib, ... }:
+{ lib, ... }:
-dgn-lib.mkConfig {
+lib.extra.mkConfig {
  enabledModules = [
    # List of modules to enable
    "dgn-web"
--- a/machines/web01/_configuration.nix
+++ b/machines/web01/_configuration.nix
@ -1,6 +1,6 @@
-{ dgn-lib, ... }:
+{ lib, ... }:
-dgn-lib.mkConfig {
+lib.extra.mkConfig {
  enabledModules = [
    # List of modules to enable
    "dgn-web"
--- a/modules/default.nix
+++ b/modules/default.nix
@ -31,10 +31,10 @@
 #  pris connaissance de la licence CeCILL, et que vous en avez accepté les
 #  termes.
-{ dgn-lib, sources, ... }:
+{ lib, sources, ... }:
 {
-  imports = (dgn-lib.mkImports ./. [
+  imports = (lib.extra.mkImports ./. [
    "dgn-access-control"
    "dgn-acme"
    "dgn-console"
--- a/modules/dgn-access-control.nix
+++ b/modules/dgn-access-control.nix
@ -31,7 +31,7 @@
 #  pris connaissance de la licence CeCILL, et que vous en avez accepté les
 #  termes.
-{ config, lib, dgn-lib, meta, name, ... }:
+{ config, lib, meta, name, ... }:
 let
  inherit (lib)
@ -73,7 +73,7 @@ in
    dgn-access-control.users.root = mkDefault admins;
    users.users = builtins.mapAttrs
-      (u: members: { openssh.authorizedKeys.keys = dgn-lib.getAllKeys members; })
+      (u: members: { openssh.authorizedKeys.keys = lib.extra.getAllKeys members; })
      cfg.users;
  };
 }
--- a/modules/dgn-dns/zones/_dgnum.eu.nix
+++ b/modules/dgn-dns/zones/_dgnum.eu.nix
@ -1,7 +1,7 @@
-{ dgn-lib, meta, dns, ... }:
+{ lib, meta, dns, ... }:
 let
-  inherit (dgn-lib)
+  inherit (lib.extra)
    fuseAttrs
    mapSingleFuse;
--- a/modules/dgn-dns/zones/default.nix
+++ b/modules/dgn-dns/zones/default.nix
@ -1,7 +1,7 @@
-args@{ dgn-lib, dns, ... }:
+args@{ lib, dns, ... }:
 let
-  inherit (dgn-lib)
+  inherit (lib.extra)
    mapSingleFuse
    mkRel
    recursiveFuse;
--- a/modules/dgn-fail2ban.nix
+++ b/modules/dgn-fail2ban.nix
@ -0,0 +1,81 @@
 { config, lib, pkgs, ... }:
 let
  inherit (lib)
    mkDefault mkEnableOption mkIf mkOption
    types;
  cfg = config.dgn-fail2ban;
  settingsFormat = pkgs.formats.keyValue { };
  configFormat = pkgs.formats.ini { };
  jailOptions = {
    options = {
      enabled = mkOption {
        type = types.bool;
        default = true;
        description = "Wether to enable this jail.";
      };
      filter = mkOption {
        type =
          types.nullOr (types.submodule { freeformType = configFormat.type; });
        description = "Content of the filter used for this jail.";
      };
      settings = mkOption {
        type = types.submodule { freeformType = settingsFormat.type; };
        default = { };
        description = "Additional configuration for the jail.";
      };
    };
  };
 in {
  options.dgn-fail2ban = {
    enable = mkEnableOption "fail2ban service.";
    jails = mkOption {
      type = types.attrsOf (types.submodule jailOptions);
      default = { };
      description = "Set of jails defined for fail2ban.";
    };
  };
  config = mkIf cfg.enable {
    dgn-fail2ban.jails = builtins.mapAttrs (_: j: j // { enabled = mkDefault false; })
      (import ./jails.nix { });
    services.fail2ban = {
      enable = true;
      inherit (cfg) jails;
      ignoreIP = [
        "10.0.0.0/8"
        "125.199.0.0/16"
        "172.16.0.0/12"
        "192.168.0.0/16"
        "100.64.0.0/10"
        "fd00::/8"
      ];
      bantime-increment = {
        enable = true;
        maxtime = "48h";
        factor = "600";
      };
      extraPackages = [ pkgs.ipset ];
      banaction = "iptables-ipset-proto6-allports";
    };
  };
 }
--- a/modules/dgn-secrets.nix
+++ b/modules/dgn-secrets.nix
@ -31,7 +31,7 @@
 #  pris connaissance de la licence CeCILL, et que vous en avez accepté les
 #  termes.
-{ config, lib, dgn-lib, ... }:
+{ config, lib, ... }:
 let
  inherit (lib)
@ -39,7 +39,7 @@ let
    types;
-  inherit (dgn-lib) getSecrets mkBaseSecrets recursiveFuse;
+  inherit (lib.extra) getSecrets mkBaseSecrets recursiveFuse;
  cfg = config.dgn-secrets;
@ -92,7 +92,7 @@ in {
    names = mkOption {
      type = with types; listOf str;
-      default = builtins.foldl' (acc: dir: acc ++ (dgn-lib.getSecrets dir)) [ ]
+      default = builtins.foldl' (acc: dir: acc ++ (getSecrets dir)) [ ]
        cfg.sources;
      description = ''
        List of the names of the secrets.