2024-12-15 16:19:19 +01:00
|
|
|
{
|
|
|
|
|
lib,
|
|
|
|
|
sources,
|
|
|
|
|
pkgs,
|
|
|
|
|
...
|
|
|
|
|
}:
|
|
|
|
|
let
|
|
|
|
|
inherit (lib)
|
|
|
|
|
concatStringsSep
|
2025-01-07 11:27:06 +01:00
|
|
|
mkOption
|
2024-12-15 16:19:19 +01:00
|
|
|
;
|
|
|
|
|
inherit (lib.types)
|
|
|
|
|
attrsOf
|
2025-01-07 11:27:06 +01:00
|
|
|
bool
|
2024-12-15 16:19:19 +01:00
|
|
|
enum
|
2025-01-07 11:27:06 +01:00
|
|
|
listOf
|
2025-01-06 15:29:31 +01:00
|
|
|
nullOr
|
2025-01-07 11:27:06 +01:00
|
|
|
path
|
2025-01-06 15:29:31 +01:00
|
|
|
str
|
2025-01-07 11:27:06 +01:00
|
|
|
submodule
|
|
|
|
|
unspecified
|
2024-12-15 16:19:19 +01:00
|
|
|
;
|
|
|
|
|
|
|
|
|
|
machine_meta =
|
|
|
|
|
{ config, ... }:
|
|
|
|
|
{
|
|
|
|
|
options = {
|
|
|
|
|
version = mkOption {
|
|
|
|
|
type = enum [
|
|
|
|
|
"stable"
|
|
|
|
|
"unstable"
|
|
|
|
|
];
|
|
|
|
|
};
|
|
|
|
|
patches = mkOption {
|
|
|
|
|
type = listOf path;
|
|
|
|
|
default = [ ];
|
|
|
|
|
};
|
|
|
|
|
overlay-paths = mkOption {
|
|
|
|
|
type = listOf path;
|
|
|
|
|
default = [ ];
|
|
|
|
|
# /!\ Take care of imported files
|
|
|
|
|
};
|
2025-01-06 15:29:31 +01:00
|
|
|
|
|
|
|
|
wg-key = mkOption {
|
|
|
|
|
type = nullOr str;
|
|
|
|
|
default = null;
|
|
|
|
|
};
|
|
|
|
|
vpn-ip4 = mkOption {
|
|
|
|
|
type = nullOr str;
|
|
|
|
|
default = null;
|
|
|
|
|
};
|
2025-01-07 11:27:06 +01:00
|
|
|
vpn-hub = mkOption {
|
|
|
|
|
type = bool;
|
|
|
|
|
default = false;
|
|
|
|
|
description = ''
|
|
|
|
|
Peering with a hub should give access to all subnets,
|
|
|
|
|
while hubs are the only points with multiple peers.
|
|
|
|
|
Non hub peers with all hub, and vice-versa.
|
|
|
|
|
TODO: multiple hubs ?
|
|
|
|
|
'';
|
|
|
|
|
};
|
2025-01-06 15:29:31 +01:00
|
|
|
subnets = mkOption {
|
|
|
|
|
type = listOf str;
|
|
|
|
|
default = [ ];
|
|
|
|
|
};
|
|
|
|
|
fqdn = mkOption {
|
|
|
|
|
type = nullOr str;
|
|
|
|
|
default = null;
|
|
|
|
|
};
|
|
|
|
|
|
2024-12-15 16:19:19 +01:00
|
|
|
node_meta = mkOption {
|
|
|
|
|
type = unspecified;
|
|
|
|
|
readOnly = true;
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
config.node_meta = rec {
|
2025-01-06 15:29:31 +01:00
|
|
|
inherit (config)
|
|
|
|
|
version
|
|
|
|
|
wg-key
|
|
|
|
|
vpn-ip4
|
2025-01-07 11:27:06 +01:00
|
|
|
vpn-hub
|
2025-01-06 15:29:31 +01:00
|
|
|
subnets
|
|
|
|
|
fqdn
|
|
|
|
|
;
|
2024-12-15 16:19:19 +01:00
|
|
|
patches = [ ./nginx-fallback.patch ] ++ config.patches;
|
2025-01-06 22:30:53 +01:00
|
|
|
overlay-paths = [
|
|
|
|
|
"${sources.kat-pkgs}/overlay.nix"
|
|
|
|
|
(pkgs.writeText "lix-overlay.nix" ''
|
|
|
|
|
import "${sources.lix-overlay}/overlay.nix" { lix = ${sources.lix}; }
|
|
|
|
|
'')
|
|
|
|
|
] ++ config.overlay-paths;
|
2024-12-15 16:19:19 +01:00
|
|
|
nixpkgs-paths = {
|
|
|
|
|
nixpkgs-src = pkgs.applyPatches {
|
|
|
|
|
src = sources."nixpkgs-${version}";
|
|
|
|
|
name = "nixpkgs-${version}-patched";
|
|
|
|
|
inherit patches;
|
|
|
|
|
};
|
|
|
|
|
nixpkgs = pkgs.writeText "nixpkgs-entry.nix" ''
|
|
|
|
|
{ overlays ? [ ], ... }@args:
|
|
|
|
|
import ${nixpkgs-paths.nixpkgs-src} (args // {
|
|
|
|
|
overlays = [
|
|
|
|
|
${concatStringsSep "\n " (map (p: "(import ${p})") overlay-paths)}
|
|
|
|
|
] ++ overlays;
|
|
|
|
|
})
|
|
|
|
|
'';
|
|
|
|
|
};
|
|
|
|
|
home-manager = "${sources."home-manager-${version}"}/nixos";
|
|
|
|
|
nixvim = import sources."nixvim-${version}";
|
|
|
|
|
};
|
|
|
|
|
};
|
|
|
|
|
in
|
|
|
|
|
{
|
|
|
|
|
options.machines = mkOption {
|
|
|
|
|
type = attrsOf (submodule machine_meta);
|
|
|
|
|
};
|
|
|
|
|
}
|
