lbailly/config-perso
1
0
Fork 0
Code Pull requests Projects Releases Packages Activity

Compare commits

base: lbailly:ea6b74a71c85d2c906420b2d185dc507380b4fb6
Branches Tags
lbailly:master
lbailly:zulip
lbailly:traque
lbailly:config_bocal_interq
...
compare: lbailly:063d092de962bc9af98147871eaf952e2235e0b9
Branches Tags
lbailly:master
lbailly:zulip
lbailly:traque
lbailly:config_bocal_interq

2 commits
ea6b74a71c ... 063d092de9

Author SHA1 Message Date
catvayor
063d092de9
new proxies config logic 2024-10-20 21:18:50 +02:00
catvayor
f5115525c2
npins update 2024-10-20 21:18:50 +02:00
18 changed files with 311 additions and 403 deletions
Show stats Expand all files Collapse all files

234
domain-proxies-module.nix
View file

@ -1,234 +0,0 @@
{ lib, config, ... }:
with lib;
let
vm-module = {
options = {
ip = mkOption { type = types.str; };
ssh = mkOption {
type = types.nullOr types.ints.unsigned;
default = null;
};
aliases = mkOption {
type = types.listOf types.str;
default = [ ];
};
port-forward = mkOption {
type = types.listOf types.ints.unsigned;
default = [ ];
};
};
};
hypervisor-module =
{ config, name, ... }:
{
options = {
ip = mkOption { type = types.str; };
host = mkOption { type = types.str; };
vms = mkOption { type = types.attrsOf (types.submodule vm-module); };
port-forward = mkOption {
type = types.listOf types.ints.unsigned;
default = [ ];
};
domain-list = mkOption {
type = types.listOf types.str;
internal = true;
readOnly = true;
};
ports = mkOption {
type = types.listOf types.ints.unsigned;
internal = true;
readOnly = true;
};
redirects = mkOption {
type = types.unspecified;
internal = true;
readOnly = true;
};
};
config = rec {
domain-list = flatten (
mapAttrsToList (main: vm: [
main
vm.aliases
]) config.vms
);
ports =
config.port-forward
++ flatten (mapAttrsToList (_: vm: vm.port-forward ++ optional (!isNull vm.ssh) vm.ssh) config.vms);
redirects = {
stream = flatten (
mapAttrsToList (
_: vm:
optional (!isNull vm.ssh) {
input = vm.ssh;
out = 22;
ip = vm.ip;
}
++ map (port: {
input = port;
out = port;
ip = vm.ip;
}) vm.port-forward
) config.vms
);
http = mapAttrs (_: vm: { inherit (vm) ip aliases; }) config.vms;
domain-list = domain-list;
};
};
};
entry-module =
{ config, name, ... }:
{
options = {
host = mkOption { type = types.str; };
hypervisors = mkOption { type = types.attrsOf (types.submodule hypervisor-module); };
redirects = mkOption {
type = types.unspecified;
internal = true;
readOnly = true;
};
hosts-redirects = mkOption {
type = types.unspecified;
internal = true;
readOnly = true;
};
};
config = rec {
redirects = {
stream = flatten (
mapAttrsToList (
_: hyp:
map (port: {
input = port;
out = port;
ip = hyp.ip;
}) hyp.ports
) config.hypervisors
);
http = mapAttrs (_: hyp: {
ip = hyp.ip;
aliases = hyp.domain-list;
}) config.hypervisors;
domain-list = flatten (
mapAttrsToList (fqdn: hyp: [ fqdn ] ++ hyp.redirects.domain-list) config.hypervisors
);
};
hosts-redirects =
mergeAttrs
(listToAttrs (
mapAttrsToList (main: hyp: {
name = hyp.host;
value = {
fqdn = main;
inherit (hyp.redirects) stream http domain-list;
};
}) config.hypervisors
))
{
${config.host} = {
fqdn = name;
inherit (redirects) stream http domain-list;
};
};
};
};
cfg = config.kat-proxies;
hosts-redirects = zipAttrsWith (_: vals: mergeAttrsList vals) (
mapAttrsToList (_: entry: entry.hosts-redirects) cfg.entries
);
hostname = config.networking.hostName;
redirects = hosts-redirects.${hostname};
in
{
options.kat-proxies = {
enable = mkEnableOption "nginx configuration of proxies";
entries = mkOption { type = types.attrsOf (types.submodule entry-module); };
internal-webroot = mkOption { type = types.package; };
};
config = mkIf cfg.enable {
security.acme.certs.${redirects.fqdn}.extraDomainNames = redirects.domain-list;
networking.firewall.allowedTCPPorts = [
80
443
] ++ map ({ input, ... }: input) redirects.stream;
services.nginx = {
enable = true;
virtualHosts =
mapAttrs (
_:
{ aliases, ip }:
{
useACMEHost = redirects.fqdn;
forceSSL = true;
acmeFallbackHost = ip;
acmeFallbackRecommendedProxySettings = true;
serverAliases = aliases;
locations = {
"/.${hostname}" = {
extraConfig = ''
internal;
error_page 404 =418 /.${hostname}/error/418.html;
'';
root = cfg.internal-webroot;
};
"/" = {
recommendedProxySettings = true;
proxyPass = "https://${ip}/";
extraConfig = ''
proxy_set_header Connection ''';
proxy_http_version 1.1;
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
error_page 502 =599 "/.${hostname}/error/599.html";
'';
};
};
}
) redirects.http
// {
${redirects.fqdn} = {
default = true;
enableACME = true;
addSSL = true;
locations = {
"/.${hostname}" = {
extraConfig = ''
internal;
error_page 404 =418 /.${hostname}/error/418.html;
'';
root = cfg.internal-webroot;
};
"/" = {
extraConfig = ''
return 418;
error_page 418 =418 /.${hostname}/error/418.html;
'';
};
};
};
};
streamConfig = concatStringsSep "\n" (
map (
{
input,
ip,
out,
}:
''
server {
listen ${toString input};
listen [::]:${toString input};
proxy_pass ${ip}:${toString out};
}
''
) redirects.stream
);
};
};
}

42
domain-proxies.nix
View file

@ -1,42 +0,0 @@
{
kat-proxies.entries = {
"watcher.katvayor.net" = {
host = "kat-watcher";
hypervisors."manah.katvayor.net" = {
host = "kat-manah";
ip = "10.42.0.1";
port-forward = [ 9000 9500 ];
vms = {
"degette.katvayor.net" = {
ssh = 22000;
ip = "192.168.122.2";
aliases = [ ];
};
"betamail.katvayor.net" = {
ssh = 22002;
ip = "192.168.122.3";
aliases = [ "catvayor.sh" ];
port-forward = [
25
465
993
];
};
"son.katvayor.net" = {
ssh = null;
ip = "192.168.122.5";
aliases = [ ];
};
"orchid.katvayor.net" = {
ssh = 22042;
ip = "192.168.122.6";
aliases = [
"simply-wise.fr"
"www.simply-wise.fr"
];
};
};
};
};
};
}

8
hive.nix
View file

@ -33,8 +33,6 @@ in
./kat
"${sources.home-manager}/nixos"
"${sources.disko}/module.nix"
./domain-proxies-module.nix
./domain-proxies.nix
];
networking.hostName = name;
};
@ -59,6 +57,7 @@ in
{
deployment.targetHost = "manah.kat";
services.openssh.enable = true;
kat.fqdn = "manah.katvayor.net";
imports = [
./machines/kat-manah
];
@ -69,6 +68,7 @@ in
{
deployment.targetHost = "watcher.kat";
services.openssh.enable = true;
kat.fqdn = "watcher.katvayor.net";
imports = [
./machines/kat-watcher
];
@ -84,6 +84,7 @@ in
services.openssh.enable = true;
services.qemuGuest.enable = true;
boot.kernelParams = [ "console=ttyS0" ];
kat.fqdn = "degette.katvayor.net";
imports = [
./machines/kat-virt
@ -104,6 +105,7 @@ in
services.openssh.enable = true;
services.qemuGuest.enable = true;
boot.kernelParams = [ "console=ttyS0" ];
kat.fqdn = "betamail.katvayor.net";
imports = [
./machines/kat-mail-test
@ -121,6 +123,7 @@ in
services.openssh.enable = true;
services.qemuGuest.enable = true;
boot.kernelParams = [ "console=ttyS0" ];
kat.fqdn = "son.katvayor.net";
imports = [
./machines/kat-son
];
@ -136,6 +139,7 @@ in
services.openssh.enable = true;
services.qemuGuest.enable = true;
boot.kernelParams = [ "console=ttyS0" ];
kat.fqdn = "orchid.katvayor.net";
imports = [
./machines/kat-orchid
];

4
kat/default.nix
View file

@ -8,12 +8,16 @@ with lib;
{
imports = [
./users
./proxies
./root.nix
];
options.kat = {
wireguardPubKey = mkOption {
type = types.str;
};
fqdn = mkOption {
type = types.str;
};
path = mkOption {
readOnly = true;
type = types.path;

2
machines/kat-watcher/error/418.html → kat/proxies/418.html
View file

@ -14,7 +14,7 @@
<div role="contentinfo" align="center">
<small>Crédit à <a href="https://http.cat">http.cat</a> pour l'image.</small>
<br/>
<small>Error in watcher.</small>
<small>Error in config.hostname.</small>
</div>
</body>
</html>

4
machines/kat-watcher/error/599.html → kat/proxies/599.html
View file

@ -9,13 +9,13 @@
<div role="main" align="center">
<h1>599 Network Connect Timeout Error</h1>
<img src="https://http.cat/599.jpg"/>
<p>Le contact avec l'hyperviseur n'a pas pu se faire.</p>
<p>Il y a eu un problème de connection dans une redirection.</p>
<hr />
</div>
<div role="contentinfo" align="center">
<small>Crédit à <a href="https://http.cat">http.cat</a> pour l'image.</small>
<br/>
<small>Error in watcher.</small>
<small>Error in config.hostname.</small>
</div>
</body>
</html>

224
kat/proxies/default.nix Normal file
View file

@ -0,0 +1,224 @@
{
pkgs,
lib,
config,
nodes ? { },
...
}:
with lib;
let
redirected-ports-mod.options = {
external = mkOption {
type = types.port;
};
internal = mkOption {
type = types.port;
};
};
redirection-port-type = types.coercedTo types.port (port: {
external = port;
internal = port;
}) (types.submodule redirected-ports-mod);
fqdn = config.kat.fqdn;
hostname = config.networking.hostName;
cfg = config.kat.proxies;
error-webroot = pkgs.runCommand "${hostname}-error-webroot" { } ''
mkdir $out
cp ${./418.html} $out/418.html
cp ${./599.html} $out/599.html
substituteInPlace $out/* \
--replace-fail 'config.hostname' "${hostname}"
'';
redirections =
lib.fold
(a: b: {
domains = a.domains ++ b.domains;
tcp = a.tcp ++ b.tcp;
udp = a.udp ++ b.udp;
vhosts = a.vhosts // b.vhosts;
})
{
domains = [ ];
tcp = [ ];
udp = [ ];
vhosts = { };
}
(
map (
host:
let
fqdn = nodes.${host}.config.kat.fqdn;
host-cfg = nodes.${host}.config.kat.proxies;
in
{
domains = [ fqdn ] ++ host-cfg.aliases;
tcp = map (
{ external, internal }:
{
input = external;
ip = host-cfg.ip;
out = internal;
}
) host-cfg.open-tcp;
udp = map (
{ external, internal }:
{
input = external;
ip = host-cfg.ip;
out = internal;
}
) host-cfg.open-udp;
vhosts.${fqdn} = {
ip = host-cfg.ip;
aliases = host-cfg.aliases;
};
}
) cfg.redirects
);
in
{
options.kat.proxies = {
enable = mkEnableOption "kat-proxies autoconfiguration" // {
default = cfg.redirects != [ ];
defaultText = ''config.kat.proxies.redirects != [ ]'';
};
ip = mkOption {
type = types.str;
};
aliases = mkOption {
type = types.listOf types.str;
default = [ ];
};
open-tcp = mkOption {
type = types.listOf redirection-port-type;
default = [ ];
};
open-udp = mkOption {
type = types.listOf redirection-port-type;
default = [ ];
};
redirects = mkOption {
type = types.listOf types.str;
default = [ ];
};
test = mkOption {
type = types.raw;
};
};
config = mkIf cfg.enable {
kat.proxies = {
test = redirections;
aliases = redirections.domains;
open-tcp = map ({ input, ... }: input) redirections.tcp;
open-udp = map ({ input, ... }: input) redirections.udp;
};
networking.firewall = {
allowedTCPPorts = [
80
443
] ++ map ({ internal, ... }: internal) cfg.open-tcp;
allowedUDPPorts = map ({ internal, ... }: internal) cfg.open-udp;
};
security.acme.certs.${fqdn}.extraDomainNames = cfg.aliases;
services.nginx = {
enable = true;
virtualHosts =
mapAttrs (
_:
{ aliases, ip }:
{
useACMEHost = fqdn;
forceSSL = true;
acmeFallbackHost = ip;
acmeFallbackRecommendedProxySettings = true;
serverAliases = aliases;
locations = {
"/.${hostname}/" = {
extraConfig = ''
internal;
error_page 404 =418 /.${hostname}/418.html;
'';
alias = "${error-webroot}/";
};
"/" = {
recommendedProxySettings = true;
proxyPass = "https://${ip}/";
extraConfig = ''
proxy_set_header Connection ''';
proxy_http_version 1.1;
chunked_transfer_encoding off;
proxy_buffering off;
proxy_cache off;
error_page 502 =599 "/.${hostname}/599.html";
'';
};
};
}
) redirections.vhosts
// {
${fqdn} = {
default = true;
enableACME = true;
addSSL = true;
locations = {
"/.${hostname}/" = {
extraConfig = ''
internal;
error_page 404 =418 /.${hostname}/418.html;
'';
alias = "${error-webroot}/";
};
"/" = {
extraConfig = ''
return 418;
error_page 418 =418 /.${hostname}/418.html;
'';
};
};
};
};
streamConfig = concatStringsSep "\n" (
map (
{
input,
ip,
out,
}:
''
server {
listen ${toString input};
listen [::]:${toString input};
proxy_pass ${ip}:${toString out};
}
''
) redirections.tcp
++ map (
{
input,
ip,
out,
}:
''
server {
listen ${toString input} udp;
listen [::]:${toString input} udp;
proxy_pass ${ip}:${toString out};
}
''
) redirections.udp
);
};
};
}

22
machines/kat-mail-test/default.nix
View file

@ -17,6 +17,20 @@ in
./modo.nix
];
kat.proxies = {
ip = "192.168.122.3";
aliases = [ "catvayor.sh" ];
open-tcp = [
{
internal = 22;
external = 22002;
}
25
465
993
];
};
boot.loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
@ -33,10 +47,8 @@ in
];
routes = [
{
routeConfig = {
Destination = "10.42.0.2/32";
Gateway = "192.168.122.1";
};
Destination = "10.42.0.2/32";
Gateway = "192.168.122.1";
}
];
dns = [ "192.168.122.1" ];
@ -46,7 +58,7 @@ in
address = [ "10.42.2.1/16" ];
routes = [
{
routeConfig.Gateway = "10.42.0.2";
Gateway = "10.42.0.2";
}
];
};

18
machines/kat-manah/default.nix
View file

@ -69,12 +69,18 @@
acceptTerms = true;
defaults.email = "root@katvayor.net";
};
kat-proxies = {
enable = true;
internal-webroot = pkgs.runCommand "manah" { } ''
mkdir -p $out/.kat-manah/
ln -nsf ${./error} $out/.kat-manah/error
'';
kat.proxies = {
ip = "10.42.0.1";
open-tcp = [
9000
9500
];
redirects = [
"kat-orchid"
"kat-son"
"kat-virt"
"kat-mail-test"
];
};
services.weechat = {

20
machines/kat-manah/error/418.html
View file

@ -1,20 +0,0 @@
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="utf-8">
<meta name="color-scheme" content="light dark">
<title>418 Im a teapot</title>
</head>
<body align="center">
<div role="main" align="center">
<h1>418 Im a teapot</h1>
<img src="https://http.cat/418.jpg"/>
<hr />
</div>
<div role="contentinfo" align="center">
<small>Crédit à <a href="https://http.cat">http.cat</a> pour l'image.</small>
<br/>
<small>Error in manah.</small>
</div>
</body>
</html>

21
machines/kat-manah/error/599.html
View file

@ -1,21 +0,0 @@
<!DOCTYPE html>
<html lang="fr">
<head>
<meta charset="utf-8">
<meta name="color-scheme" content="light dark">
<title>599 Network Connect Timeout Error</title>
</head>
<body align="center">
<div role="main" align="center">
<h1>599 Network Connect Timeout Error</h1>
<img src="https://http.cat/599.jpg"/>
<p>Le contact avec la vm n'a pas pu se faire.</p>
<hr />
</div>
<div role="contentinfo" align="center">
<small>Crédit à <a href="https://http.cat">http.cat</a> pour l'image.</small>
<br/>
<small>Error in manah.</small>
</div>
</body>
</html>

19
machines/kat-orchid/default.nix
View file

@ -16,6 +16,21 @@
efi.canTouchEfiVariables = true;
};
kat.proxies = {
ip = "192.168.122.6";
aliases = [
"simply-wise.fr"
"www.simply-wise.fr"
];
open-tcp = [
{
internal = 22;
external = 22042;
}
];
};
systemd.network.enable = lib.mkForce false;
networking = {
useNetworkd = lib.mkForce false;
interfaces."enp1s0" = {
@ -87,7 +102,9 @@
};
services.wordpress = {
webserver = "nginx";
sites."orchid.katvayor.net" = { };
sites."orchid.katvayor.net" = {
themes = { inherit (pkgs.wordpressPackages.themes) twentytwentythree; };
};
};
fileSystems."/home/orchid/content/www" = {
device = "/srv/orchid";

3
machines/kat-son/default.nix
View file

@ -15,6 +15,9 @@
efi.canTouchEfiVariables = true;
};
kat.proxies.ip = "192.168.122.5";
systemd.network.enable = lib.mkForce false;
networking = {
useNetworkd = lib.mkForce false;
interfaces."enp1s0" = {

11
machines/kat-virt/default.nix
View file

@ -12,6 +12,17 @@
efi.canTouchEfiVariables = true;
};
kat.proxies = {
ip = "192.168.122.2";
open-tcp = [
{
internal = 22;
external = 22000;
}
];
};
systemd.network.enable = lib.mkForce false;
networking = {
useNetworkd = lib.mkForce false;
interfaces."enp1s0" = {

8
machines/kat-watcher/default.nix
View file

@ -100,13 +100,7 @@
acceptTerms = true;
defaults.email = "root@katvayor.net";
};
kat-proxies = {
enable = true;
internal-webroot = pkgs.runCommand "watcher" { } ''
mkdir -p $out/.kat-watcher/
ln -nsf ${./error} $out/.kat-watcher/error
'';
};
kat.proxies.redirects = [ "kat-manah" ];
environment.systemPackages = with pkgs; [ tcpdump ];

24
npins/sources.json
View file

@ -10,10 +10,10 @@
"pre_releases": false,
"version_upper_bound": null,
"release_prefix": null,
"version": "v1.7.0",
"revision": "e55f9a8678adc02024a4877c2a403e3f6daf24fe",
"url": "https://api.github.com/repos/nix-community/disko/tarball/v1.7.0",
"hash": "16zjxysjhk3sgd8b4x5mvx9ilnq35z3zfpkv1la33sqkr8xh1amn"
"version": "v1.8.2",
"revision": "0a97c6683ecb8d92ab0ce4c3c39e896e4a3fe388",
"url": "https://api.github.com/repos/nix-community/disko/tarball/v1.8.2",
"hash": "1xivgibk1fa07z4xqxpyha6yyb0pmahf52caf1kgh8zxr231ai1v"
},
"home-manager": {
"type": "Git",
@ -23,9 +23,9 @@
"repo": "home-manager"
},
"branch": "master",
"revision": "a9c9cc6e50f7cbd2d58ccb1cd46a1e06e9e445ff",
"url": "https://github.com/nix-community/home-manager/archive/a9c9cc6e50f7cbd2d58ccb1cd46a1e06e9e445ff.tar.gz",
"hash": "1cxp9rgczr4rhhx1klwcr7a61khizq8hv63gvmy9gfsx7fp4h60a"
"revision": "fe56302339bb28e3471632379d733547caec8103",
"url": "https://github.com/nix-community/home-manager/archive/fe56302339bb28e3471632379d733547caec8103.tar.gz",
"hash": "12j7h79lb17pysqqq4ixi92y3h07nvv9ymhmysr6hqiwwpaadn8f"
},
"nix-patches": {
"type": "GitRelease",
@ -49,9 +49,9 @@
"repo": "nixos-images"
},
"branch": "main",
"revision": "770a010bb738cd1bfdda39ec78941624f4bd986b",
"url": "https://github.com/nix-community/nixos-images/archive/770a010bb738cd1bfdda39ec78941624f4bd986b.tar.gz",
"hash": "02klkvp2vi10klcap9pd18lvcpi4lwzrw0hqwz3v0125aggn1vv1"
"revision": "3103f26e0631a543963c03c583f03fd42fd9d51a",
"url": "https://github.com/nix-community/nixos-images/archive/3103f26e0631a543963c03c583f03fd42fd9d51a.tar.gz",
"hash": "0as4f6px5dn465v2ndcw42w0hb8rnz4an9ijwlskdsmcdycf0qil"
},
"nixos-mailserver": {
"type": "GitRelease",
@ -71,8 +71,8 @@
"nixpkgs": {
"type": "Channel",
"name": "nixpkgs-unstable",
"url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre681909.039b72d0c738/nixexprs.tar.xz",
"hash": "0c3q85wfgp0v7hhbv7yv7g9xhijrfi6167lkdli6wqkp66v7fw7r"
"url": "https://releases.nixos.org/nixpkgs/nixpkgs-24.11pre694416.ccc0c2126893/nixexprs.tar.xz",
"hash": "0cn1z4wzps8nfqxzr6l5mbn81adcqy2cy2ic70z13fhzicmxfsbx"
}
},
"version": 3

9
patches/default.nix
View file

@ -4,15 +4,6 @@ rec {
_type = "static";
path = ./nginx-fallback.patch;
}
{
_type = "static";
path = ./wordpress.patch;
}
{
_type = "commit";
sha = "94c62f5036e7744247309cf5a11847e1168ac289";
hash = "sha256-KcL2mHLea+xmRBE+clDzeAOo66hq5wr9EcN3ox/MnFg=";
}
];
betamail = unstable ++ [
{

41
patches/wordpress.patch
View file

@ -1,41 +0,0 @@
From 17adba609667be944255ca358fa97964589894ae Mon Sep 17 00:00:00 2001
From: catvayor <catvayor@katvayor.net>
Date: Thu, 19 Sep 2024 16:55:46 +0200
Subject: [PATCH] =?UTF-8?q?wordpress:=20don=E2=80=99t=20use=20lib.escapeSh?=
=?UTF-8?q?ellArg?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
nixos/modules/services/web-apps/wordpress.nix | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/nixos/modules/services/web-apps/wordpress.nix b/nixos/modules/services/web-apps/wordpress.nix
index ea771c358814..700bee191b9d 100644
--- a/nixos/modules/services/web-apps/wordpress.nix
+++ b/nixos/modules/services/web-apps/wordpress.nix
@@ -73,15 +73,17 @@ let
checkPhase = "${pkgs.php}/bin/php --syntax-check $target";
};
+ toPhpString = s: "'${escape [ "'" "\\" ] s}'";
+
mkPhpValue = v: let
isHasAttr = s: isAttrs v && hasAttr s v;
in
- if isString v then escapeShellArg v
+ if isString v then toPhpString v
# NOTE: If any value contains a , (comma) this will not get escaped
- else if isList v && any lib.strings.isCoercibleToString v then escapeShellArg (concatMapStringsSep "," toString v)
+ else if isList v && any lib.strings.isCoercibleToString v then toPhpString (concatMapStringsSep "," toString v)
else if isInt v then toString v
else if isBool v then boolToString v
- else if isHasAttr "_file" then "trim(file_get_contents(${lib.escapeShellArg v._file}))"
+ else if isHasAttr "_file" then "trim(file_get_contents(${lib.toPhpString v._file}))"
else if isHasAttr "_raw" then v._raw
else abort "The Wordpress config value ${lib.generators.toPretty {} v} can not be encoded."
;
--
2.46.0