From 6d25860b08178432a294197dd72eccaf733016d8 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Thu, 9 Jun 2022 09:40:02 -0700 Subject: ref(nix): rename lib/ to nix/ Change-Id: If1e608b89b39bd5a53a37b873833a7ea881cb418 Reviewed-on: https://cl.fcuny.net/c/world/+/298 Reviewed-by: Franck Cuny --- flake.nix | 2 +- lib/default.nix | 39 --------------------------------------- lib/private-wireguard.nix | 41 ----------------------------------------- nix/default.nix | 39 +++++++++++++++++++++++++++++++++++++++ nix/private-wireguard.nix | 41 +++++++++++++++++++++++++++++++++++++++++ 5 files changed, 81 insertions(+), 81 deletions(-) delete mode 100644 lib/default.nix delete mode 100644 lib/private-wireguard.nix create mode 100644 nix/default.nix create mode 100644 nix/private-wireguard.nix diff --git a/flake.nix b/flake.nix index edc3965..d8990da 100644 --- a/flake.nix +++ b/flake.nix @@ -30,7 +30,7 @@ # Output config, or config for NixOS system outputs = { ... }@inputs: - let lib = import ./lib { inherit inputs; }; + let lib = import ./nix { inherit inputs; }; in { nixosConfigurations = { carmel = lib.mkSystem { diff --git a/lib/default.nix b/lib/default.nix deleted file mode 100644 index 8b46c58..0000000 --- a/lib/default.nix +++ /dev/null @@ -1,39 +0,0 @@ -{ inputs }: - -{ - mkSystem = - { hostname - , system - }: - inputs.nixpkgs.lib.nixosSystem { - inherit system; - specialArgs = { - inherit inputs system hostname; - }; - modules = [ - ../modules - ../hosts/${hostname} - ./private-wireguard.nix - { - networking.hostName = hostname; - nixpkgs = { - config.allowUnfree = true; - overlays = [ - inputs.emacs-overlay.overlay - inputs.nur.overlay - (final: prev: { - tools = { - gerrit-hook = import ../tools/gerrit-hook final; - }; - }) - ]; - }; - # Add each input as a registry - nix.registry = inputs.nixpkgs.lib.mapAttrs' - (n: v: - inputs.nixpkgs.lib.nameValuePair (n) ({ flake = v; })) - inputs; - } - ]; - }; -} diff --git a/lib/private-wireguard.nix b/lib/private-wireguard.nix deleted file mode 100644 index 706dfd8..0000000 --- a/lib/private-wireguard.nix +++ /dev/null @@ -1,41 +0,0 @@ -{ lib, hostname, config, ... }: - -let - inherit (lib) mkEnableOption mkOption mkIf types; - inherit (builtins) readFile fromTOML fromJSON; - secrets = config.age.secrets; - cfg = config.networking.private-wireguard; - port = 51871; - wgcfg = fromTOML (readFile ./../configs/wireguard.toml); - allPeers = wgcfg.peers; - thisPeer = allPeers."${hostname}" or null; - otherPeers = lib.filterAttrs (n: v: n != hostname) allPeers; -in { - options.networking.private-wireguard = { - enable = mkEnableOption "Enable private wireguard vpn connection"; - }; - - config = lib.mkIf cfg.enable { - networking = { - wireguard.interfaces.wg0 = { - listenPort = port; - privateKeyFile = secrets."wireguard_privatekey".path; - ips = [ - "${wgcfg.subnet4}.${toString thisPeer.ipv4}/${toString wgcfg.mask4}" - ]; - - peers = lib.mapAttrsToList (name: peer: - { - allowedIPs = [ - "${wgcfg.subnet4}.${toString peer.ipv4}/${toString wgcfg.mask4}" - ]; - publicKey = peer.key; - } // lib.optionalAttrs (peer ? externalIp) { - endpoint = "${peer.externalIp}:${toString port}"; - } // lib.optionalAttrs (!(thisPeer ? externalIp)) { - persistentKeepalive = 10; - }) otherPeers; - }; - }; - }; -} diff --git a/nix/default.nix b/nix/default.nix new file mode 100644 index 0000000..8b46c58 --- /dev/null +++ b/nix/default.nix @@ -0,0 +1,39 @@ +{ inputs }: + +{ + mkSystem = + { hostname + , system + }: + inputs.nixpkgs.lib.nixosSystem { + inherit system; + specialArgs = { + inherit inputs system hostname; + }; + modules = [ + ../modules + ../hosts/${hostname} + ./private-wireguard.nix + { + networking.hostName = hostname; + nixpkgs = { + config.allowUnfree = true; + overlays = [ + inputs.emacs-overlay.overlay + inputs.nur.overlay + (final: prev: { + tools = { + gerrit-hook = import ../tools/gerrit-hook final; + }; + }) + ]; + }; + # Add each input as a registry + nix.registry = inputs.nixpkgs.lib.mapAttrs' + (n: v: + inputs.nixpkgs.lib.nameValuePair (n) ({ flake = v; })) + inputs; + } + ]; + }; +} diff --git a/nix/private-wireguard.nix b/nix/private-wireguard.nix new file mode 100644 index 0000000..706dfd8 --- /dev/null +++ b/nix/private-wireguard.nix @@ -0,0 +1,41 @@ +{ lib, hostname, config, ... }: + +let + inherit (lib) mkEnableOption mkOption mkIf types; + inherit (builtins) readFile fromTOML fromJSON; + secrets = config.age.secrets; + cfg = config.networking.private-wireguard; + port = 51871; + wgcfg = fromTOML (readFile ./../configs/wireguard.toml); + allPeers = wgcfg.peers; + thisPeer = allPeers."${hostname}" or null; + otherPeers = lib.filterAttrs (n: v: n != hostname) allPeers; +in { + options.networking.private-wireguard = { + enable = mkEnableOption "Enable private wireguard vpn connection"; + }; + + config = lib.mkIf cfg.enable { + networking = { + wireguard.interfaces.wg0 = { + listenPort = port; + privateKeyFile = secrets."wireguard_privatekey".path; + ips = [ + "${wgcfg.subnet4}.${toString thisPeer.ipv4}/${toString wgcfg.mask4}" + ]; + + peers = lib.mapAttrsToList (name: peer: + { + allowedIPs = [ + "${wgcfg.subnet4}.${toString peer.ipv4}/${toString wgcfg.mask4}" + ]; + publicKey = peer.key; + } // lib.optionalAttrs (peer ? externalIp) { + endpoint = "${peer.externalIp}:${toString port}"; + } // lib.optionalAttrs (!(thisPeer ? externalIp)) { + persistentKeepalive = 10; + }) otherPeers; + }; + }; + }; +} -- cgit 1.4.1