lib
This commit is contained in:
parent
01c381276b
commit
17ee5aada8
52
flake.nix
52
flake.nix
@ -230,50 +230,6 @@
|
||||
];
|
||||
};
|
||||
# TODO: move this to a file or separate flake
|
||||
mkReport = extra-modules: domain: system: inputs: stateVersion: modules: hostname: let
|
||||
nixos = mkConfig extra-modules domain system inputs stateVersion modules hostname;
|
||||
cfg = nixos.config;
|
||||
inherit (nixos.pkgs) lib;
|
||||
# TODO: make it work, is it faster?
|
||||
#inherit (inputs.nixpkgs.legacyPackages.${system}) lib;
|
||||
#nixos = lib.evalModules { modules = [ (mkModule (extra-modules ++ { _module.check = false; }) domain system inputs stateVersion modules hostname) ]; };
|
||||
#cfg = nixos.config;
|
||||
in {
|
||||
inherit system; # TODO: cross system
|
||||
inherit (cfg.boot.binfmt) emulatedSystems;
|
||||
#inherit (cfg.system.build.toplevel) outPath;
|
||||
inherit (cfg.networking) fqdn;
|
||||
inherit (cfg.networking.firewall) allowedTCPPorts allowedUDPPorts;
|
||||
buildMachines = lib.forEach cfg.nix.buildMachines (buildMachine: "${buildMachine.sshUser}@${buildMachine.hostName}");
|
||||
users = lib.pipe cfg.users.users [
|
||||
(lib.filterAttrs (uname: user: user.isNormalUser))
|
||||
(builtins.mapAttrs (uname: user: {
|
||||
inherit (user) home;
|
||||
authorizedKeys = lib.forEach user.openssh.authorizedKeys.keys (key: builtins.concatStringsSep " " (
|
||||
lib.take
|
||||
(lib.length (lib.splitString " " key))
|
||||
[
|
||||
(builtins.elemAt (lib.splitString " " key) 0)
|
||||
"..."
|
||||
(builtins.elemAt (lib.splitString " " key) 2)
|
||||
]
|
||||
));
|
||||
}))
|
||||
];
|
||||
nix-system-features = cfg.nix.settings.system-features;
|
||||
bootloader = if cfg.boot.loader.grub.enable then "grub"
|
||||
else if cfg.boot.loader.systemd-boot.enable then "systemd-boot"
|
||||
else null;
|
||||
mounts = lib.pipe cfg.fileSystems [
|
||||
(lib.filterAttrs (mount: fs: fs.fsType != "nfs"))
|
||||
(lib.mapAttrs (mount: fs: "${fs.fsType}://${fs.device}"))
|
||||
];
|
||||
} // lib.optionalAttrs cfg.services.nginx.enable {
|
||||
nginx-vhosts = lib.pipe cfg.services.nginx.virtualHosts [
|
||||
#(lib.filterAttrs (domain: vhost: )
|
||||
(lib.mapAttrs (domain: vhost: vhost.serverAliases or []))
|
||||
];
|
||||
};
|
||||
mkHosts = mk: let
|
||||
ls = imports: { inherit imports; };
|
||||
hw = nixos-hardware.nixosModules;
|
||||
@ -318,15 +274,11 @@
|
||||
in {
|
||||
inputs = inputs';
|
||||
|
||||
lib = {
|
||||
# pass
|
||||
} // forAllSystems ({ system, ... }: {
|
||||
# pass
|
||||
});
|
||||
lib = import ./lib.nix { inputs = inputs'; };
|
||||
|
||||
nixosModules = mkHosts (mkModule []);
|
||||
nixosConfigurations = mkHosts (mkConfig []);
|
||||
nixosReports = mkHosts (mkReport []);
|
||||
nixosReports = builtins.mapAttrs (key: self.lib.mkNixosConfigSummary) self.nixosConfigurations;
|
||||
|
||||
overlays = {
|
||||
pbsdspkgs = final: prev: let pkgs = final; inherit (pkgs) lib; in {
|
||||
|
||||
83
lib.nix
Normal file
83
lib.nix
Normal file
@ -0,0 +1,83 @@
|
||||
{ inputs }:
|
||||
let
|
||||
nlib = inputs.nixpkgs-edge.lib;
|
||||
|
||||
ellipsis =
|
||||
maxlen: take: str:
|
||||
if builtins.stringLength str > maxlen then builtins.substring 0 take str + "..." else str;
|
||||
|
||||
denix =
|
||||
str:
|
||||
builtins.concatStringsSep "/nix/store/..." (
|
||||
builtins.filter builtins.isString (builtins.split "(/nix/store/[^ /-]+.?)" str)
|
||||
);
|
||||
|
||||
# make a pretty summary of a lib.nixosSystem
|
||||
mkNixosConfigSummary =
|
||||
nixosSystem:
|
||||
let
|
||||
cfg = nixosSystem.config;
|
||||
inherit (nixosSystem.pkgs) lib;
|
||||
in
|
||||
{
|
||||
# inherit cfg.nixpkgs.system; # TODO: cross systems
|
||||
system =
|
||||
if cfg.nixpkgs.hostPlatform.system == cfg.nixpkgs.buildPlatform.system then
|
||||
cfg.nixpkgs.system
|
||||
else
|
||||
{
|
||||
hostPlatform = cfg.nixpkgs.hostPlatform.system;
|
||||
buildPlatform = cfg.nixpkgs.buildPlatform.system;
|
||||
};
|
||||
inherit (cfg.boot.binfmt) emulatedSystems;
|
||||
inherit (cfg.networking) fqdn;
|
||||
inherit (cfg.networking.firewall) allowedTCPPorts allowedUDPPorts;
|
||||
buildMachines = lib.pipe cfg.nix.buildMachines [
|
||||
(map (buildMachine: "${buildMachine.protocol}:${buildMachine.sshUser}@${buildMachine.hostName}"))
|
||||
(lib.sort (a: b: a < b))
|
||||
];
|
||||
users = lib.pipe cfg.users.users [
|
||||
(lib.filterAttrs (uname: user: user.isNormalUser || user.openssh.authorizedKeys.keys != [ ]))
|
||||
(lib.mapAttrs (
|
||||
uname: user: {
|
||||
inherit (user) home;
|
||||
authorizedKeys = lib.sort (a: b: a < b) (
|
||||
lib.forEach user.openssh.authorizedKeys.keys (
|
||||
key:
|
||||
lib.pipe key [
|
||||
(lib.splitString " ")
|
||||
(map denix)
|
||||
(map (ellipsis 60 12))
|
||||
(lib.concatStringsSep " ")
|
||||
]
|
||||
)
|
||||
);
|
||||
}
|
||||
))
|
||||
];
|
||||
nix-system-features = cfg.nix.settings.system-features;
|
||||
bootloader =
|
||||
if cfg.boot.loader.grub.enable then
|
||||
"grub"
|
||||
else if cfg.boot.loader.systemd-boot.enable then
|
||||
"systemd-boot"
|
||||
else if cfg.boot.isContainer then
|
||||
"container"
|
||||
else
|
||||
null;
|
||||
mounts = lib.pipe cfg.fileSystems [
|
||||
(lib.filterAttrs (mount: fs: fs.fsType != "nfs")) # spammy
|
||||
(lib.mapAttrs (mount: fs: "${fs.fsType}://${fs.device}"))
|
||||
];
|
||||
}
|
||||
// lib.optionalAttrs cfg.services.nginx.enable {
|
||||
nginx-vhosts = lib.pipe cfg.services.nginx.virtualHosts [
|
||||
(lib.filterAttrs (domain: vhost: vhost == "_"))
|
||||
(lib.mapAttrs (domain: vhost: vhost.serverAliases or [ ]))
|
||||
];
|
||||
};
|
||||
|
||||
in
|
||||
{
|
||||
inherit mkNixosConfigSummary;
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user