hd/cfg
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
cfg/var/default.nix
Henri Dohmen 7d04597408
miniflux
2026-04-11 21:01:09 +02:00

94 lines
2.7 KiB
Nix
Raw Blame History

{
lib ? (import <nixpkgs> { }).lib,
}:
let
hosts = import ./hosts.nix;
# All NixOS hosts managed by this config
nixos-managed = hosts.servers // hosts.desktops;
# Syncthing device IDs. Generated by bin/gen-syncthing-cert, stored in JSON
syncthing-hashes = (lib.importJSON ./syncthing-managed-clients.json).hashes;
# Non-NixOS syncthing peers
syncthing-external = {
"supernote".id = "3LHXAND-FXDIDWR-7BYAIX4-3GW2BWY-IHTX7HH-LTEDI5T-W7ETGVC-BUP2NAF";
"p9".id = "5QR3JDC-JAI6JGR-ZTT7R42-LLPQIN6-YQ6X47E-PWXGMGU-72RZIRA-PJR7VQZ";
};
# Build wg-quick-compatible peer entries from host data
mkWgEntry =
_name: h:
{
inherit (h.wg) publicKey persistentKeepalive;
ips = [ "${h.wg.ip}/32" ];
allowedIPs = if h.wg ? allowedIPs then h.wg.allowedIPs else [ "${h.wg.ip}/32" ];
}
// lib.optionalAttrs (h.wg ? endpoint) { inherit (h.wg) endpoint; };
wireguard-network = lib.mapAttrs mkWgEntry nixos-managed;
wg-ips = lib.mapAttrs (_: h: h.wg.ip) nixos-managed;
lan-all-hosts =
lib.mapAttrs' (name: ip: {
name = "${name}.lan";
value = ip;
}) wg-ips
// {
"git.lan" = wg-ips.roam;
"syncthing.roam.lan" = wg-ips.roam;
"qbt.lan" = wg-ips.roam;
"rss.lan" = wg-ips.roam;
};
syncthing-managed = lib.mapAttrs (_: id: { inherit id; }) syncthing-hashes;
wg-ip-list = lib.attrValues wg-ips;
in
assert lib.assertMsg (lib.all (h: syncthing-hashes ? ${h}) (
lib.attrNames nixos-managed
)) "Not all NixOS hosts have a syncthing hash. Run bin/gen-syncthing-cert.";
{
desktops = lib.attrNames hosts.desktops;
servers = lib.attrNames hosts.servers;
hosts = lib.attrNames nixos-managed;
ssh-keys = rec {
by-host = {
hd = lib.mapAttrs (_: h: h.ssh.hd) nixos-managed;
root = lib.mapAttrs (_: h: h.ssh.root) nixos-managed;
};
hd = lib.attrValues by-host.hd;
root = lib.attrValues by-host.root;
desktops = {
hd = lib.mapAttrsToList (_: h: h.ssh.hd) hosts.desktops;
root = lib.mapAttrsToList (_: h: h.ssh.root) hosts.desktops;
};
};
wg = {
keyFile = "/var/secrets/wg.key";
inherit wireguard-network;
ips = wg-ips;
peers-for =
host:
map (lib.filterAttrs (n: _: n != "ips")) (
lib.attrValues (lib.filterAttrs (n: _: n != host) wireguard-network)
);
};
syncthing = rec {
managed = syncthing-managed;
devices = syncthing-managed // syncthing-external;
device-names = {
all = lib.attrNames devices;
desktops = lib.attrNames hosts.desktops;
};
};
lan-dns = {
hosts = lan-all-hosts;
hostsFile = lib.concatStringsSep "\n" (lib.mapAttrsToList (n: v: "${v}\t${n}") lan-all-hosts);
};
}
Reference in a new issue View git blame Copy permalink