motiejus/config
1
Fork 0
Code Packages Releases Activity

enable statx

Browse Source
This commit is contained in:
Motiejus Jakštys
2023-10-01 23:14:05 +03:00
parent 5c83f7407a
commit 25e8191177
15 changed files with 110 additions and 122 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
modules/services/deployerbot/default.nix
View File

@@ -22,14 +22,12 @@ in {
enable = lib.mkEnableOption "Enable system updater orchestrator";
deployDerivations = lib.mkOption {type = listOf str;};
deployIfPresent = lib.mkOption {
type = listOf (submodule (
{...}: {
options = {
derivationTarget = lib.mkOption {type = str;};
pingTarget = lib.mkOption {type = str;};
};
}
));
type = listOf (submodule {
options = {
derivationTarget = lib.mkOption {type = str;};
pingTarget = lib.mkOption {type = str;};
};
});
default = [];
};
uidgid = lib.mkOption {type = int;};

61
modules/services/friendlyport/default.nix
View File

@@ -5,50 +5,45 @@
}: {
options.mj.services.friendlyport = with lib.types; {
ports = lib.mkOption {
type = listOf (submodule (
{...}: {
options = {
subnets = lib.mkOption {type = listOf str;};
tcp = lib.mkOption {
type = listOf int;
default = [];
};
udp = lib.mkOption {
type = listOf int;
default = [];
};
type = listOf (submodule {
options = {
subnets = lib.mkOption {type = listOf str;};
tcp = lib.mkOption {
type = listOf int;
default = [];
};
}
));
udp = lib.mkOption {
type = listOf int;
default = [];
};
};
});
};
};
config = let
ports = config.mj.services.friendlyport.ports;
mkAdd = (
proto: subnets: ints: let
subnetsS = builtins.concatStringsSep "," subnets;
intsS = builtins.concatStringsSep "," (map builtins.toString ints);
in
if builtins.length ints == 0
then ""
else "iptables -A INPUT -p ${proto} --match multiport --dports ${intsS} --source ${subnetsS} -j ACCEPT"
);
inherit (config.mj.services.friendlyport.ports);
mkAdd = proto: subnets: ints: let
subnetsS = builtins.concatStringsSep "," subnets;
intsS = builtins.concatStringsSep "," (map builtins.toString ints);
in
if builtins.length ints == 0
then ""
else "iptables -A INPUT -p ${proto} --match multiport --dports ${intsS} --source ${subnetsS} -j ACCEPT";
startTCP = map (attr: mkAdd "tcp" attr.subnets attr.tcp) ports;
startUDP = map (attr: mkAdd "udp" attr.subnets attr.udp) ports;
# TODO: when stopping the firewall, systemd uses the old ports. So this is a two-phase process.
# How to stop the old one and start the new one?
mkDel = (
proto: subnets: ints: let
subnetsS = builtins.concatStringsSep "," subnets;
intsS = builtins.concatStringsSep "," (map builtins.toString ints);
in
if builtins.length ints == 0
then ""
else "iptables -D INPUT -p ${proto} --match multiport --dports ${intsS} --source ${subnetsS} -j ACCEPT || :"
);
mkDel = proto: subnets: ints: let
subnetsS = builtins.concatStringsSep "," subnets;
intsS = builtins.concatStringsSep "," (map builtins.toString ints);
in
if builtins.length ints == 0
then ""
else "iptables -D INPUT -p ${proto} --match multiport --dports ${intsS} --source ${subnetsS} -j ACCEPT || :";
stopTCP = map (attr: mkDel "tcp" attr.subnets attr.tcp) ports;
stopUDP = map (attr: mkDel "udp" attr.subnets attr.udp) ports;

3
modules/services/jakstpub/default.nix
View File

@@ -5,7 +5,6 @@
...
}: let
cfg = config.mj.services.jakstpub;
subnets = myData.subnets;
in {
options.mj.services.jakstpub = with lib.types; {
enable = lib.mkEnableOption "Enable jakstpub";
@@ -70,7 +69,7 @@ in {
services.samba-wsdd = {
enable = true;
hostname = cfg.hostname;
inherit (cfg.hostname);
};
users.users.jakstpub = {

14
modules/services/syncthing/default.nix
View File

@@ -4,8 +4,9 @@
myData,
...
}: let
cfg = config.mj.services.syncthing;
guiPort = 8384;
cfg = config.services.syncthing;
devices = {
"fwminex".id = "GKSUKZE-AOBQOWY-CNLZ2ZI-WNKATYE-MV4Y452-J3VCJ5C-EAANXRX-2P6EHA6";
"vno1-oh2".id = "W45ROUW-CHKI3I6-C4VCOCU-NJYQ3ZS-MJDHH23-YYCDXTI-HTJSBZJ-KZMWTAF";
@@ -95,7 +96,7 @@ in {
dataDir = lib.mkOption {type = path;};
};
config = lib.mkIf config.mj.services.syncthing.enable {
config = lib.mkIf cfg.enable {
mj.services.friendlyport.ports = [
{
subnets = myData.subnets.motiejus.cidrs;
@@ -104,16 +105,17 @@ in {
];
services.syncthing = {
enable = config.mj.services.syncthing.enable;
inherit (cfg.enable);
inherit (cfg.user);
inherit (cfg.group);
inherit (cfg.dataDir);
openDefaultPorts = true;
guiAddress = let
fqdn = with config.networking; "${hostName}.${domain}";
jakstIP = lib.getAttrFromPath [fqdn "jakstIP"] myData.hosts;
guiPortStr = builtins.toString guiPort;
in "${jakstIP}:${guiPortStr}";
user = config.mj.services.syncthing.user;
group = config.mj.services.syncthing.group;
dataDir = config.mj.services.syncthing.dataDir;
extraOptions.gui.insecureAdminAccess = true;

2
modules/services/tailscale/default.nix
View File

@@ -16,7 +16,7 @@ in {
};
};
config = mkIf (cfg.enable) (mkMerge [
config = mkIf cfg.enable (mkMerge [
{
services.tailscale.enable = true;
networking.firewall.checkReversePath = "loose";

26
modules/services/zfsunlock/default.nix
View File

@@ -31,21 +31,19 @@ in {
targets = lib.mkOption {
default = {};
type = attrsOf (submodule (
{...}: {
options = {
sshEndpoint = lib.mkOption {type = str;};
pingEndpoint = lib.mkOption {type = str;};
pingTimeoutSec = lib.mkOption {
type = int;
default = 20;
};
remotePubkey = lib.mkOption {type = str;};
pwFile = lib.mkOption {type = path;};
startAt = lib.mkOption {type = either str (listOf str);};
type = attrsOf (submodule {
options = {
sshEndpoint = lib.mkOption {type = str;};
pingEndpoint = lib.mkOption {type = str;};
pingTimeoutSec = lib.mkOption {
type = int;
default = 20;
};
}
));
remotePubkey = lib.mkOption {type = str;};
pwFile = lib.mkOption {type = path;};
startAt = lib.mkOption {type = either str (listOf str);};
};
});
};
};