diff --git a/flake.lock b/flake.lock index e4d3ab1..b5644ea 100644 --- a/flake.lock +++ b/flake.lock @@ -8,7 +8,7 @@ "ragenix", "nixpkgs" ], - "systems": "systems_7" + "systems": "systems_6" }, "locked": { "lastModified": 1723293904, @@ -31,29 +31,27 @@ "nixpkgs": [ "nixpkgs-unstable" ], - "poetry2nix": "poetry2nix" + "pyproject-nix": "pyproject-nix" }, "locked": { - "lastModified": 1718746012, - "narHash": "sha256-sp9vGl3vWXvD/C2JeMDi5nbW6CkKIC3Q2JMGKwexYEs=", - "ref": "refs/heads/master", - "rev": "ea24100bd4a914b9e044a2085a3785a6bd3a3833", - "revCount": 5, - "type": "git", - "url": "https://git.nul.ie/dev/boardie" + "lastModified": 1757170758, + "narHash": "sha256-FyO+Brz5eInmdAkG8B2rJAfrNGMCsDQ8BPflKV2+r5g=", + "owner": "devplayer0", + "repo": "boardie", + "rev": "ed5fd520d5bf122871b5508dd3c1eda28d6e515d", + "type": "github" }, "original": { - "type": "git", - "url": "https://git.nul.ie/dev/boardie" + "owner": "devplayer0", + "repo": "boardie", + "type": "github" } }, "borgthin": { "inputs": { "devshell": "devshell_2", - "flake-utils": "flake-utils_5", - "nixpkgs": [ - "nixpkgs-mine" - ] + "flake-utils": "flake-utils_4", + "nixpkgs": "nixpkgs_3" }, "locked": { "lastModified": 1732994213, @@ -116,11 +114,11 @@ "utils": "utils" }, "locked": { - "lastModified": 1727447169, - "narHash": "sha256-3KyjMPUKHkiWhwR91J1YchF6zb6gvckCAY1jOE+ne0U=", + "lastModified": 1756719547, + "narHash": "sha256-N9gBKUmjwRKPxAafXEk1EGadfk2qDZPBQp4vXWPHINQ=", "owner": "serokell", "repo": "deploy-rs", - "rev": "aa07eb05537d4cd025e2310397a6adcedfe72c76", + "rev": "125ae9e3ecf62fb2c0fd4f2d894eb971f1ecaed2", "type": "github" }, "original": { @@ -150,7 +148,7 @@ }, "devshell-tools": { "inputs": { - "flake-utils": "flake-utils_9", + "flake-utils": "flake-utils_8", "nixpkgs": "nixpkgs_4" }, "locked": { @@ -169,8 +167,8 @@ }, "devshell_2": { "inputs": { - "flake-utils": "flake-utils_4", - "nixpkgs": "nixpkgs_3" + "flake-utils": "flake-utils_3", + "nixpkgs": "nixpkgs_2" }, "locked": { "lastModified": 1671489820, @@ -193,11 +191,11 @@ ] }, "locked": { - "lastModified": 1735644329, - "narHash": "sha256-tO3HrHriyLvipc4xr+Ewtdlo7wM1OjXNjlWRgmM7peY=", + "lastModified": 1741473158, + "narHash": "sha256-kWNaq6wQUbUMlPgw8Y+9/9wP0F8SHkjy24/mN3UAppg=", "owner": "numtide", "repo": "devshell", - "rev": "f7795ede5b02664b57035b3b757876703e2c3eac", + "rev": "7c9e793ebe66bcba8292989a68c0419b737a22a0", "type": "github" }, "original": { @@ -209,11 +207,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1696426674, - "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=", + "lastModified": 1733328505, + "narHash": "sha256-NeCCThCEP3eCl2l/+27kNNK7QrwZB1IJCrXfrbv5oqU=", "owner": "edolstra", "repo": "flake-compat", - "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33", + "rev": "ff81ac966bb2cae68946d5ed5fc4994f96d0ffec", "type": "github" }, "original": { @@ -241,24 +239,6 @@ } }, "flake-utils_10": { - "inputs": { - "systems": "systems_10" - }, - "locked": { - "lastModified": 1705309234, - "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_11": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -292,24 +272,6 @@ } }, "flake-utils_3": { - "inputs": { - "systems": "systems_3" - }, - "locked": { - "lastModified": 1710146030, - "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_4": { "locked": { "lastModified": 1642700792, "narHash": "sha256-XqHrk7hFb+zBvRg6Ghl+AZDq03ov6OshJLiSWOoX5es=", @@ -324,7 +286,7 @@ "type": "github" } }, - "flake-utils_5": { + "flake-utils_4": { "locked": { "lastModified": 1667395993, "narHash": "sha256-nuEHfE/LcWyuSWnS8t12N1wc105Qtau+/OdUAjtQ0rA=", @@ -339,9 +301,27 @@ "type": "github" } }, + "flake-utils_5": { + "inputs": { + "systems": "systems_4" + }, + "locked": { + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "flake-utils_6": { "inputs": { - "systems": "systems_6" + "systems": "systems_5" }, "locked": { "lastModified": 1731533236, @@ -358,23 +338,8 @@ } }, "flake-utils_7": { - "locked": { - "lastModified": 1659877975, - "narHash": "sha256-zllb8aq3YO3h8B/U0/J1WBgAL8EX5yWf5pMj3G0NAmc=", - "owner": "numtide", - "repo": "flake-utils", - "rev": "c0e246b9b83f637f4681389ecabcb2681b4f3af0", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "flake-utils", - "type": "github" - } - }, - "flake-utils_8": { "inputs": { - "systems": "systems_8" + "systems": "systems_7" }, "locked": { "lastModified": 1710146030, @@ -390,9 +355,9 @@ "type": "github" } }, - "flake-utils_9": { + "flake-utils_8": { "inputs": { - "systems": "systems_9" + "systems": "systems_8" }, "locked": { "lastModified": 1709126324, @@ -408,6 +373,24 @@ "type": "github" } }, + "flake-utils_9": { + "inputs": { + "systems": "systems_9" + }, + "locked": { + "lastModified": 1705309234, + "narHash": "sha256-uNRRNRKmJyCRC/8y1RqBkqWBLM034y4qN7EprSdmgyA=", + "owner": "numtide", + "repo": "flake-utils", + "rev": "1ef2e671c3b0c19053962c07dbda38332dcebf26", + "type": "github" + }, + "original": { + "owner": "numtide", + "repo": "flake-utils", + "type": "github" + } + }, "home-manager": { "inputs": { "nixpkgs": [ @@ -437,16 +420,16 @@ ] }, "locked": { - "lastModified": 1739757849, - "narHash": "sha256-Gs076ot1YuAAsYVcyidLKUMIc4ooOaRGO0PqTY7sBzA=", + "lastModified": 1756679287, + "narHash": "sha256-Xd1vOeY9ccDf5VtVK12yM0FS6qqvfUop8UQlxEB+gTQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "9d3d080aec2a35e05a15cedd281c2384767c2cfe", + "rev": "07fc025fe10487dd80f2ec694f1cd790e752d0e8", "type": "github" }, "original": { "id": "home-manager", - "ref": "release-24.11", + "ref": "release-25.05", "type": "indirect" } }, @@ -457,11 +440,11 @@ ] }, "locked": { - "lastModified": 1741457641, - "narHash": "sha256-HIoSAfme6BReJI8wbtZxSuALfI21OqagDPlbGkeVX0c=", + "lastModified": 1757075491, + "narHash": "sha256-a+NMGl5tcvm+hyfSG2DlVPa8nZLpsumuRj1FfcKb2mQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "2c87a6475fba12c9eb04ccb7375da0e32da48dc1", + "rev": "f56bf065f9abedc7bc15e1f2454aa5c8edabaacf", "type": "github" }, "original": { @@ -484,41 +467,35 @@ "type": "github" } }, - "nix-github-actions": { - "inputs": { - "nixpkgs": [ - "boardie", - "poetry2nix", - "nixpkgs" - ] - }, + "libnetRepo": { + "flake": false, "locked": { - "lastModified": 1703863825, - "narHash": "sha256-rXwqjtwiGKJheXB43ybM8NwWB8rO2dSRrEqes0S7F5Y=", - "owner": "nix-community", - "repo": "nix-github-actions", - "rev": "5163432afc817cf8bd1f031418d1869e4c9d5547", + "lastModified": 1745053097, + "narHash": "sha256-BEW57utyWCqP4U+MzCXFqbvEC8LE3iZv5dsPMrmTJ9Q=", + "owner": "oddlama", + "repo": "nixos-extra-modules", + "rev": "7565d8554b0fc9d621851150e7939d34a3a8cd6c", "type": "github" }, "original": { - "owner": "nix-community", - "repo": "nix-github-actions", + "owner": "oddlama", + "repo": "nixos-extra-modules", "type": "github" } }, "nixGL": { "inputs": { - "flake-utils": "flake-utils_7", + "flake-utils": "flake-utils_6", "nixpkgs": [ "nixpkgs-unstable" ] }, "locked": { - "lastModified": 1713543440, - "narHash": "sha256-lnzZQYG0+EXl/6NkGpyIz+FEOc/DSEG57AP1VsdeNrM=", + "lastModified": 1752054764, + "narHash": "sha256-Ob/HuUhANoDs+nvYqyTKrkcPXf4ZgXoqMTQoCK0RFgQ=", "owner": "nix-community", "repo": "nixGL", - "rev": "310f8e49a149e4c9ea52f1adf70cdc768ec53f8a", + "rev": "a8e1ce7d49a149ed70df676785b07f63288f53c5", "type": "github" }, "original": { @@ -545,11 +522,11 @@ }, "nixpkgs-mine": { "locked": { - "lastModified": 1741543477, - "narHash": "sha256-CIXkalXwVcUFxb2TF33j45GlWWVHGmHu0GaMvVM/f6M=", + "lastModified": 1757173087, + "narHash": "sha256-NYXuC8xUUbvtwbaC1aLdpQKHzQtQ2XB3VkK0hfYTPd8=", "owner": "devplayer0", "repo": "nixpkgs", - "rev": "811543d59a6dec53bd025bb17be0896f3c37c03a", + "rev": "06e4c8cd503ed73806744b39368393df38b36bb7", "type": "github" }, "original": { @@ -561,11 +538,11 @@ }, "nixpkgs-mine-stable": { "locked": { - "lastModified": 1741456679, - "narHash": "sha256-5f6f3yFT4+KDV02PXlKxhJ7ig++oa+NzGwlW8vxWPHk=", + "lastModified": 1757173155, + "narHash": "sha256-aDNAiQQsrgS/coVOqLbtILpOUouE6jp/wqAsO8Dta/o=", "owner": "devplayer0", "repo": "nixpkgs", - "rev": "c82613e3e6a22d4cc1e80e1e91bea15c601dbbe7", + "rev": "8a1a03f2d17918a6d51746371031a8fe4014c549", "type": "github" }, "original": { @@ -577,26 +554,26 @@ }, "nixpkgs-stable": { "locked": { - "lastModified": 1741332913, - "narHash": "sha256-ri1e8ZliWS3Jnp9yqpKApHaOo7KBN33W8ECAKA4teAQ=", + "lastModified": 1757020766, + "narHash": "sha256-PLoSjHRa2bUbi1x9HoXgTx2AiuzNXs54c8omhadyvp0=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "20755fa05115c84be00b04690630cb38f0a203ad", + "rev": "fe83bbdde2ccdc2cb9573aa846abe8363f79a97a", "type": "github" }, "original": { "id": "nixpkgs", - "ref": "nixos-24.11", + "ref": "nixos-25.05", "type": "indirect" } }, "nixpkgs-unstable": { "locked": { - "lastModified": 1741246872, - "narHash": "sha256-Q6pMP4a9ed636qilcYX8XUguvKl/0/LGXhHcRI91p0U=", + "lastModified": 1756787288, + "narHash": "sha256-rw/PHa1cqiePdBxhF66V7R+WAP8WekQ0mCDG4CFqT8Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "10069ef4cf863633f57238f179a0297de84bd8d3", + "rev": "d0fc30899600b9b3466ddb260fd83deb486c32f1", "type": "github" }, "original": { @@ -606,22 +583,6 @@ } }, "nixpkgs_2": { - "locked": { - "lastModified": 1718632497, - "narHash": "sha256-YtlyfqOdYMuu7gumZtK0Kg7jr4OKfHUhJkZfNUryw68=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "c58b4a9118498c1055c5908a5bbe666e56abe949", - "type": "github" - }, - "original": { - "owner": "NixOS", - "ref": "nixos-unstable-small", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs_3": { "locked": { "lastModified": 1643381941, "narHash": "sha256-pHTwvnN4tTsEKkWlXQ8JMY423epos8wUOhthpwJjtpc=", @@ -637,6 +598,20 @@ "type": "github" } }, + "nixpkgs_3": { + "locked": { + "lastModified": 1673606088, + "narHash": "sha256-wdYD41UwNwPhTdMaG0AIe7fE1bAdyHe6bB4HLUqUvck=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "37b97ae3dd714de9a17923d004a2c5b5543dfa6d", + "type": "github" + }, + "original": { + "id": "nixpkgs", + "type": "indirect" + } + }, "nixpkgs_4": { "locked": { "lastModified": 1709309926, @@ -669,25 +644,24 @@ "type": "github" } }, - "poetry2nix": { + "pyproject-nix": { "inputs": { - "flake-utils": "flake-utils_3", - "nix-github-actions": "nix-github-actions", - "nixpkgs": "nixpkgs_2", - "systems": "systems_4", - "treefmt-nix": "treefmt-nix" + "nixpkgs": [ + "boardie", + "nixpkgs" + ] }, "locked": { - "lastModified": 1718726452, - "narHash": "sha256-w4hJSYvACz0i5XHtxc6XNyHwbxpisN13M2kA2Y7937o=", - "owner": "nix-community", - "repo": "poetry2nix", - "rev": "53e534a08c0cd2a9fa7587ed1c3e7f6aeb804a2c", + "lastModified": 1756395552, + "narHash": "sha256-5aJM14MpoLk2cdZAetu60OkLQrtFLWTICAyn1EP7ZpM=", + "owner": "pyproject-nix", + "repo": "pyproject.nix", + "rev": "030dffc235dcf240d918c651c78dc5f158067b51", "type": "github" }, "original": { - "owner": "nix-community", - "repo": "poetry2nix", + "owner": "pyproject-nix", + "repo": "pyproject.nix", "type": "github" } }, @@ -695,7 +669,7 @@ "inputs": { "agenix": "agenix", "crane": "crane", - "flake-utils": "flake-utils_8", + "flake-utils": "flake-utils_7", "nixpkgs": [ "nixpkgs-unstable" ], @@ -722,10 +696,11 @@ "borgthin": "borgthin", "deploy-rs": "deploy-rs", "devshell": "devshell_3", - "flake-utils": "flake-utils_6", + "flake-utils": "flake-utils_5", "home-manager-stable": "home-manager-stable", "home-manager-unstable": "home-manager-unstable", "impermanence": "impermanence", + "libnetRepo": "libnetRepo", "nixGL": "nixGL", "nixpkgs-mine": "nixpkgs-mine", "nixpkgs-mine-stable": "nixpkgs-mine-stable", @@ -758,7 +733,7 @@ }, "sbt": { "inputs": { - "flake-utils": "flake-utils_11", + "flake-utils": "flake-utils_10", "nixpkgs": "nixpkgs_5" }, "locked": { @@ -778,7 +753,7 @@ "sharry": { "inputs": { "devshell-tools": "devshell-tools", - "flake-utils": "flake-utils_10", + "flake-utils": "flake-utils_9", "nixpkgs": [ "nixpkgs-unstable" ], @@ -813,21 +788,6 @@ "type": "github" } }, - "systems_10": { - "locked": { - "lastModified": 1681028828, - "narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=", - "owner": "nix-systems", - "repo": "default", - "rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e", - "type": "github" - }, - "original": { - "owner": "nix-systems", - "repo": "default", - "type": "github" - } - }, "systems_2": { "locked": { "lastModified": 1681028828, @@ -868,8 +828,9 @@ "type": "github" }, "original": { - "id": "systems", - "type": "indirect" + "owner": "nix-systems", + "repo": "default", + "type": "github" } }, "systems_5": { @@ -947,38 +908,16 @@ "type": "github" } }, - "treefmt-nix": { - "inputs": { - "nixpkgs": [ - "boardie", - "poetry2nix", - "nixpkgs" - ] - }, - "locked": { - "lastModified": 1718522839, - "narHash": "sha256-ULzoKzEaBOiLRtjeY3YoGFJMwWSKRYOic6VNw2UyTls=", - "owner": "numtide", - "repo": "treefmt-nix", - "rev": "68eb1dc333ce82d0ab0c0357363ea17c31ea1f81", - "type": "github" - }, - "original": { - "owner": "numtide", - "repo": "treefmt-nix", - "type": "github" - } - }, "utils": { "inputs": { - "systems": "systems_5" + "systems": "systems_3" }, "locked": { - "lastModified": 1701680307, - "narHash": "sha256-kAuep2h5ajznlPMD9rnQyffWG8EM/C73lejGofXvdM8=", + "lastModified": 1731533236, + "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=", "owner": "numtide", "repo": "flake-utils", - "rev": "4022d587cbbfd70fe950c1e2083a02621806a725", + "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 29b4934..4ce0c12 100644 --- a/flake.nix +++ b/flake.nix @@ -3,17 +3,22 @@ inputs = { flake-utils.url = "github:numtide/flake-utils"; + # libnet.url = "github:reo101/nix-lib-net"; + libnetRepo = { + url = "github:oddlama/nixos-extra-modules"; + flake = false; + }; devshell.url = "github:numtide/devshell"; devshell.inputs.nixpkgs.follows = "nixpkgs-unstable"; nixpkgs-unstable.url = "nixpkgs/nixos-unstable"; - nixpkgs-stable.url = "nixpkgs/nixos-24.11"; + nixpkgs-stable.url = "nixpkgs/nixos-25.05"; nixpkgs-mine.url = "github:devplayer0/nixpkgs/devplayer0"; nixpkgs-mine-stable.url = "github:devplayer0/nixpkgs/devplayer0-stable"; home-manager-unstable.url = "home-manager"; home-manager-unstable.inputs.nixpkgs.follows = "nixpkgs-unstable"; - home-manager-stable.url = "home-manager/release-24.11"; + home-manager-stable.url = "home-manager/release-25.05"; home-manager-stable.inputs.nixpkgs.follows = "nixpkgs-stable"; # Stuff used by the flake for build / deployment @@ -25,7 +30,7 @@ # Stuff used by systems impermanence.url = "github:nix-community/impermanence"; - boardie.url = "git+https://git.nul.ie/dev/boardie"; + boardie.url = "github:devplayer0/boardie"; boardie.inputs.nixpkgs.follows = "nixpkgs-unstable"; nixGL.url = "github:nix-community/nixGL"; nixGL.inputs.nixpkgs.follows = "nixpkgs-unstable"; @@ -34,7 +39,8 @@ sharry.url = "github:eikek/sharry"; sharry.inputs.nixpkgs.follows = "nixpkgs-unstable"; borgthin.url = "github:devplayer0/borg"; - borgthin.inputs.nixpkgs.follows = "nixpkgs-mine"; + # TODO: Update borgthin so this works + # borgthin.inputs.nixpkgs.follows = "nixpkgs-mine"; }; outputs = @@ -57,7 +63,7 @@ # Extend a lib with extras that _must not_ internally reference private nixpkgs. flake-utils doesn't, but many # other flakes (e.g. home-manager) probably do internally. libOverlay = final: prev: { - my = import ./lib { lib = final; }; + my = import ./lib { inherit inputs; lib = final; }; flake = flake-utils.lib; }; pkgsLibOverlay = final: prev: { lib = prev.lib.extend libOverlay; }; @@ -88,10 +94,11 @@ (_: path: mkDefaultSystemsPkgs path (system: { overlays = [ pkgsLibOverlay + myPkgsOverlay inputs.devshell.overlays.default inputs.ragenix.overlays.default - inputs.deploy-rs.overlay + inputs.deploy-rs.overlays.default (flakePackageOverlay inputs.home-manager-unstable system) ]; })) @@ -102,6 +109,7 @@ (_: path: mkDefaultSystemsPkgs path (_: { overlays = [ pkgsLibOverlay + myPkgsOverlay ]; @@ -157,7 +165,7 @@ # Platform independent stuff { nixpkgs = pkgs'; - inherit lib nixfiles; + inherit inputs lib nixfiles; overlays.default = myPkgsOverlay; diff --git a/home-manager/modules/common.nix b/home-manager/modules/common.nix index a4fec47..10e3cf8 100644 --- a/home-manager/modules/common.nix +++ b/home-manager/modules/common.nix @@ -66,7 +66,7 @@ in lsd = { enable = mkDefault true; - enableAliases = mkDefault true; + enableFishIntegration = mkDefault true; }; starship = { @@ -132,6 +132,8 @@ in ssh = { enable = mkDefault true; + # TODO: Set after 25.11 releases + # enableDefaultConfig = false; matchBlocks = { nix-dev-vm = { user = "dev"; @@ -226,6 +228,8 @@ in # Note: If globalPkgs mode is on, then these will be overridden by the NixOS equivalents of these options nixpkgs = { overlays = [ + inputs.libnet.overlays.default + inputs.deploy-rs.overlay inputs.boardie.overlays.default inputs.nixGL.overlays.default diff --git a/lib/constants.nix b/lib/constants.nix index c813956..e02d3ef 100644 --- a/lib/constants.nix +++ b/lib/constants.nix @@ -28,7 +28,7 @@ rec { kernel = { lts = pkgs: pkgs.linuxKernel.packages.linux_6_12; - latest = pkgs: pkgs.linuxKernel.packages.linux_6_13; + latest = pkgs: pkgs.linuxKernel.packages.linux_6_16; }; nginx = rec { diff --git a/lib/default.nix b/lib/default.nix index 88ce3c3..7cb61ee 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -1,11 +1,11 @@ -{ lib }: +{ inputs, lib }: let inherit (builtins) length match elemAt filter replaceStrings substring; inherit (lib) genAttrs mapAttrsToList filterAttrsRecursive nameValuePair types mkOption mkOverride mkForce mkIf mergeEqualOption optional showWarnings concatStringsSep flatten unique optionalAttrs - mkBefore toLower; + mkBefore toLower splitString last; inherit (lib.flake) defaultSystems; in rec { @@ -23,7 +23,7 @@ rec { attrsToNVList = mapAttrsToList nameValuePair; - inherit (import ./net.nix { inherit lib; }) net; + inherit ((import "${inputs.libnetRepo}/lib/netu.nix" { inherit lib; }).lib) net; dns = import ./dns.nix { inherit lib; }; c = import ./constants.nix { inherit lib; }; @@ -248,12 +248,13 @@ rec { in { trivial = prev.trivial // { - release = "25.03:u-${prev.trivial.release}"; - codeName = "Frick"; + release = "25.09:u-${prev.trivial.release}"; + codeName = "Giving"; revisionWithDefault = default: self.rev or default; versionSuffix = ".${date}.${revCode self}:u-${revCode pkgsFlake}"; }; }; + upstreamRelease = last (splitString "-" lib.trivial.release); netbootKeaClientClasses = { tftpIP, hostname, systems }: let diff --git a/lib/net.nix b/lib/net.nix deleted file mode 100644 index 86c7a74..0000000 --- a/lib/net.nix +++ /dev/null @@ -1,1322 +0,0 @@ -# From https://gist.github.com/duairc/5c9bb3c922e5d501a1edb9e7b3b845ba -{ lib ? null, ... }: -let - net = { - ip = { - - # add :: (ip | mac | integer) -> ip -> ip - # - # Examples: - # - # Adding integer to IPv4: - # > net.ip.add 100 "10.0.0.1" - # "10.0.0.101" - # - # Adding IPv4 to IPv4: - # > net.ip.add "127.0.0.1" "10.0.0.1" - # "137.0.0.2" - # - # Adding IPv6 to IPv4: - # > net.ip.add "::cafe:beef" "10.0.0.1" - # "212.254.186.191" - # - # Adding MAC to IPv4 (overflows): - # > net.ip.add "fe:ed:fa:ce:f0:0d" "10.0.0.1" - # "4.206.240.14" - # - # Adding integer to IPv6: - # > net.ip.add 100 "dead:cafe:beef::" - # "dead:cafe:beef::64" - # - # Adding IPv4 to to IPv6: - # > net.ip.add "127.0.0.1" "dead:cafe:beef::" - # "dead:cafe:beef::7f00:1" - # - # Adding MAC to IPv6: - # > net.ip.add "fe:ed:fa:ce:f0:0d" "dead:cafe:beef::" - # "dead:cafe:beef::feed:face:f00d" - add = delta: ip: - let - function = "net.ip.add"; - delta' = typechecks.numeric function "delta" delta; - ip' = typechecks.ip function "ip" ip; - in - builders.ip (implementations.ip.add delta' ip'); - - # diff :: ip -> ip -> (integer | ipv6) - # - # net.ip.diff is the reverse of net.ip.add: - # - # net.ip.diff (net.ip.add a b) a = b - # net.ip.diff (net.ip.add a b) b = a - # - # The difference between net.ip.diff and net.ip.subtract is that - # net.ip.diff will try its best to return an integer (falling back - # to an IPv6 if the result is too big to fit in an integer). This is - # useful if you have two hosts that you know are on the same network - # and you just want to calculate the offset between them — a result - # like "0.0.0.10" is not very useful (which is what you would get - # from net.ip.subtract). - diff = minuend: subtrahend: - let - function = "net.ip.diff"; - minuend' = typechecks.ip function "minuend" minuend; - subtrahend' = typechecks.ip function "subtrahend" subtrahend; - result = implementations.ip.diff minuend' subtrahend'; - in - if result ? ipv6 - then builders.ipv6 result - else result; - - # subtract :: (ip | mac | integer) -> ip -> ip - # - # net.ip.subtract is also the reverse of net.ip.add: - # - # net.ip.subtract a (net.ip.add a b) = b - # net.ip.subtract b (net.ip.add a b) = a - # - # The difference between net.ip.subtract and net.ip.diff is that - # net.ip.subtract will always return the same type as its "ip" - # parameter. Its implementation takes the "delta" parameter, - # coerces it to be the same type as the "ip" paramter, negates it - # (using two's complement), and then adds it to "ip". - subtract = delta: ip: - let - function = "net.ip.subtract"; - delta' = typechecks.numeric function "delta" delta; - ip' = typechecks.ip function "ip" ip; - in - builders.ip (implementations.ip.subtract delta' ip'); - }; - - mac = { - - # add :: (ip | mac | integer) -> mac -> mac - # - # Examples: - # - # Adding integer to MAC: - # > net.mac.add 100 "fe:ed:fa:ce:f0:0d" - # "fe:ed:fa:ce:f0:71" - # - # Adding IPv4 to MAC: - # > net.mac.add "127.0.0.1" "fe:ed:fa:ce:f0:0d" - # "fe:ee:79:ce:f0:0e" - # - # Adding IPv6 to MAC: - # > net.mac.add "::cafe:beef" "fe:ed:fa:ce:f0:0d" - # "fe:ee:c5:cd:aa:cb - # - # Adding MAC to MAC: - # > net.mac.add "fe:ed:fa:00:00:00" "00:00:00:ce:f0:0d" - # "fe:ed:fa:ce:f0:0d" - add = delta: mac: - let - function = "net.mac.add"; - delta' = typechecks.numeric function "delta" delta; - mac' = typechecks.mac function "mac" mac; - in - builders.mac (implementations.mac.add delta' mac'); - - # diff :: mac -> mac -> integer - # - # net.mac.diff is the reverse of net.mac.add: - # - # net.mac.diff (net.mac.add a b) a = b - # net.mac.diff (net.mac.add a b) b = a - # - # The difference between net.mac.diff and net.mac.subtract is that - # net.mac.diff will always return an integer. - diff = minuend: subtrahend: - let - function = "net.mac.diff"; - minuend' = typechecks.mac function "minuend" minuend; - subtrahend' = typechecks.mac function "subtrahend" subtrahend; - in - implementations.mac.diff minuend' subtrahend'; - - # subtract :: (ip | mac | integer) -> mac -> mac - # - # net.mac.subtract is also the reverse of net.ip.add: - # - # net.mac.subtract a (net.mac.add a b) = b - # net.mac.subtract b (net.mac.add a b) = a - # - # The difference between net.mac.subtract and net.mac.diff is that - # net.mac.subtract will always return a MAC address. - subtract = delta: mac: - let - function = "net.mac.subtract"; - delta' = typechecks.numeric function "delta" delta; - mac' = typechecks.mac function "mac" mac; - in - builders.mac (implementations.mac.subtract delta' mac'); - }; - - cidr = { - # add :: (ip | mac | integer) -> cidr -> cidr - # - # > net.cidr.add 2 "127.0.0.0/8" - # "129.0.0.0/8" - # - # > net.cidr.add (-2) "127.0.0.0/8" - # "125.0.0.0/8" - add = delta: cidr: - let - function = "net.cidr.add"; - delta' = typechecks.numeric function "delta" delta; - cidr' = typechecks.cidr function "cidr" cidr; - in - builders.cidr (implementations.cidr.add delta' cidr'); - - # child :: cidr -> cidr -> bool - # - # > net.cidr.child "10.10.10.0/24" "10.0.0.0/8" - # true - # - # > net.cidr.child "127.0.0.0/8" "10.0.0.0/8" - # false - child = subcidr: cidr: - let - function = "net.cidr.child"; - subcidr' = typechecks.cidr function "subcidr" subcidr; - cidr' = typechecks.cidr function "cidr" cidr; - in - implementations.cidr.child subcidr' cidr'; - - # contains :: ip -> cidr -> bool - # - # > net.cidr.contains "127.0.0.1" "127.0.0.0/8" - # true - # - # > net.cidr.contains "127.0.0.1" "192.168.0.0/16" - # false - contains = ip: cidr: - let - function = "net.cidr.contains"; - ip' = typechecks.ip function "ip" ip; - cidr' = typechecks.cidr function "cidr" cidr; - in - implementations.cidr.contains ip' cidr'; - - # capacity :: cidr -> integer - # - # > net.cidr.capacity "172.16.0.0/12" - # 1048576 - # - # > net.cidr.capacity "dead:cafe:beef::/96" - # 4294967296 - # - # > net.cidr.capacity "dead:cafe:beef::/48" (saturates to maxBound) - # 9223372036854775807 - capacity = cidr: - let - function = "net.cidr.capacity"; - cidr' = typechecks.cidr function "cidr" cidr; - in - implementations.cidr.capacity cidr'; - - # host :: (ip | mac | integer) -> cidr -> ip - # - # > net.cidr.host 10000 "10.0.0.0/8" - # 10.0.39.16 - # - # > net.cidr.host 10000 "dead:cafe:beef::/64" - # "dead:cafe:beef::2710" - # - # net.cidr.host "127.0.0.1" "dead:cafe:beef::/48" - # > "dead:cafe:beef::7f00:1" - # - # Inpsired by: - # https://www.terraform.io/docs/configuration/functions/cidrhost.html - host = hostnum: cidr: - let - function = "net.cidr.host"; - hostnum' = typechecks.numeric function "hostnum" hostnum; - cidr' = typechecks.cidr function "cidr" cidr; - in - builders.ip (implementations.cidr.host hostnum' cidr'); - - # length :: cidr -> integer - # - # > net.cidr.prefix "127.0.0.0/8" - # 8 - # - # > net.cidr.prefix "dead:cafe:beef::/48" - # 48 - length = cidr: - let - function = "net.cidr.length"; - cidr' = typechecks.cidr function "cidr" cidr; - in - implementations.cidr.length cidr'; - - # make :: integer -> ip -> cidr - # - # > net.cidr.make 24 "192.168.0.150" - # "192.168.0.0/24" - # - # > net.cidr.make 40 "dead:cafe:beef::feed:face:f00d" - # "dead:cafe:be00::/40" - make = length: base: - let - function = "net.cidr.make"; - length' = typechecks.int function "length" length; - base' = typechecks.ip function "base" base; - in - builders.cidr (implementations.cidr.make length' base'); - - # netmask :: cidr -> ip - # - # > net.cidr.netmask "192.168.0.0/24" - # "255.255.255.0" - # - # > net.cidr.netmask "dead:cafe:beef::/64" - # "ffff:ffff:ffff:ffff::" - netmask = cidr: - let - function = "net.cidr.netmask"; - cidr' = typechecks.cidr function "cidr" cidr; - in - builders.ip (implementations.cidr.netmask cidr'); - - # size :: cidr -> integer - # - # > net.cidr.prefix "127.0.0.0/8" - # 24 - # - # > net.cidr.prefix "dead:cafe:beef::/48" - # 80 - size = cidr: - let - function = "net.cidr.size"; - cidr' = typechecks.cidr function "cidr" cidr; - in - implementations.cidr.size cidr'; - - # subnet :: integer -> (ip | mac | integer) -> cidr -> cidr - # - # > net.cidr.subnet 4 2 "172.16.0.0/12" - # "172.18.0.0/16" - # - # > net.cidr.subnet 4 15 "10.1.2.0/24" - # "10.1.2.240/28" - # - # > net.cidr.subnet 16 162 "fd00:fd12:3456:7890::/56" - # "fd00:fd12:3456:7800:a200::/72" - # - # Inspired by: - # https://www.terraform.io/docs/configuration/functions/cidrsubnet.html - subnet = length: netnum: cidr: - let - function = "net.cidr.subnet"; - length' = typechecks.int function "length" length; - netnum' = typechecks.numeric function "netnum" netnum; - cidr' = typechecks.cidr function "cidr" cidr; - in - builders.cidr (implementations.cidr.subnet length' netnum' cidr'); - - }; - } // ( - if builtins.isNull lib then {} else { - types = - let - - mkParsedOptionType = { name, description, parser, builder }: - let - normalize = def: def // { - value = builder (parser def.value); - }; - in - lib.mkOptionType { - inherit name description; - check = x: builtins.isString x && parser x != null; - merge = loc: defs: lib.mergeEqualOption loc (map normalize defs); - }; - - dependent-ip = type: cidr: - let - cidrs = - if builtins.isList cidr - then cidr - else [ cidr ]; - in - lib.types.addCheck type (i: lib.any (net.cidr.contains i) cidrs) // { - description = type.description + " in ${builtins.concatStringsSep " or " cidrs}"; - }; - - dependent-cidr = type: cidr: - let - cidrs = - if builtins.isList cidr - then cidr - else [ cidr ]; - in - lib.types.addCheck type (i: lib.any (net.cidr.child i) cidrs) // { - description = type.description + " in ${builtins.concatStringsSep " or " cidrs}"; - }; - - in - rec { - - ip = mkParsedOptionType { - name = "ip"; - description = "IPv4 or IPv6 address"; - parser = parsers.ip; - builder = builders.ip; - }; - - ip-in = dependent-ip ip; - - ipv4 = mkParsedOptionType { - name = "ipv4"; - description = "IPv4 address"; - parser = parsers.ipv4; - builder = builders.ipv4; - }; - - ipv4-in = dependent-ip ipv4; - - ipv6 = mkParsedOptionType { - name = "ipv6"; - description = "IPv6 address"; - parser = parsers.ipv6; - builder = builders.ipv6; - }; - - ipv6-in = dependent-ip ipv6; - - cidr = mkParsedOptionType { - name = "cidr"; - description = "IPv4 or IPv6 address range in CIDR notation"; - parser = parsers.cidr; - builder = builders.cidr; - }; - - cidr-in = dependent-cidr cidr; - - cidrv4 = mkParsedOptionType { - name = "cidrv4"; - description = "IPv4 address range in CIDR notation"; - parser = parsers.cidrv4; - builder = builders.cidrv4; - }; - - cidrv4-in = dependent-cidr cidrv4; - - cidrv6 = mkParsedOptionType { - name = "cidrv6"; - description = "IPv6 address range in CIDR notation"; - parser = parsers.cidrv6; - builder = builders.cidrv6; - }; - - cidrv6-in = dependent-cidr cidrv6; - - mac = mkParsedOptionType { - name = "mac"; - description = "MAC address"; - parser = parsers.mac; - builder = builders.mac; - }; - - }; - } - ); - - list = { - cons = a: b: [ a ] ++ b; - }; - - bit = - let - shift = n: x: - if n < 0 - then x * math.pow 2 (-n) - else - let - safeDiv = n: d: if d == 0 then 0 else n / d; - d = math.pow 2 n; - in - if x < 0 - then not (safeDiv (not x) d) - else safeDiv x d; - - left = n: shift (-n); - - right = shift; - - and = builtins.bitAnd; - - or = builtins.bitOr; - - xor = builtins.bitXor; - - not = xor (-1); - - mask = n: and (left n 1 - 1); - in - { - inherit left right and or xor not mask; - }; - - math = rec { - max = a: b: - if a > b - then a - else b; - - min = a: b: - if a < b - then a - else b; - - clamp = a: b: c: max a (min b c); - - pow = x: n: - if n == 0 - then 1 - else if bit.and n 1 != 0 - then x * pow (x * x) ((n - 1) / 2) - else pow (x * x) (n / 2); - }; - - parsers = - let - - # fmap :: (a -> b) -> parser a -> parser b - fmap = f: ma: bind ma (a: pure (f a)); - - # pure :: a -> parser a - pure = a: string: { - leftovers = string; - result = a; - }; - - # liftA2 :: (a -> b -> c) -> parser a -> parser b -> parser c - liftA2 = f: ma: mb: bind ma (a: bind mb (b: pure (f a b))); - liftA3 = f: a: b: ap (liftA2 f a b); - liftA4 = f: a: b: c: ap (liftA3 f a b c); - liftA5 = f: a: b: c: d: ap (liftA4 f a b c d); - liftA6 = f: a: b: c: d: e: ap (liftA5 f a b c d e); - - # ap :: parser (a -> b) -> parser a -> parser b - ap = liftA2 (a: a); - - # then_ :: parser a -> parser b -> parser b - then_ = liftA2 (a: b: b); - - # empty :: parser a - empty = string: null; - - # alt :: parser a -> parser a -> parser a - alt = left: right: string: - let - result = left string; - in - if builtins.isNull result - then right string - else result; - - # guard :: bool -> parser {} - guard = condition: if condition then pure {} else empty; - - # mfilter :: (a -> bool) -> parser a -> parser a - mfilter = f: parser: bind parser (a: then_ (guard (f a)) (pure a)); - - # some :: parser a -> parser [a] - some = v: liftA2 list.cons v (many v); - - # many :: parser a -> parser [a] - many = v: alt (some v) (pure []); - - # bind :: parser a -> (a -> parser b) -> parser b - bind = parser: f: string: - let - a = parser string; - in - if builtins.isNull a - then null - else f a.result a.leftovers; - - # run :: parser a -> string -> maybe a - run = parser: string: - let - result = parser string; - in - if builtins.isNull result || result.leftovers != "" - then null - else result.result; - - next = string: - if string == "" - then null - else { - leftovers = builtins.substring 1 (-1) string; - result = builtins.substring 0 1 string; - }; - - # Count how many characters were consumed by a parser - count = parser: string: - let - result = parser string; - in - if builtins.isNull result - then null - else result // { - result = { - inherit (result) result; - count = with result; - builtins.stringLength string - builtins.stringLength leftovers; - }; - }; - - # Limit the parser to n characters at most - limit = n: parser: - fmap (a: a.result) (mfilter (a: a.count <= n) (count parser)); - - # Ensure the parser consumes exactly n characters - exactly = n: parser: - fmap (a: a.result) (mfilter (a: a.count == n) (count parser)); - - char = c: bind next (c': guard (c == c')); - - string = css: - if css == "" - then pure {} - else - let - c = builtins.substring 0 1 css; - cs = builtins.substring 1 (-1) css; - in - then_ (char c) (string cs); - - digit = set: bind next ( - c: then_ - (guard (builtins.hasAttr c set)) - (pure (builtins.getAttr c set)) - ); - - decimalDigits = { - "0" = 0; - "1" = 1; - "2" = 2; - "3" = 3; - "4" = 4; - "5" = 5; - "6" = 6; - "7" = 7; - "8" = 8; - "9" = 9; - }; - - hexadecimalDigits = decimalDigits // { - "a" = 10; - "b" = 11; - "c" = 12; - "d" = 13; - "e" = 14; - "f" = 15; - "A" = 10; - "B" = 11; - "C" = 12; - "D" = 13; - "E" = 14; - "F" = 15; - }; - - fromDecimalDigits = builtins.foldl' (a: c: a * 10 + c) 0; - fromHexadecimalDigits = builtins.foldl' (a: bit.or (bit.left 4 a)) 0; - - # disallow leading zeros - decimal = bind (digit decimalDigits) ( - n: - if n == 0 - then pure 0 - else fmap - (ns: fromDecimalDigits (list.cons n ns)) - (many (digit decimalDigits)) - ); - - hexadecimal = fmap fromHexadecimalDigits (some (digit hexadecimalDigits)); - - ipv4 = - let - dot = char "."; - - octet = mfilter (n: n < 256) decimal; - - octet' = then_ dot octet; - - fromOctets = a: b: c: d: { - ipv4 = bit.or (bit.left 8 (bit.or (bit.left 8 (bit.or (bit.left 8 a) b)) c)) d; - }; - in - liftA4 fromOctets octet octet' octet' octet'; - - # This is more or less a literal translation of - # https://hackage.haskell.org/package/ip/docs/src/Net.IPv6.html#parser - ipv6 = - let - colon = char ":"; - - hextet = limit 4 hexadecimal; - - hextet' = then_ colon hextet; - - fromHextets = hextets: - if builtins.length hextets != 8 - then empty - else - let - a = builtins.elemAt hextets 0; - b = builtins.elemAt hextets 1; - c = builtins.elemAt hextets 2; - d = builtins.elemAt hextets 3; - e = builtins.elemAt hextets 4; - f = builtins.elemAt hextets 5; - g = builtins.elemAt hextets 6; - h = builtins.elemAt hextets 7; - in - pure { - ipv6 = { - a = bit.or (bit.left 16 a) b; - b = bit.or (bit.left 16 c) d; - c = bit.or (bit.left 16 e) f; - d = bit.or (bit.left 16 g) h; - }; - }; - - ipv4' = fmap - ( - address: - let - upper = bit.right 16 address.ipv4; - lower = bit.mask 16 address.ipv4; - in - [ upper lower ] - ) - ipv4; - - part = n: - let - n' = n + 1; - hex = liftA2 list.cons hextet - ( - then_ colon - ( - alt - (then_ colon (doubleColon n')) - (part n') - ) - ); - in - if n == 7 - then fmap (a: [ a ]) hextet - else - if n == 6 - then alt ipv4' hex - else hex; - - doubleColon = n: - bind (alt afterDoubleColon (pure [])) ( - rest: - let - missing = 8 - n - builtins.length rest; - in - if missing < 0 - then empty - else pure (builtins.genList (_: 0) missing ++ rest) - ); - - afterDoubleColon = - alt ipv4' - ( - liftA2 list.cons hextet - ( - alt - (then_ colon afterDoubleColon) - (pure []) - ) - ); - - in - bind - ( - alt - ( - then_ - (string "::") - (doubleColon 0) - ) - (part 0) - ) - fromHextets; - - cidrv4 = - liftA2 - (base: length: implementations.cidr.make length base) - ipv4 - (then_ (char "/") (mfilter (n: n <= 32) decimal)); - - cidrv6 = - liftA2 - (base: length: implementations.cidr.make length base) - ipv6 - (then_ (char "/") (mfilter (n: n <= 128) decimal)); - - mac = - let - colon = char ":"; - - octet = exactly 2 hexadecimal; - - octet' = then_ colon octet; - - fromOctets = a: b: c: d: e: f: { - mac = bit.or (bit.left 8 (bit.or (bit.left 8 (bit.or (bit.left 8 (bit.or (bit.left 8 (bit.or (bit.left 8 a) b)) c)) d)) e)) f; - }; - in - liftA6 fromOctets octet octet' octet' octet' octet' octet'; - - in - { - ipv4 = run ipv4; - ipv6 = run ipv6; - ip = run (alt ipv4 ipv6); - cidrv4 = run cidrv4; - cidrv6 = run cidrv6; - cidr = run (alt cidrv4 cidrv6); - mac = run mac; - numeric = run (alt (alt ipv4 ipv6) mac); - }; - - builders = - let - - ipv4 = address: - let - abcd = address.ipv4; - abc = bit.right 8 abcd; - ab = bit.right 8 abc; - a = bit.right 8 ab; - b = bit.mask 8 ab; - c = bit.mask 8 abc; - d = bit.mask 8 abcd; - in - builtins.concatStringsSep "." (map toString [ a b c d ]); - - # This is more or less a literal translation of - # https://hackage.haskell.org/package/ip/docs/src/Net.IPv6.html#encode - ipv6 = address: - let - - digits = "0123456789abcdef"; - - toHexString = n: - let - rest = bit.right 4 n; - current = bit.mask 4 n; - prefix = - if rest == 0 - then "" - else toHexString rest; - in - "${prefix}${builtins.substring current 1 digits}"; - - in - if (with address.ipv6; a == 0 && b == 0 && c == 0 && d > 65535) - then "::${ipv4 { ipv4 = address.ipv6.d; }}" - else - if (with address.ipv6; a == 0 && b == 0 && c == 65535) - then "::ffff:${ipv4 { ipv4 = address.ipv6.d; }}" - else - let - - a = bit.right 16 address.ipv6.a; - b = bit.mask 16 address.ipv6.a; - c = bit.right 16 address.ipv6.b; - d = bit.mask 16 address.ipv6.b; - e = bit.right 16 address.ipv6.c; - f = bit.mask 16 address.ipv6.c; - g = bit.right 16 address.ipv6.d; - h = bit.mask 16 address.ipv6.d; - - hextets = [ a b c d e f g h ]; - - # calculate the position and size of the longest sequence of - # zeroes within the list of hextets - longest = - let - go = i: current: best: - if i < builtins.length hextets - then - let - n = builtins.elemAt hextets i; - - current' = - if n == 0 - then - if builtins.isNull current - then { - size = 1; - position = i; - } - else current // { - size = current.size + 1; - } - else null; - - best' = - if n == 0 - then - if builtins.isNull best - then current' - else - if current'.size > best.size - then current' - else best - else best; - in - go (i + 1) current' best' - else best; - in - go 0 null null; - - format = hextets: - builtins.concatStringsSep ":" (map toHexString hextets); - in - if builtins.isNull longest - then format hextets - else - let - sublist = i: length: xs: - map - (builtins.elemAt xs) - (builtins.genList (x: x + i) length); - - end = longest.position + longest.size; - - before = sublist 0 longest.position hextets; - - after = sublist end (builtins.length hextets - end) hextets; - in - "${format before}::${format after}"; - - ip = address: - if address ? ipv4 - then ipv4 address - else ipv6 address; - - cidrv4 = cidr: - "${ipv4 cidr.base}/${toString cidr.length}"; - - cidrv6 = cidr: - "${ipv6 cidr.base}/${toString cidr.length}"; - - cidr = cidr: - "${ip cidr.base}/${toString cidr.length}"; - - mac = address: - let - digits = "0123456789abcdef"; - octet = n: - let - upper = bit.right 4 n; - lower = bit.mask 4 n; - in - "${builtins.substring upper 1 digits}${builtins.substring lower 1 digits}"; - in - let - a = bit.mask 8 (bit.right 40 address.mac); - b = bit.mask 8 (bit.right 32 address.mac); - c = bit.mask 8 (bit.right 24 address.mac); - d = bit.mask 8 (bit.right 16 address.mac); - e = bit.mask 8 (bit.right 8 address.mac); - f = bit.mask 8 (bit.right 0 address.mac); - in - "${octet a}:${octet b}:${octet c}:${octet d}:${octet e}:${octet f}"; - - in - { - inherit ipv4 ipv6 ip cidrv4 cidrv6 cidr mac; - }; - - arithmetic = rec { - # or :: (ip | mac | integer) -> (ip | mac | integer) -> (ip | mac | integer) - or = a_: b: - let - a = coerce b a_; - in - if a ? ipv6 - then { - ipv6 = { - a = bit.or a.ipv6.a b.ipv6.a; - b = bit.or a.ipv6.b b.ipv6.b; - c = bit.or a.ipv6.c b.ipv6.c; - d = bit.or a.ipv6.d b.ipv6.d; - }; - } - else if a ? ipv4 - then { - ipv4 = bit.or a.ipv4 b.ipv4; - } - else if a ? mac - then { - mac = bit.or a.mac b.mac; - } - else bit.or a b; - - # and :: (ip | mac | integer) -> (ip | mac | integer) -> (ip | mac | integer) - and = a_: b: - let - a = coerce b a_; - in - if a ? ipv6 - then { - ipv6 = { - a = bit.and a.ipv6.a b.ipv6.a; - b = bit.and a.ipv6.b b.ipv6.b; - c = bit.and a.ipv6.c b.ipv6.c; - d = bit.and a.ipv6.d b.ipv6.d; - }; - } - else if a ? ipv4 - then { - ipv4 = bit.and a.ipv4 b.ipv4; - } - else if a ? mac - then { - mac = bit.and a.mac b.mac; - } - else bit.and a b; - - # not :: (ip | mac | integer) -> (ip | mac | integer) - not = a: - if a ? ipv6 - then { - ipv6 = { - a = bit.mask 32 (bit.not a.ipv6.a); - b = bit.mask 32 (bit.not a.ipv6.b); - c = bit.mask 32 (bit.not a.ipv6.c); - d = bit.mask 32 (bit.not a.ipv6.d); - }; - } - else if a ? ipv4 - then { - ipv4 = bit.mask 32 (bit.not a.ipv4); - } - else if a ? mac - then { - mac = bit.mask 48 (bit.not a.mac); - } - else bit.not a; - - # add :: (ip | mac | integer) -> (ip | mac | integer) -> (ip | mac | integer) - add = - let - split = a: { - fst = bit.mask 32 (bit.right 32 a); - snd = bit.mask 32 a; - }; - in - a_: b: - let - a = coerce b a_; - in - if a ? ipv6 - then - let - a' = split (a.ipv6.a + b.ipv6.a + b'.fst); - b' = split (a.ipv6.b + b.ipv6.b + c'.fst); - c' = split (a.ipv6.c + b.ipv6.c + d'.fst); - d' = split (a.ipv6.d + b.ipv6.d); - in - { - ipv6 = { - a = a'.snd; - b = b'.snd; - c = c'.snd; - d = d'.snd; - }; - } - else if a ? ipv4 - then { - ipv4 = bit.mask 32 (a.ipv4 + b.ipv4); - } - else if a ? mac - then { - mac = bit.mask 48 (a.mac + b.mac); - } - else a + b; - - # subtract :: (ip | mac | integer) -> (ip | mac | integer) -> (ip | mac | integer) - subtract = a: b: add (add 1 (not (coerce b a))) b; - - # diff :: (ip | mac | integer) -> (ip | mac | integer) -> (ipv6 | integer) - diff = a: b: - let - toIPv6 = coerce ({ ipv6.a = 0; }); - result = (subtract b (toIPv6 a)).ipv6; - max32 = bit.left 32 1 - 1; - in - if result.a == 0 && result.b == 0 && bit.right 31 result.c == 0 || result.a == max32 && result.b == max32 && bit.right 31 result.c == 1 - then bit.or (bit.left 32 result.c) result.d - else { - ipv6 = result; - }; - - # left :: integer -> (ip | mac | integer) -> (ip | mac | integer) - left = i: right (-i); - - # right :: integer -> (ip | mac | integer) -> (ip | mac | integer) - right = - let - step = i: x: { - _1 = bit.mask 32 (bit.right (i + 96) x); - _2 = bit.mask 32 (bit.right (i + 64) x); - _3 = bit.mask 32 (bit.right (i + 32) x); - _4 = bit.mask 32 (bit.right i x); - _5 = bit.mask 32 (bit.right (i - 32) x); - _6 = bit.mask 32 (bit.right (i - 64) x); - _7 = bit.mask 32 (bit.right (i - 96) x); - }; - ors = builtins.foldl' bit.or 0; - in - i: x: - if x ? ipv6 - then - let - a' = step i x.ipv6.a; - b' = step i x.ipv6.b; - c' = step i x.ipv6.c; - d' = step i x.ipv6.d; - in - { - ipv6 = { - a = ors [ a'._4 b'._3 c'._2 d'._1 ]; - b = ors [ a'._5 b'._4 c'._3 d'._2 ]; - c = ors [ a'._6 b'._5 c'._4 d'._3 ]; - d = ors [ a'._7 b'._6 c'._5 d'._4 ]; - }; - } - else if x ? ipv4 - then { - ipv4 = bit.mask 32 (bit.right i x.ipv4); - } - else if x ? mac - then { - mac = bit.mask 48 (bit.right i x.mac); - } - else bit.right i x; - - # shadow :: integer -> (ip | mac | integer) -> (ip | mac | integer) - shadow = n: a: and (right n (left n (coerce a (-1)))) a; - - # coshadow :: integer -> (ip | mac | integer) -> (ip | mac | integer) - coshadow = n: a: and (not (right n (left n (coerce a (-1))))) a; - - # coerce :: (ip | mac | integer) -> (ip | mac | integer) -> (ip | mac | integer) - coerce = target: value: - if target ? ipv6 - then - if value ? ipv6 - then value - else if value ? ipv4 - then { - ipv6 = { - a = 0; - b = 0; - c = 0; - d = value.ipv4; - }; - } - else if value ? mac - then { - ipv6 = { - a = 0; - b = 0; - c = bit.right 32 value.mac; - d = bit.mask 32 value.mac; - }; - } - else { - ipv6 = { - a = bit.mask 32 (bit.right 96 value); - b = bit.mask 32 (bit.right 64 value); - c = bit.mask 32 (bit.right 32 value); - d = bit.mask 32 value; - }; - } - else if target ? ipv4 - then - if value ? ipv6 - then { - ipv4 = value.ipv6.d; - } - else if value ? ipv4 - then value - else if value ? mac - then { - ipv4 = bit.mask 32 value.mac; - } - else { - ipv4 = bit.mask 32 value; - } - else if target ? mac - then - if value ? ipv6 - then { - mac = bit.or (bit.left 32 (bit.mask 16 value.ipv6.c)) value.ipv6.d; - } - else if value ? ipv4 - then { - mac = value.ipv4; - } - else if value ? mac - then value - else { - mac = bit.mask 48 value; - } - else - if value ? ipv6 - then builtins.foldl' bit.or 0 - [ - (bit.left 96 value.ipv6.a) - (bit.left 64 value.ipv6.b) - (bit.left 32 value.ipv6.c) - value.ipv6.d - ] - else if value ? ipv4 - then value.ipv4 - else if value ? mac - then value.mac - else value; - }; - - implementations = { - ip = { - # add :: (ip | mac | integer) -> ip -> ip - add = arithmetic.add; - - # diff :: ip -> ip -> (ipv6 | integer) - diff = arithmetic.diff; - - # subtract :: (ip | mac | integer) -> ip -> ip - subtract = arithmetic.subtract; - }; - - mac = { - # add :: (ip | mac | integer) -> mac -> mac - add = arithmetic.add; - - # diff :: mac -> mac -> (ipv6 | integer) - diff = arithmetic.diff; - - # subtract :: (ip | mac | integer) -> mac -> mac - subtract = arithmetic.subtract; - }; - - cidr = rec { - # add :: (ip | mac | integer) -> cidr -> cidr - add = delta: cidr: - let - size' = size cidr; - in - { - base = arithmetic.left size' (arithmetic.add delta (arithmetic.right size' cidr.base)); - inherit (cidr) length; - }; - - # capacity :: cidr -> integer - capacity = cidr: - let - size' = size cidr; - in - if size' > 62 - then 9223372036854775807 # maxBound to prevent overflow - else bit.left size' 1; - - # child :: cidr -> cidr -> bool - child = subcidr: cidr: - length subcidr > length cidr && contains (host 0 subcidr) cidr; - - # contains :: ip -> cidr -> bool - contains = ip: cidr: host 0 (make cidr.length ip) == host 0 cidr; - - # host :: (ip | mac | integer) -> cidr -> ip - host = index: cidr: - let - index' = arithmetic.coerce cidr.base index; - in - arithmetic.or (arithmetic.shadow cidr.length index') cidr.base; - - # length :: cidr -> integer - length = cidr: cidr.length; - - # netmask :: cidr -> ip - netmask = cidr: arithmetic.coshadow cidr.length (arithmetic.coerce cidr.base (-1)); - - # size :: cidr -> integer - size = cidr: (if cidr.base ? ipv6 then 128 else 32) - cidr.length; - - # subnet :: integer -> (ip | mac | integer) -> cidr -> cidr - subnet = length: index: cidr: - let - length' = cidr.length + length; - index' = arithmetic.coerce cidr.base index; - size = (if cidr.base ? ipv6 then 128 else 32) - length'; - in - make length' (host (arithmetic.left size index') cidr); - - # make :: integer -> ip -> cidr - make = length: base: - let - length' = math.clamp 0 (if base ? ipv6 then 128 else 32) length; - in - { - base = arithmetic.coshadow length' base; - length = length'; - }; - }; - }; - - typechecks = - let - - fail = description: function: argument: - builtins.throw "${function}: ${argument} parameter must be ${description}"; - - meta = parser: description: function: argument: input: - let - error = fail description function argument; - in - if !builtins.isString input - then error - else - let - result = parser input; - in - if builtins.isNull result - then error - else result; - - in - { - int = function: argument: input: - if builtins.isInt input - then input - else fail "an integer" function argument; - ip = meta parsers.ip "an IPv4 or IPv6 address"; - cidr = meta parsers.cidr "an IPv4 or IPv6 address range in CIDR notation"; - mac = meta parsers.mac "a MAC address"; - numeric = function: argument: input: - if builtins.isInt input - then input - else meta parsers.numeric "an integer or IPv4, IPv6 or MAC address" function argument input; - }; - -in -{ - inherit net; -} \ No newline at end of file diff --git a/nixos/boxes/colony/vms/estuary/dns.nix b/nixos/boxes/colony/vms/estuary/dns.nix index 59ae5de..8c537bb 100644 --- a/nixos/boxes/colony/vms/estuary/dns.nix +++ b/nixos/boxes/colony/vms/estuary/dns.nix @@ -14,7 +14,7 @@ in owner = "pdns"; group = "pdns"; }; - "estuary/pdns/recursor.conf" = { + "estuary/pdns/recursor.yml" = { owner = "pdns-recursor"; group = "pdns-recursor"; }; @@ -31,7 +31,7 @@ in pdns.recursor = { enable = true; - extraSettingsFile = config.age.secrets."estuary/pdns/recursor.conf".path; + extraSettingsFile = config.age.secrets."estuary/pdns/recursor.yml".path; }; }; @@ -44,45 +44,55 @@ in }; pdns-recursor = { - dns = { - address = [ - "127.0.0.1" "::1" - assignments.base.ipv4.address assignments.base.ipv6.address - ]; - allowFrom = [ - "127.0.0.0/8" "::1/128" - prefixes.all.v4 prefixes.all.v6 - ] ++ (with lib.my.c.tailscale.prefix; [ v4 v6 ]); - }; + yaml-settings = { + incoming = { + listen = [ + "127.0.0.1" "::1" + assignments.base.ipv4.address assignments.base.ipv6.address + ]; + allow_from = [ + "127.0.0.0/8" "::1/128" + prefixes.all.v4 prefixes.all.v6 + ] ++ (with lib.my.c.tailscale.prefix; [ v4 v6 ]); - settings = { - query-local-address = [ - assignments.internal.ipv4.address - assignments.internal.ipv6.address - assignments.base.ipv6.address - ]; - forward-zones = map (z: "${z}=127.0.0.1:5353") authZones; + # DNS NOTIFY messages override TTL + allow_notify_for = authZones; + allow_notify_from = [ "127.0.0.0/8" "::1/128" ]; + }; - # DNS NOTIFY messages override TTL - allow-notify-for = authZones; - allow-notify-from = [ "127.0.0.0/8" "::1/128" ]; + outgoing = { + source_address = [ + assignments.internal.ipv4.address + assignments.internal.ipv6.address + assignments.base.ipv6.address + ]; + }; - webserver = true; - webserver-address = "::"; - webserver-allow-from = [ "127.0.0.1" "::1" ]; + recursor = { + forward_zones = map (z: { + zone = z; + forwarders = [ "127.0.0.1:5353" ]; + }) authZones; - lua-dns-script = pkgs.writeText "pdns-script.lua" '' - function preresolve(dq) - if dq.qname:equal("nix-cache.nul.ie") then - dq:addAnswer(pdns.CNAME, "http.${config.networking.domain}.") - dq.rcode = 0 - dq.followupFunction = "followCNAMERecords" - return true + lua_dns_script = pkgs.writeText "pdns-script.lua" '' + function preresolve(dq) + if dq.qname:equal("nix-cache.nul.ie") then + dq:addAnswer(pdns.CNAME, "http.${config.networking.domain}.") + dq.rcode = 0 + dq.followupFunction = "followCNAMERecords" + return true + end + + return false end + ''; + }; - return false - end - ''; + webservice = { + webserver = true; + address = "::"; + allow_from = [ "127.0.0.1" "::1" ]; + }; }; }; }; diff --git a/nixos/boxes/colony/vms/shill/containers/toot.nix b/nixos/boxes/colony/vms/shill/containers/toot.nix index 5951c7e..3254a70 100644 --- a/nixos/boxes/colony/vms/shill/containers/toot.nix +++ b/nixos/boxes/colony/vms/shill/containers/toot.nix @@ -87,7 +87,7 @@ in netdata.enable = true; mastodon = mkMerge [ rec { - enable = true; + enable = false; localDomain = extraConfig.WEB_DOMAIN; # for nginx config extraConfig = { LOCAL_DOMAIN = "nul.ie"; @@ -95,7 +95,9 @@ in }; secretKeyBaseFile = config.age.secrets."toot/secret-key.txt".path; - otpSecretFile = config.age.secrets."toot/otp-secret.txt".path; + # TODO: This was removed at some point. + # If we want to bring Mastodon back, this will probably need to be addressd. + # otpSecretFile = config.age.secrets."toot/otp-secret.txt".path; vapidPrivateKeyFile = config.age.secrets."toot/vapid-key.txt".path; vapidPublicKeyFile = toString (pkgs.writeText "vapid-pubkey.txt" @@ -164,7 +166,7 @@ in }; }; - pds = { + bluesky-pds = { enable = true; environmentFiles = [ config.age.secrets."toot/pds.env".path ]; settings = { diff --git a/nixos/boxes/home/palace/vms/sfh/containers/hass.nix b/nixos/boxes/home/palace/vms/sfh/containers/hass.nix index 54438aa..7b8dca1 100644 --- a/nixos/boxes/home/palace/vms/sfh/containers/hass.nix +++ b/nixos/boxes/home/palace/vms/sfh/containers/hass.nix @@ -178,6 +178,9 @@ in dependencies = with ps; [ requests ]; + + pyproject = true; + build-system = [ ps.setuptools ]; }; in { diff --git a/nixos/boxes/home/palace/vms/sfh/containers/unifi.nix b/nixos/boxes/home/palace/vms/sfh/containers/unifi.nix index 91b63b5..285fe90 100644 --- a/nixos/boxes/home/palace/vms/sfh/containers/unifi.nix +++ b/nixos/boxes/home/palace/vms/sfh/containers/unifi.nix @@ -55,8 +55,8 @@ in unifi = { enable = true; openFirewall = true; - unifiPackage = pkgs.unifi8; - mongodbPackage = pkgs.mongodb-6_0; + unifiPackage = pkgs.unifi; + mongodbPackage = pkgs.mongodb-7_0; }; }; }; diff --git a/nixos/boxes/home/routing-common/default.nix b/nixos/boxes/home/routing-common/default.nix index 620e4b3..0bc8cbf 100644 --- a/nixos/boxes/home/routing-common/default.nix +++ b/nixos/boxes/home/routing-common/default.nix @@ -141,8 +141,8 @@ in onState = [ "configured" ]; script = '' #!${pkgs.runtimeShell} - if [ $IFACE = "wan-ifb" ]; then - ${pkgs.iproute2}/bin/tc filter add dev wan parent ffff: matchall action mirred egress redirect dev $IFACE + if [ "$IFACE" = "wan-ifb" ]; then + ${pkgs.iproute2}/bin/tc filter add dev wan parent ffff: matchall action mirred egress redirect dev "$IFACE" fi ''; }; diff --git a/nixos/boxes/home/routing-common/dns.nix b/nixos/boxes/home/routing-common/dns.nix index fd0ce02..791bf3b 100644 --- a/nixos/boxes/home/routing-common/dns.nix +++ b/nixos/boxes/home/routing-common/dns.nix @@ -19,7 +19,7 @@ in owner = "pdns"; group = "pdns"; }; - "home/pdns/recursor.conf" = { + "home/pdns/recursor.yml" = { owner = "pdns-recursor"; group = "pdns-recursor"; }; @@ -28,71 +28,78 @@ in pdns.recursor = { enable = true; - extraSettingsFile = config.age.secrets."home/pdns/recursor.conf".path; + extraSettingsFile = config.age.secrets."home/pdns/recursor.yml".path; }; }; services = { pdns-recursor = { - dns = { - address = [ - "127.0.0.1" "::1" - assignments.hi.ipv4.address assignments.hi.ipv6.address - assignments.lo.ipv4.address assignments.lo.ipv6.address - ]; - allowFrom = [ - "127.0.0.0/8" "::1/128" - prefixes.hi.v4 prefixes.hi.v6 - prefixes.lo.v4 prefixes.lo.v6 - ] ++ (with lib.my.c.tailscale.prefix; [ v4 v6 ]); - }; + yaml-settings = { + incoming = { + listen = [ + "127.0.0.1" "::1" + assignments.hi.ipv4.address assignments.hi.ipv6.address + assignments.lo.ipv4.address assignments.lo.ipv6.address + ]; + allow_from = [ + "127.0.0.0/8" "::1/128" + prefixes.hi.v4 prefixes.hi.v6 + prefixes.lo.v4 prefixes.lo.v6 + ] ++ (with lib.my.c.tailscale.prefix; [ v4 v6 ]); - settings = { - query-local-address = [ - "0.0.0.0" - "::" - ]; - forward-zones = map (z: "${z}=127.0.0.1:5353") authZones; + # DNS NOTIFY messages override TTL + allow_notify_for = authZones; + allow_notify_from = [ "127.0.0.0/8" "::1/128" ]; + }; - # DNS NOTIFY messages override TTL - allow-notify-for = authZones; - allow-notify-from = [ "127.0.0.0/8" "::1/128" ]; + outgoing = { + source_address = [ "0.0.0.0" "::" ]; + }; - webserver = true; - webserver-address = "::"; - webserver-allow-from = [ "127.0.0.1" "::1" ]; + recursor = { + forward_zones = map (z: { + zone = z; + forwarders = [ "127.0.0.1:5353" ]; + }) authZones; - lua-dns-script = pkgs.writeText "pdns-script.lua" '' - blocklist = newDS() + lua_dns_script = pkgs.writeText "pdns-script.lua" '' + blocklist = newDS() - function preresolve(dq) - local name = dq.qname:toString() + function preresolve(dq) + local name = dq.qname:toString() - -- Disney+ doesn't like our IP space... - if dq.qtype == pdns.AAAA and (string.find(name, "disneyplus") or string.find(name, "disney-plus") or string.find(name , "disney.api")) then - dq.rcode = 0 - return true - end - - if blocklist:check(dq.qname) then - if dq.qtype == pdns.A then - dq:addAnswer(dq.qtype, "127.0.0.1") - elseif dq.qtype == pdns.AAAA then - dq:addAnswer(dq.qtype, "::1") + -- Disney+ doesn't like our IP space... + if dq.qtype == pdns.AAAA and (string.find(name, "disneyplus") or string.find(name, "disney-plus") or string.find(name , "disney.api")) then + dq.rcode = 0 + return true end - return true + + if blocklist:check(dq.qname) then + if dq.qtype == pdns.A then + dq:addAnswer(dq.qtype, "127.0.0.1") + elseif dq.qtype == pdns.AAAA then + dq:addAnswer(dq.qtype, "::1") + end + return true + end + + return false end - return false - end - - for line in io.lines("${./dns-blocklist.txt}") do - entry = line:gsub("%s+", "") - if entry ~= "" and string.sub(entry, 1, 1) ~= "#" then - blocklist:add(entry) + for line in io.lines("${./dns-blocklist.txt}") do + entry = line:gsub("%s+", "") + if entry ~= "" and string.sub(entry, 1, 1) ~= "#" then + blocklist:add(entry) + end end - end - ''; + ''; + }; + + webservice = { + webserver = true; + address = "::"; + allow_from = [ "127.0.0.1" "::1" ]; + }; }; }; }; diff --git a/nixos/boxes/kelder/containers/spoder/default.nix b/nixos/boxes/kelder/containers/spoder/default.nix index b876e9b..c661f7c 100644 --- a/nixos/boxes/kelder/containers/spoder/default.nix +++ b/nixos/boxes/kelder/containers/spoder/default.nix @@ -92,7 +92,8 @@ in nextcloud = { enable = true; - package = pkgs.nextcloud29; + # TODO: Might need to do some bullshit to go from Nextcloud 28 (?) to 30 + package = pkgs.nextcloud30; datadir = "/mnt/storage/nextcloud"; hostName = "cloud.${domain}"; https = true; diff --git a/nixos/installer.nix b/nixos/installer.nix index 49a3aa3..33c38a2 100644 --- a/nixos/installer.nix +++ b/nixos/installer.nix @@ -31,8 +31,10 @@ server.enable = true; }; + image = { + baseName = "jackos-installer"; + }; isoImage = { - isoBaseName = "jackos-installer"; volumeID = "jackos-${config.system.nixos.release}-${pkgs.stdenv.hostPlatform.uname.processor}"; edition = "devplayer0"; appendToMenuLabel = " /dev/player0 Installer"; diff --git a/nixos/modules/borgthin.nix b/nixos/modules/borgthin.nix index 7d06d4f..2284440 100644 --- a/nixos/modules/borgthin.nix +++ b/nixos/modules/borgthin.nix @@ -1,4 +1,4 @@ -{ lib, pkgs, config, ... }: +{ inputs, lib, pkgs, config, ... }: let inherit (builtins) substring match; inherit (lib) @@ -127,7 +127,9 @@ in enable = mkBoolOpt' false "Whether to enable borgthin jobs"; lvmPackage = mkOpt' package pkgs.lvm2 "Packge containing LVM tools"; thinToolsPackage = mkOpt' package pkgs.thin-provisioning-tools "Package containing thin-provisioning-tools"; - package = mkOpt' package pkgs.borgthin "borgthin package"; + # Really we should use the version from the overlay, but the package is quite far behind... + # Not bothering to update until Borg 2.0 releases + package = mkOpt' package inputs.borgthin.packages.${config.nixpkgs.system}.borgthin "borgthin package"; jobs = mkOpt' (attrsOf jobType) { } "borgthin jobs"; }; diff --git a/nixos/modules/build.nix b/nixos/modules/build.nix index a1b88df..11a648f 100644 --- a/nixos/modules/build.nix +++ b/nixos/modules/build.nix @@ -221,8 +221,8 @@ in memorySize = dummyOption; qemu.options = dummyOption; }; + image.baseName = dummyOption; isoImage = { - isoBaseName = dummyOption; volumeID = dummyOption; edition = dummyOption; appendToMenuLabel = dummyOption; diff --git a/nixos/modules/common.nix b/nixos/modules/common.nix index 8e856cf..77614d4 100644 --- a/nixos/modules/common.nix +++ b/nixos/modules/common.nix @@ -65,9 +65,10 @@ in }; nixpkgs = { overlays = [ - inputs.deploy-rs.overlay + inputs.deploy-rs.overlays.default inputs.sharry.overlays.default - inputs.borgthin.overlays.default + # TODO: Re-enable when borgthin is updated + # inputs.borgthin.overlays.default inputs.boardie.overlays.default ]; config = { diff --git a/nixos/modules/netboot/default.nix b/nixos/modules/netboot/default.nix index 2093e2d..437d3ba 100644 --- a/nixos/modules/netboot/default.nix +++ b/nixos/modules/netboot/default.nix @@ -30,23 +30,25 @@ let substituteAll ${./menu.ipxe} "$out" ''; - bootBuilder = pkgs.substituteAll { + bootBuilder = pkgs.replaceVarsWith { src = ./netboot-loader-builder.py; isExecutable = true; - inherit (pkgs) python3; - bootspecTools = pkgs.bootspec; - nix = config.nix.package.out; + replacements = { + inherit (pkgs) python3; + bootspecTools = pkgs.bootspec; + nix = config.nix.package.out; - inherit (config.system.nixos) distroName; - systemName = config.system.name; - inherit (cfg.client) configurationLimit; - checkMountpoints = pkgs.writeShellScript "check-mountpoints" '' - if ! ${pkgs.util-linuxMinimal}/bin/findmnt /boot > /dev/null; then - echo "/boot is not a mounted partition. Is the path configured correctly?" >&2 - exit 1 - fi - ''; + inherit (config.system.nixos) distroName; + systemName = config.system.name; + inherit (cfg.client) configurationLimit; + checkMountpoints = pkgs.writeShellScript "check-mountpoints" '' + if ! ${pkgs.util-linuxMinimal}/bin/findmnt /boot > /dev/null; then + echo "/boot is not a mounted partition. Is the path configured correctly?" >&2 + exit 1 + fi + ''; + }; }; in { diff --git a/nixos/modules/network.nix b/nixos/modules/network.nix index 38f5303..5e88d62 100644 --- a/nixos/modules/network.nix +++ b/nixos/modules/network.nix @@ -12,16 +12,6 @@ in useNetworkd = mkDefault true; }; - systemd = { - additionalUpstreamSystemUnits = mkIf (config.system.nixos.release == "24.12:u-24.11") [ - # TODO: NixOS has its own version of this, but with `network` instead of `networkd`. Is this just a typo? It - # hasn't been updated in 2 years... - # This has been done upstream now :) - # TODO: Remove when 25.05 releases - "systemd-networkd-wait-online@.service" - ]; - }; - services.resolved = { domains = [ config.networking.domain ]; # Explicitly unset fallback DNS (Nix module will not allow for a blank config) diff --git a/nixos/modules/nvme/default.nix b/nixos/modules/nvme/default.nix index 77c03de..0626a58 100644 --- a/nixos/modules/nvme/default.nix +++ b/nixos/modules/nvme/default.nix @@ -4,19 +4,6 @@ let inherit (lib.my) mkOpt'; cfg = config.my.nvme; - nvme-cli = pkgs.nvme-cli.override { - libnvme = pkgs.libnvme.overrideAttrs (o: rec { - # TODO: Remove when 1.11.1 releases (see https://github.com/linux-nvme/libnvme/pull/914) - version = "1.11.1"; - src = pkgs.fetchFromGitHub { - owner = "linux-nvme"; - repo = "libnvme"; - rev = "v${version}"; - hash = "sha256-CEGr7PDOVRi210XvICH8iLYDKn8S9bGruBO4tycvsT8="; - }; - patches = (if (o ? patches) then o.patches else [ ]) ++ [ ./libnvme-hostconf.patch ]; - }); - }; hostNQN = "nqn.2014-08.org.nvmexpress:uuid:${cfg.uuid}"; etc = prefix: { @@ -36,7 +23,7 @@ in config = mkIf (cfg.uuid != null) { environment = { systemPackages = [ - nvme-cli + pkgs.nvme-cli ]; etc = etc ""; }; @@ -52,10 +39,6 @@ in ip = "${iproute2}/bin/ip"; nvme = "${nvme-cli}/bin/nvme"; }; - extraConfig = '' - DefaultTimeoutStartSec=20 - DefaultDeviceTimeoutSec=20 - ''; network = { enable = true; @@ -70,14 +53,25 @@ in serviceConfig = { Type = "oneshot"; - ExecStart = "${nvme-cli}/bin/nvme connect -t rdma -a ${cfg.boot.address} -n ${cfg.boot.nqn}"; + ExecStart = "${pkgs.nvme-cli}/bin/nvme connect -t rdma -a ${cfg.boot.address} -n ${cfg.boot.nqn}"; Restart = "on-failure"; RestartSec = 10; }; wantedBy = [ "initrd-root-device.target" ]; }; - }; + # TODO: Remove when 25.11 releases + } // (if (lib.versionAtLeast lib.my.upstreamRelease "25.11") then { + settings.Manager = { + DefaultTimeoutStartSec = 20; + DefaultDeviceTimeoutSec = 20; + }; + } else { + extraConfig = '' + DefaultTimeoutStartSec=20 + DefaultDeviceTimeoutSec=20 + ''; + }); }; }; }; diff --git a/nixos/modules/pdns.nix b/nixos/modules/pdns.nix index fc69878..0984504 100644 --- a/nixos/modules/pdns.nix +++ b/nixos/modules/pdns.nix @@ -1,7 +1,7 @@ { lib, pkgs, config, ... }: let inherit (builtins) isList; - inherit (lib) mkMerge mkIf mkDefault mapAttrsToList concatMapStringsSep concatStringsSep; + inherit (lib) mkMerge mkIf mkDefault mapAttrsToList concatMapStringsSep concatStringsSep getExe; inherit (lib.my) mkBoolOpt' mkOpt'; # Yoinked from nixos/modules/services/networking/pdns-recursor.nix @@ -165,7 +165,7 @@ let extraSettingsOpt = with lib.types; mkOpt' (nullOr str) null "Path to extra settings (e.g. for secrets)."; baseAuthSettings = pkgs.writeText "pdns.conf" (settingsToLines cfg.auth.settings); - baseRecursorSettings = pkgs.writeText "pdns-recursor.conf" (settingsToLines config.services.pdns-recursor.settings); + baseRecursorSettings = (pkgs.formats.yaml { }).generate "pdns-recursor.yaml" config.services.pdns-recursor.yaml-settings; generateSettings = type: base: dst: if (cfg."${type}".extraSettingsFile != null) then '' oldUmask="$(umask)" umask 006 @@ -174,6 +174,14 @@ let '' else '' cp "${base}" "${dst}" ''; + generateYamlSettings = type: base: dst: if (cfg."${type}".extraSettingsFile != null) then '' + oldUmask="$(umask)" + umask 006 + ${getExe pkgs.yaml-merge} "${base}" "${cfg."${type}".extraSettingsFile}" > "${dst}" + umask "$oldUmask" + '' else '' + cp "${base}" "${dst}" + ''; namedConf = pkgs.writeText "pdns-named.conf" '' options { @@ -315,9 +323,9 @@ in (mkIf cfg.recursor.enable { systemd.services.pdns-recursor = { preStart = '' - ${generateSettings "recursor" baseRecursorSettings "/run/pdns-recursor/recursor.conf"} + ${generateYamlSettings "recursor" baseRecursorSettings "/run/pdns-recursor/recursor.yml"} ''; - serviceConfig.ExecStart = [ "" "${pkgs.pdns-recursor}/bin/pdns_recursor --config-dir=/run/pdns-recursor" ]; + serviceConfig.ExecStart = [ "" "${pkgs.pdns-recursor}/bin/pdns_recursor --config-dir=/run/pdns-recursor --daemon=no --write-pid=no --disable-syslog --log-timestamp=no" ]; }; services.pdns-recursor = { diff --git a/nixos/modules/tmproot.nix b/nixos/modules/tmproot.nix index 6d29857..c1e37f8 100644 --- a/nixos/modules/tmproot.nix +++ b/nixos/modules/tmproot.nix @@ -551,7 +551,7 @@ in ]; }); }) - (mkIf (config.services ? "pds" && config.services.pds.enable) { + (mkIf (config.services ? "bluesky-pds" && config.services.bluesky-pds.enable) { my.tmproot.persistence.config.directories = [ { directory = "/var/lib/pds"; diff --git a/pkgs/chocolate-doom2xx/default.nix b/pkgs/chocolate-doom2xx/default.nix index a232524..bd5c856 100644 --- a/pkgs/chocolate-doom2xx/default.nix +++ b/pkgs/chocolate-doom2xx/default.nix @@ -1,4 +1,4 @@ -{ lib, stdenv, autoreconfHook, pkg-config, SDL, SDL_mixer, SDL_net +{ lib, stdenv, autoreconfHook, pkg-config, SDL1, SDL_mixer, SDL_net , fetchFromGitHub, fetchpatch, python3 }: stdenv.mkDerivation rec { @@ -35,7 +35,7 @@ stdenv.mkDerivation rec { # for documentation python3 ]; - buildInputs = [ (SDL.override { cacaSupport = true; }) SDL_mixer SDL_net ]; + buildInputs = [ (SDL1.override { cacaSupport = true; }) SDL_mixer SDL_net ]; enableParallelBuilding = true; meta = { diff --git a/pkgs/windowtolayer.nix b/pkgs/windowtolayer.nix index f90ea3d..c0da3da 100644 --- a/pkgs/windowtolayer.nix +++ b/pkgs/windowtolayer.nix @@ -1,18 +1,25 @@ { lib , fetchFromGitLab , rustPlatform +, python3 +, rustfmt }: rustPlatform.buildRustPackage rec { pname = "windowtolayer"; - version = "a5b89c3c"; + version = "97ebd079"; + + nativeBuildInputs = [ + python3 + rustfmt + ]; src = fetchFromGitLab { domain = "gitlab.freedesktop.org"; owner = "mstoeckl"; repo = pname; - rev = "a5b89c3c047297fd574932860a6c89e9ea02ba5d"; - hash = "sha256-rssL2XkbTqUvJqfUFhzULeE4/VBzjeBC5iZWSJ8MJ+M="; + rev = "97ebd0790b13bf00afb0c53a768397882fd2e831"; + hash = "sha256-XjbhZEoE5NPBofyJe7OSsE7MWgzjyRjBqiEzaQEuRrU="; }; - cargoHash = "sha256-XHmLsx9qdjlBz4xJFFiO24bR9CMw1o5368K+YMpMIBA="; + cargoHash = "sha256-M0BVSUEFGvjgX+vSpwzvaEGs0i80XOTCzvbV4SzYpLc="; } diff --git a/secrets/estuary/pdns/recursor.conf.age b/secrets/estuary/pdns/recursor.conf.age deleted file mode 100644 index d3b7c05..0000000 --- a/secrets/estuary/pdns/recursor.conf.age +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG44Q3BVdyA4bGQr -dzJZbU4reWI1Sk45QTR3UkRoc0NvaDBFcUwrVWlCYWUrcWtYZGpNCm1PWjVzRVlt -UDFKY2ZSZTg4S2pVZ0pDNzR1WklYQ3pEclJZLy9kKzdGTGsKLT4gWDI1NTE5IHFO -TXVRK2d3azg2cHpRanhUNXp6YnRsZW1MUDJqc3l1bnNYNUhHaTIzMVkKWXp1M09H -TnJIazRmb0tOSnE1Q0E1dERiaHZCQkh2YzE1cS9zRUhwaEovMAotPiBzPj5nLWdy -ZWFzZQozSThRWnJCcVFFRHpoSi9tZnZMdnJoRlFud2VISHBHSThMem9qZVVWdS9C -VFBDVEVzbUVCdFU2Qy9PaGdyc0FaCmk3UFZma2ZiR3hmWG1sa053bDBnY04yZ1VZ -TW9jZwotLS0gMDVSaE5aakxHenFPVXpXa1JxczlWQ2x2VGNuQzdwaWZFTTFTaUp6 -cnRmZwoomylfwjD5A3N21/mk1Wtt8f4bsK747iZz7KT34kqmoX597rbGYxyip5lg -VLZV6CY4LLRjnnSKoC2hIXU0dgudAmvxhztuaQ42fOc= ------END AGE ENCRYPTED FILE----- diff --git a/secrets/estuary/pdns/recursor.yml.age b/secrets/estuary/pdns/recursor.yml.age new file mode 100644 index 0000000..aa4f45d --- /dev/null +++ b/secrets/estuary/pdns/recursor.yml.age @@ -0,0 +1,12 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IG44Q3BVdyB0RnVq +RUpSZy9qZ29DemdnWjdscHMvelRYUGF0YVZlNDFtdzFRdVljbGpZCjdWcE50ck44 +NVBsbVk3SmR6cHhHdkJ0TWI2S2ppOUtnK3pMK28xeTc0KzgKLT4gWDI1NTE5IHIy +SEUxOCtjK3VFMEozblB1T00yRTE3c3dRSXIydmJHdmEvL25yMStOUVEKbE1XdU4z +L1lLcEJWY2w2WXRWbmVIN0ZBRVl1R1dhNk10MWtheTRCYjloZwotPiBXXXRKcS1n +cmVhc2UgRUBEWyBwamZsOVQKZ09pVGdWUG02WmxUcGNBN3RnbE42V05xRDE2azMr +WHd3VEt0NmwvZnI1dXdiSjNvaStsNTZmUEhwbUp5cVlieQpSYmhUVm1GbEJVdXo3 +ZwotLS0gSkFZMFdiRHBjWFJsR3pqcytYZkEza3dsZ0ZyaDkxdmliZ3RUOFErUXlt +cwq9gj+Fg4p2D1548J+bhvJ0re9uVm9TZ9lJSqmj5tMxWRS9aN1j9BlhmK/RnEG9 +KcodvBiyqibzauS4KC18xLLu986hK2gn3857waXn/AIp+p8BIA2J9M2M +-----END AGE ENCRYPTED FILE----- diff --git a/secrets/home/pdns/recursor.conf.age b/secrets/home/pdns/recursor.conf.age deleted file mode 100644 index 30e5a03..0000000 --- a/secrets/home/pdns/recursor.conf.age +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpOcUlvZyBlODZr -RHpJcFdFaVNYM0x1d3QxVmhKTFBkMndrakFYS3FxWk00YWxXejNzCkFqWFlCWUt2 -cGluRGtxODQzbElhRWt1TGFVeTE1UU5SSkdZejJzNVdhZ3cKLT4gc3NoLWVkMjU1 -MTkgcytxUmZnIFRpeVNsT2Jqc2I4dzB3cEFWK2ZEZlpJQklWSnhJM3o0Ukhsc1lz -REZ0VFkKWWJPckVSNlZHREJIVVgwNVNBSkpSbHRPcUxIWVo4ZTlyVkovTGRpZThL -MAotPiBYMjU1MTkgUGxhR2d3TVh1dnJwQjNoY0pjV09halZKZFhybVk3Vjk3Tmwr -bDd5ckp6MApBcW8zbUl1SnhmOXZwOFRNUG1EZUNacDlXdXJSbWFUeG5GNjM3eXJo -RmR3Ci0+IDstZ3JlYXNlICRoICVbfmU2fQpFYzNyZXBxVU5jT3JSY1NFMGEzUnVF -WFQ2MmR2SGQ0Vnd6V0VxQlp5bE5LZ2NML2hyd09LOEVPL2lGREdLR3FMCmVGN09J -OUNscVh1d0VSdwotLS0gbTB1NnZ4Q3B6WE1KVzJjbmVwL2dEVjc4WnRXZTlYbFBG -T3htUHBWang2awr0OgkUO6XPZji5ZBNpqGwOlwpa605t38QCmFSXvPQhvT4Gj/0+ -rUvg7zWf5Yb4c86EDD05CsqGEUQTOKEz08z0lewN5kuFfZmrYQY= ------END AGE ENCRYPTED FILE----- diff --git a/secrets/home/pdns/recursor.yml.age b/secrets/home/pdns/recursor.yml.age new file mode 100644 index 0000000..6c2bdbf --- /dev/null +++ b/secrets/home/pdns/recursor.yml.age @@ -0,0 +1,14 @@ +-----BEGIN AGE ENCRYPTED FILE----- +YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFpOcUlvZyBJSU1V +M1QyaWcvcFJlUlJEcDVvblJGcXJDWk11RDhCZzBkY2Qyc2lDQW5jCjJVRVBWMTZy +SHNTZG9ZSnZ3RjRqUE9Ub3JKZERkcTZpeEhSUlppTmVsZm8KLT4gc3NoLWVkMjU1 +MTkgcytxUmZnIFFsbm1oNk1jNndoU0J3SkdFSkNhSGNVRjdQb2JSUFBnczVwdlF0 +bDVhaVUKaFBzSHF3THNiL09Ib2ZhOFlyNVY0Q1ZwOUMwczZiQW9jVlNwanRYek1P +WQotPiBYMjU1MTkgcEppMVBpbmRGS1h5RUgwNkZPZ0dXWVpkdXlZcFc5S3dQaDA4 +THdhUm9oTQpLbUpTaVVuQ29Zc3FuQ2MyaFcvTkxVK1l1T3V0L3FZSXZBS2dlY2hM +VUNVCi0+IENcLWdyZWFzZSAnNGJjfiB1IHB3QDpUIHsoQi57Ilw9CnkxdFRqWVZi +ZFdHQXJwNGZuNDg2Q3cKLS0tIDJSNmthczc1U2xxSlVKZDBLc1BHNnFMV3MwK3Qr +ckJDL204d210NW1Pb2sKCC+sa8uPupC3Rv+o12XT/wTmLsKhtaE/bbshPCDIHUFn +cpTwpY96JsCShAjSb6n7Xt6FgTKTFt2iDsGQ6+sLp0AJ2quxRaoxmqaFVsz4p8BL +gF0On7LgZg== +-----END AGE ENCRYPTED FILE-----