Commit graph

249 commits

Author SHA1 Message Date
Bruno BELANYI 825e09f59e flake: refactor handling of shared modules 2021-05-08 17:14:13 +02:00
Bruno BELANYI 817ca1e9df machine: aramis: add installer script
This is the first time that I am setting up LVM-on-LUKS with NixOS, so a
VM came in handy to test it out.
2021-05-08 17:14:13 +02:00
Bruno BELANYI 5041fc7472 project: add bootstrap script 2021-05-08 17:14:13 +02:00
Bruno BELANYI 08c16bd27f pkgs: diff-flake: add 'host' and 'shell' options 2021-05-08 17:14:13 +02:00
Bruno BELANYI 25823f4ee6 flake: bump inputs 2021-05-08 17:14:13 +02:00
Bruno BELANYI 2a1dda12d4 pkgs: diff-flake: use 'makeWrapper'
This makes it easier to test the script, as I just run it normally
without building it.
2021-05-08 17:14:13 +02:00
Bruno BELANYI 12475ff3a8 pkgs: diff-flake: do not default to verbose build 2021-05-08 17:14:13 +02:00
Bruno BELANYI 2fac46b606 pkgs: diff-flake: fix '--flake-output' handling
I'm surprised that `shellcheck` did not pick up this error, `INPUTS` was
leftover from the previous name of the variable before a refactor...
2021-05-08 17:14:13 +02:00
Bruno BELANYI 0ec56784e9 flake: use explicit input format
And reorder the inputs to be in alphabetical order, because that is
always neater :-).
2021-05-08 17:14:13 +02:00
Bruno BELANYI f64454811e pkgs: diff-flake: resolve given revs to commit ids 2021-05-08 17:14:13 +02:00
Bruno BELANYI f817b278fe pkgs: diff-flake: substitute 'mktemp' 2021-05-08 17:14:13 +02:00
Bruno BELANYI 37a134ebd2 flake: add 'diff-flake' to 'apps' and 'defaultApp'
That way I can just run `nix flake update`, commit, and `nix run` to get
a list of updates.
2021-05-08 17:14:13 +02:00
Bruno BELANYI 7d91351c8e pkgs: add diff-flake
This is a nice helper to know what has changed after bumping a flake's
inputs.
2021-05-08 17:14:13 +02:00
Bruno BELANYI 9612258118 flake: do not throw on dirty tree
This is mostly inconvenient, I have enough discipline not to need it
anymore.
2021-04-25 12:39:17 +00:00
Bruno BELANYI 49232423ca lib: ip: verify ip is valid in 'check' 2021-04-25 12:39:17 +00:00
Bruno BELANYI 0112dd87ac lib: ip: add 'isValidIp4' 2021-04-25 12:39:17 +00:00
Bruno BELANYI 5a06ab74bb lib: ip: add 'nth' utility to 'parseSubnet4' 2021-04-25 12:39:17 +00:00
Bruno BELANYI 1968285d0a lib: ip: add 'nthInRange4'
And use it to refactor 'rangeIp4'
2021-04-25 12:39:17 +00:00
Bruno BELANYI 509332270e services: wireguard: refactor DNS configuration 2021-04-25 12:39:17 +00:00
Bruno BELANYI 05c9a46cde services: wireguard: add internal-only option 2021-04-25 12:39:17 +00:00
Bruno BELANYI 196f9a3e34 services: wireguard: fix server routing
I had made a mistake, hard-coding the server as being `1` for its client
number, instead of using the one configured from its peer configuration.
2021-04-25 12:39:17 +00:00
Bruno BELANYI 26eac86de0 services: wireguard: clean up logic
This module has a complicated logic, and I found the code quite ugly.
making use of `mkMerge` makes it easier to read and think through.
2021-04-25 12:39:17 +00:00
Bruno BELANYI 84b61b25b3 services: wireguard: allow disabling service
Only the server *needs* to have wireguard up at all times. However a
laptop or desktop probably doesn't need it up at all times.
2021-04-25 12:39:17 +00:00
Bruno BELANYI f79fcd020b services: wireguard: set up DNS server on clients
This makes use of my newly written adblocking DNS service, it does
assume that the server would have both wireguard and DNS enabled.

I would also like to move to using my ip-related library functions,
however it does not support IPv6 and is unlikely to be easily added...
But I am not sure that I *need* IPv6 support for my use-case.

Finally, I find this module a bit too heavy, it could be improved by
having specific 'server' and 'client' roles, instead of implicit roles
depending on whether an external IP exists.
2021-04-25 12:39:17 +00:00
Bruno BELANYI 3696471201 services: adblock: restrict to wireguard interface 2021-04-25 12:39:17 +00:00
Bruno BELANYI a551ace6a6 machines: porthos: services: enable adblock 2021-04-25 12:39:17 +00:00
Bruno BELANYI 5b0d12ad40 services: add adblock
This is a self-hosted DNS server with hosts-based adblocking.

I should probably have it update the hosts file more often than I will
probably end up doing myself with a package... We'll see if it ends up
being necessary.
2021-04-25 12:39:17 +00:00
Bruno BELANYI d10f0ed103 pkgs: add unbound-zones-adblock
Unbound wants a configuration file that is not actually formatted like
StevenBlack's hosts files. This derivation fixes that.
2021-04-25 12:39:17 +00:00
Bruno BELANYI 20c20cef46 pkgs: add unified-hosts-lists 2021-04-25 12:39:17 +00:00
Bruno BELANYI 63d28c4ae2 lib: ip: add 'rangeIp4'
The `range` attribute is not very useful by itself. However this
generator can convert it into a list of all addresses in the given
range.
2021-04-25 12:39:17 +00:00
Bruno BELANYI ad006bf2b8 lib: add ip 2021-04-25 12:39:17 +00:00
Bruno BELANYI e438b7b5f5 pkgs: add havm
This is a dependency for Tiger Compiler [1].

[1]: https://assignments.lrde.epita.fr/
2021-04-25 12:39:17 +00:00
Bruno BELANYI 9a9ec81204 pkgs: add nolimips
This is a dependency for Tiger Compiler [1].

[1]: https://assignments.lrde.epita.fr/
2021-04-25 12:39:17 +00:00
Bruno BELANYI 89ea720bff flake: expose custom packages as output 2021-04-25 12:39:17 +00:00
Bruno BELANYI 67faf8fa43 services: lohr: update log environment variable 2021-04-25 12:39:17 +00:00
Bruno BELANYI e6d46b3c59 pkgs: extract lohr from 'services/lohr' 2021-04-25 12:39:17 +00:00
Bruno BELANYI b06f265291 pkgs: extract podgrab from 'services/podgrab' 2021-04-25 12:39:17 +00:00
Bruno BELANYI edb9c46106 flake: introduce 'pkgs' overlay
Also make it the prime overlay instead of the extended 'lib'.

The reason for `pkgs` not being structured as an overlay, but simply
taking `pkgs` as an argument is to allow it to be used as a NUR package
set, if I wanted to.
2021-04-25 12:39:17 +00:00
Bruno BELANYI 15f0f95538 services: lohr: update to 'v0.4.0' 2021-04-25 12:39:17 +00:00
Bruno BELANYI e51ab70d5b modules: add documentation 2021-04-25 12:39:17 +00:00
Bruno BELANYI 6bf6d21392 flake: inject extended 'lib' into NixOS config
Somehow it works just fine in my `home-manager` configuration, I assume it is
using the system `nixpkgs` and its `lib` attribute that I extended. Whereas the
NixOS system must be injected with the extended one intentionally.
2021-04-17 11:41:19 +00:00
Bruno BELANYI ee1b31954a services: calibre-web: use upstream service 2021-04-15 16:24:41 +00:00
Bruno BELANYI 0d31aebb87 flake: bump inputs 2021-04-15 16:24:41 +00:00
Bruno BELANYI 471fe4e21f machines: porthos: services: enable podgrab 2021-04-15 16:24:41 +00:00
Bruno BELANYI 558c09cfdf services: add podgrab 2021-04-15 16:24:41 +00:00
Bruno BELANYI 8d3a87d1b6 project: readme: add lohr to manual steps 2021-04-01 22:48:38 +00:00
Bruno BELANYI ff975b8c7d machines: porthos: services: enable lohr 2021-04-01 22:48:38 +00:00
Bruno BELANYI 3402146298 services: add lohr 2021-04-01 22:48:38 +00:00
Bruno BELANYI cf76586585 services: drone: fix docker socket dependency 2021-03-31 17:56:36 +00:00
Bruno BELANYI 3a4098a6c4 modules: users: sort groups 2021-03-31 17:56:36 +00:00