feat: network overhaul

2025-12-06 09:07:21 +01:00 · 2025-06-15 04:36:40 +02:00 · 2025-06-15 04:36:40 +02:00 · ed15ef02bb
commit ed15ef02bb
parent 22fe55c284
34 changed files with 1704 additions and 1037 deletions
--- a/modules/nixos/common/meta.nix
+++ b/modules/nixos/common/meta.nix
@ -5,4 +5,8 @@
    type = lib.types.path;
    default = ./.;
  };
+  options.node.name = lib.mkOption {
+    description = "Node Name.";
+    type = lib.types.str;
+  };
 }
--- a/modules/nixos/common/nodes.nix
+++ b/modules/nixos/common/nodes.nix
@ -0,0 +1,78 @@
+{ config, lib, outputs, ... }:
+let
+  inherit (lib)
+    attrNames
+    concatMap
+    concatStringsSep
+    foldl'
+    getAttrFromPath
+    mkMerge
+    mkOption
+    mkOptionType
+    optionals
+    recursiveUpdate
+    setAttrByPath
+    types
+    ;
+
+  nodeName = config.node.name;
+  mkForwardedOption =
+    path:
+    mkOption {
+      type = mkOptionType {
+        name = "Same type that the receiving option `${concatStringsSep "." path}` normally accepts.";
+        merge =
+          _loc: defs:
+          builtins.filter (x: builtins.isAttrs x -> ((x._type or "") != "__distributed_config_empty")) (
+            map (x: x.value) defs
+          );
+      };
+      default = {
+        _type = "__distributed_config_empty";
+      };
+      description = ''
+        Anything specified here will be forwarded to `${concatStringsSep "." path}`
+        on the given node. Forwarding happens as-is to the raw values,
+        so validity can only be checked on the receiving node.
+      '';
+    };
+
+  forwardedOptions = [
+    [
+      "services"
+      "nginx"
+      "upstreams"
+    ]
+    [
+      "services"
+      "nginx"
+      "virtualHosts"
+    ]
+  ];
+
+  attrsForEachOption =
+    f: foldl' (acc: path: recursiveUpdate acc (setAttrByPath path (f path))) { } forwardedOptions;
+in
+{
+  options.nodes = mkOption {
+    description = "Options forwarded to the given node.";
+    default = { };
+    type = types.attrsOf (
+      types.submodule {
+        options = attrsForEachOption mkForwardedOption;
+      }
+    );
+  };
+
+  config =
+    let
+      getConfig =
+        path: otherNode:
+        let
+          cfg = outputs.nixosConfigurations.${otherNode}.config.nodes.${nodeName} or null;
+        in
+        optionals (cfg != null) (getAttrFromPath path cfg);
+      mergeConfigFromOthers = path: mkMerge (concatMap (getConfig path) (attrNames outputs.nixosConfigurations));
+    in
+    attrsForEachOption mergeConfigFromOthers;
+}
--- a/modules/nixos/common/syncthing.nix
+++ b/modules/nixos/common/syncthing.nix
@ -23,7 +23,7 @@ in
            id = "O7RWDMD-AEAHPP7-7TAVLKZ-BSWNBTU-2VA44MS-EYGUNBB-SLHKB3C-ZSLMOAA";
          };
          "moonside (@oracle)" = {
-            id = "YJLYL4Z-JIYHFKX-554ZR7B-YAF3PNH-CX7JF53-NYUMVGL-4EWWASH-GDAMBQA";
+            id = "VPCDZB6-MGVGQZD-Q6DIZW3-IZJRJTO-TCC3QUQ-2BNTL7P-AKE7FBO-N55UNQE";
          };
        };
        folders = {
--- a/modules/nixos/common/users.nix
+++ b/modules/nixos/common/users.nix
@ -1,8 +1,11 @@
-{ pkgs, config, lib, ... }:
+{ self, pkgs, config, lib, ... }:
+let
+  sopsFile = self + /secrets/general/secrets.yaml;
+in
 {
  options.swarselsystems.modules.users = lib.mkEnableOption "user config";
  config = lib.mkIf config.swarselsystems.modules.users {
-    sops.secrets.swarseluser = lib.mkIf (!config.swarselsystems.isPublic) { neededForUsers = true; };
+    sops.secrets.swarseluser = lib.mkIf (!config.swarselsystems.isPublic) { inherit sopsFile; neededForUsers = true; };

    users = {
      mutableUsers = lib.mkIf (!config.swarselsystems.initialSetup) false;