swarsel/.dotfiles
1
0
Fork 0
mirror of https://github.com/Swarsel/.dotfiles.git synced 2025-12-06 09:07:21 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

docs: fix topology

Browse source
This commit is contained in:
Leon Schwarzäugl 2025-07-01 23:50:47 +02:00
parent 9279f3a8d3
commit f5f396db25
Signed by: swarsel
GPG key ID: 26A54C31F2A4FD84
16 changed files with 115 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

73
SwarselSystems.org
View file

@ -448,6 +448,8 @@ In =outputs = inputs@ [...]=, the =inputs@= makes it so that all inputs are auto
systems = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
};
}
@ -518,7 +520,7 @@ When setting this option normally, the password would normally be written world-
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05";
nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05";
nixpkgs-stable24_11.url = "github:NixOS/nixpkgs/nixos-24.11";
systems.url = "github:nix-systems/default-linux";
systems.url = "github:nix-systems/default";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
@ -625,7 +627,7 @@ In this section I am creating some attributes that define general concepts of my
# nixosModules = import ./modules/nixos { inherit lib; };
# homeModules = import ./modules/home { inherit lib; };
packages = lib.swarselsystems.forEachSystem (pkgs: import ./pkgs { inherit lib pkgs; });
packages = lib.swarselsystems.forEachLinuxSystem (pkgs: import ./pkgs { inherit lib pkgs; });
formatter = lib.swarselsystems.forEachSystem (pkgs: pkgs.nixpkgs-fmt);
overlays = import ./overlays { inherit self lib inputs; };
@ -5389,6 +5391,19 @@ TODO
}
);
toCapitalized = str:
if builtins.stringLength str == 0 then
""
else
let
first = builtins.substring 0 1 str;
rest = builtins.substring 1 (builtins.stringLength str - 1) str;
upper = lib.toUpper first;
lower = lib.toLower rest;
in
upper + lower;
# mkUser = name: {
# config.users.users.${name} = {
# group = name;
@ -5408,6 +5423,7 @@ TODO
getSecret = filename: lib.strings.trim (builtins.readFile "${filename}");
forEachSystem = f: lib.genAttrs (import systems) (system: f lib.swarselsystems.pkgsFor.${system});
forEachLinuxSystem = f: lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: f lib.swarselsystems.pkgsFor.${system});
readHosts = type: lib.attrNames (builtins.readDir "${self}/hosts/${type}");
readNix = type: lib.filter (name: name != "default.nix") (lib.attrNames (builtins.readDir "${self}/${type}"));
@ -5594,9 +5610,15 @@ in
(mkConnection "moonside" "wan")
(mkConnection "pfsense" "wan")
(mkConnection "sync" "wan")
(mkConnection "toto" "bootstrapper")
(mkConnection "drugstore" "installer image")
(mkConnection "chaostheatre" "demo host")
];
};
chaostheatre.interfaces."demo host" = { };
drugstore.interfaces."installer image" = { };
toto.interfaces."bootstrapper" = { };
sync.interfaces.wan = { };
moonside.interfaces.wan = { };
@ -5716,7 +5738,9 @@ in
image = ../topology/images/DELL-C2665dnf.png;
interfaces.eth1 = { };
};
};
}
#+end_src
@ -6858,14 +6882,14 @@ I use sops-nix to handle secrets that I want to have available on my machines at
{
options.swarselsystems.modules.commonSops = lib.mkEnableOption "sops config";
config = lib.mkIf config.swarselsystems.modules.commonSops {
sops = lib.mkIf (!config.swarselsystems.isPublic) {
sops = {
age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${homeDir}/.ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false;
secrets = {
secrets = lib.mkIf (!config.swarselsystems.isPublic) {
ernest = { };
frauns = { };
hotspot = { };
@ -6886,7 +6910,7 @@ I use sops-nix to handle secrets that I want to have available on my machines at
"sweden-aes-128-cbc-udp-dns-crl-verify.pem" = { sopsFile = certsSopsFile; owner = mainUser; };
"sweden-aes-128-cbc-udp-dns-ca.pem" = { sopsFile = certsSopsFile; owner = mainUser; };
};
templates = {
templates = lib.mkIf (!config.swarselsystems.isPublic) {
"network-manager.env".content = ''
ERNEST=${config.sops.placeholder.ernest}
FRAUNS=${config.sops.placeholder.frauns}
@ -8088,7 +8112,6 @@ Here we just define some aliases for rebuilding the system, and we allow some in
};
};
avahi = {
publish.enable = true;
publish.userServices = true; # Needed to allow samba to automatically register mDNS records without the need for an `extraServiceFile`
@ -10962,10 +10985,10 @@ To get other URLs (token, etc.), use https://<kanidmDomain>/oauth2/openid/<clien
koillection-env-file = { };
};
topology.self.services.koillection = {
name = "Koillection";
topology.self.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "${self}/topology/images/koillection.png";
icon = "${self}/topology/images/${serviceName}.png";
};
globals.services.${serviceName}.domain = serviceDomain;
@ -11243,7 +11266,7 @@ To get other URLs (token, etc.), use https://<kanidmDomain>/oauth2/openid/<clien
:END:
#+begin_src nix :tangle modules/nixos/server/croc.nix
{ lib, config, pkgs, ... }:
{ self, lib, config, pkgs, ... }:
let
serviceDomain = "send.swarsel.win";
servicePorts = [
@ -11275,7 +11298,13 @@ To get other URLs (token, etc.), use https://<kanidmDomain>/oauth2/openid/<clien
};
};
topology.self.services.${serviceName}.info = "https://${serviceDomain}";
topology.self.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "${self}/topology/images/${serviceName}.png";
};
globals.services.${serviceName}.domain = serviceDomain;
services.croc = {
@ -11311,7 +11340,7 @@ To get other URLs (token, etc.), use https://<kanidmDomain>/oauth2/openid/<clien
:END:
#+begin_src nix :tangle modules/nixos/server/microbin.nix
{ lib, config, ... }:
{ self, lib, config, ... }:
let
serviceDomain = "scratch.swarsel.win";
servicePort = 8777;
@ -11355,7 +11384,11 @@ To get other URLs (token, etc.), use https://<kanidmDomain>/oauth2/openid/<clien
};
};
topology.self.services.${serviceName}.info = "https://${serviceDomain}";
topology.self.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "${self}/topology/images/${serviceName}.png";
};
globals.services.${serviceName}.domain = serviceDomain;
services."${serviceName}" = {
@ -11444,7 +11477,7 @@ To get other URLs (token, etc.), use https://<kanidmDomain>/oauth2/openid/<clien
:END:
#+begin_src nix :tangle modules/nixos/server/shlink.nix
{ lib, config, ... }:
{ self, lib, config, ... }:
let
serviceDomain = "s.swarsel.win";
servicePort = 8081;
@ -11494,7 +11527,11 @@ To get other URLs (token, etc.), use https://<kanidmDomain>/oauth2/openid/<clien
{ directory = "/var/lib/containers"; }
];
topology.self.services.${serviceName}.info = "https://${serviceDomain}";
topology.self.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "${self}/topology/images/${serviceName}.png";
};
globals.services.${serviceName}.domain = serviceDomain;
services.nginx = {
@ -12835,12 +12872,12 @@ I use sops-nix to handle secrets that I want to have available on my machines at
{
options.swarselsystems.modules.sops = lib.mkEnableOption "sops settings";
config = lib.mkIf config.swarselsystems.modules.sops {
sops = lib.mkIf (!config.swarselsystems.isPublic) {
sops = {
age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ];
defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false;
secrets = {
secrets = lib.mkIf (!config.swarselsystems.isPublic) {
mrswarsel = { path = "${xdgDir}/secrets/mrswarsel"; };
nautilus = { path = "${xdgDir}/secrets/nautilus"; };
leon = { path = "${xdgDir}/secrets/leon"; };
@ -13673,7 +13710,7 @@ Currently I only use it as before with =initExtra= though.
# src = pkgs.zsh-fzf-tab;
# }
];
initContent = ''
initContent = lib.mkIf (!config.swarselsystems.isPublic) ''
my-forward-word() {
local WORDCHARS=$WORDCHARS
WORDCHARS="''${WORDCHARS//:}"

10
flake.lock generated
View file

@ -1594,16 +1594,16 @@
},
"systems_3": {
"locked": {
"lastModified": 1689347949,
"narHash": "sha256-12tWmuL2zgBgZkdoB6qXZsgJEH9LR3oUgpaQq2RbI80=",
"lastModified": 1681028828,
"narHash": "sha256-Vy1rq5AaRuLzOxct8nz4T6wlgyUR7zLU309k9mBC768=",
"owner": "nix-systems",
"repo": "default-linux",
"rev": "31732fcf5e8fea42e59c2488ad31a0e651500f68",
"repo": "default",
"rev": "da67096a3b9bf56a91d16901293e51ba5b49a27e",
"type": "github"
},
"original": {
"owner": "nix-systems",
"repo": "default-linux",
"repo": "default",
"type": "github"
}
},

6
flake.nix
View file

@ -18,7 +18,7 @@
nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-25.05";
nixpkgs-stable24_05.url = "github:NixOS/nixpkgs/nixos-24.05";
nixpkgs-stable24_11.url = "github:NixOS/nixpkgs/nixos-24.11";
systems.url = "github:nix-systems/default-linux";
systems.url = "github:nix-systems/default";
home-manager = {
url = "github:nix-community/home-manager";
inputs.nixpkgs.follows = "nixpkgs";
@ -200,7 +200,7 @@
# nixosModules = import ./modules/nixos { inherit lib; };
# homeModules = import ./modules/home { inherit lib; };
packages = lib.swarselsystems.forEachSystem (pkgs: import ./pkgs { inherit lib pkgs; });
packages = lib.swarselsystems.forEachLinuxSystem (pkgs: import ./pkgs { inherit lib pkgs; });
formatter = lib.swarselsystems.forEachSystem (pkgs: pkgs.nixpkgs-fmt);
overlays = import ./overlays { inherit self lib inputs; };
@ -284,6 +284,8 @@
systems = [
"x86_64-linux"
"aarch64-linux"
"x86_64-darwin"
"aarch64-darwin"
];
};
}

14
lib/default.nix
View file

@ -23,6 +23,19 @@
}
);
toCapitalized = str:
if builtins.stringLength str == 0 then
""
else
let
first = builtins.substring 0 1 str;
rest = builtins.substring 1 (builtins.stringLength str - 1) str;
upper = lib.toUpper first;
lower = lib.toLower rest;
in
upper + lower;
# mkUser = name: {
# config.users.users.${name} = {
# group = name;
@ -42,6 +55,7 @@
getSecret = filename: lib.strings.trim (builtins.readFile "${filename}");
forEachSystem = f: lib.genAttrs (import systems) (system: f lib.swarselsystems.pkgsFor.${system});
forEachLinuxSystem = f: lib.genAttrs [ "x86_64-linux" "aarch64-linux" ] (system: f lib.swarselsystems.pkgsFor.${system});
readHosts = type: lib.attrNames (builtins.readDir "${self}/hosts/${type}");
readNix = type: lib.filter (name: name != "default.nix") (lib.attrNames (builtins.readDir "${self}/${type}"));

4
modules/home/common/sops.nix
View file

@ -5,12 +5,12 @@ in
{
options.swarselsystems.modules.sops = lib.mkEnableOption "sops settings";
config = lib.mkIf config.swarselsystems.modules.sops {
sops = lib.mkIf (!config.swarselsystems.isPublic) {
sops = {
age.sshKeyPaths = [ "${homeDir}/.ssh/sops" "${homeDir}/.ssh/ssh_host_ed25519_key" ];
defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false;
secrets = {
secrets = lib.mkIf (!config.swarselsystems.isPublic) {
mrswarsel = { path = "${xdgDir}/secrets/mrswarsel"; };
nautilus = { path = "${xdgDir}/secrets/nautilus"; };
leon = { path = "${xdgDir}/secrets/leon"; };

2
modules/home/common/zsh.nix
View file

@ -77,7 +77,7 @@ in
# src = pkgs.zsh-fzf-tab;
# }
];
initContent = ''
initContent = lib.mkIf (!config.swarselsystems.isPublic) ''
my-forward-word() {
local WORDCHARS=$WORDCHARS
WORDCHARS="''${WORDCHARS//:}"

6
modules/nixos/common/sops.nix
View file

@ -6,14 +6,14 @@ in
{
options.swarselsystems.modules.commonSops = lib.mkEnableOption "sops config";
config = lib.mkIf config.swarselsystems.modules.commonSops {
sops = lib.mkIf (!config.swarselsystems.isPublic) {
sops = {
age.sshKeyPaths = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs [ "/persist/.ssh/sops" "/persist/.ssh/ssh_host_ed25519_key" ] [ "${homeDir}/.ssh/sops" "/etc/ssh/ssh_host_ed25519_key" ];
defaultSopsFile = lib.swarselsystems.mkIfElseList config.swarselsystems.isBtrfs "/persist/.dotfiles/secrets/general/secrets.yaml" "${homeDir}/.dotfiles/secrets/general/secrets.yaml";
validateSopsFiles = false;
secrets = {
secrets = lib.mkIf (!config.swarselsystems.isPublic) {
ernest = { };
frauns = { };
hotspot = { };
@ -34,7 +34,7 @@ in
"sweden-aes-128-cbc-udp-dns-crl-verify.pem" = { sopsFile = certsSopsFile; owner = mainUser; };
"sweden-aes-128-cbc-udp-dns-ca.pem" = { sopsFile = certsSopsFile; owner = mainUser; };
};
templates = {
templates = lib.mkIf (!config.swarselsystems.isPublic) {
"network-manager.env".content = ''
ERNEST=${config.sops.placeholder.ernest}
FRAUNS=${config.sops.placeholder.frauns}

10
modules/nixos/server/croc.nix
View file

@ -1,4 +1,4 @@
{ lib, config, pkgs, ... }:
{ self, lib, config, pkgs, ... }:
let
serviceDomain = "send.swarsel.win";
servicePorts = [
@ -30,7 +30,13 @@ in
};
};
topology.self.services.${serviceName}.info = "https://${serviceDomain}";
topology.self.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "${self}/topology/images/${serviceName}.png";
};
globals.services.${serviceName}.domain = serviceDomain;
services.croc = {

6
modules/nixos/server/koillection.nix
View file

@ -18,10 +18,10 @@ in
koillection-env-file = { };
};
topology.self.services.koillection = {
name = "Koillection";
topology.self.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "${self}/topology/images/koillection.png";
icon = "${self}/topology/images/${serviceName}.png";
};
globals.services.${serviceName}.domain = serviceDomain;

8
modules/nixos/server/microbin.nix
View file

@ -1,4 +1,4 @@
{ lib, config, ... }:
{ self, lib, config, ... }:
let
serviceDomain = "scratch.swarsel.win";
servicePort = 8777;
@ -42,7 +42,11 @@ in
};
};
topology.self.services.${serviceName}.info = "https://${serviceDomain}";
topology.self.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "${self}/topology/images/${serviceName}.png";
};
globals.services.${serviceName}.domain = serviceDomain;
services."${serviceName}" = {

1
modules/nixos/server/nfs.nix
View file

@ -33,7 +33,6 @@
};
};
avahi = {
publish.enable = true;
publish.userServices = true; # Needed to allow samba to automatically register mDNS records without the need for an `extraServiceFile`

8
modules/nixos/server/shlink.nix
View file

@ -1,4 +1,4 @@
{ lib, config, ... }:
{ self, lib, config, ... }:
let
serviceDomain = "s.swarsel.win";
servicePort = 8081;
@ -48,7 +48,11 @@ in
{ directory = "/var/lib/containers"; }
];
topology.self.services.${serviceName}.info = "https://${serviceDomain}";
topology.self.services.${serviceName} = {
name = lib.swarselsystems.toCapitalized serviceName;
info = "https://${serviceDomain}";
icon = "${self}/topology/images/${serviceName}.png";
};
globals.services.${serviceName}.domain = serviceDomain;
services.nginx = {

8
topology/default.nix
View file

@ -28,9 +28,15 @@ in
(mkConnection "moonside" "wan")
(mkConnection "pfsense" "wan")
(mkConnection "sync" "wan")
(mkConnection "toto" "bootstrapper")
(mkConnection "drugstore" "installer image")
(mkConnection "chaostheatre" "demo host")
];
};
chaostheatre.interfaces."demo host" = { };
drugstore.interfaces."installer image" = { };
toto.interfaces."bootstrapper" = { };
sync.interfaces.wan = { };
moonside.interfaces.wan = { };
@ -150,5 +156,7 @@ in
image = ../topology/images/DELL-C2665dnf.png;
interfaces.eth1 = { };
};
};
}

BIN
topology/images/croc.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 22 KiB

BIN
topology/images/microbin.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 29 KiB

BIN
topology/images/shlink.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 250 KiB