diff options
| author | seth <[email protected]> | 2024-06-30 09:56:30 -0400 |
|---|---|---|
| committer | seth <[email protected]> | 2024-06-30 10:23:04 -0400 |
| commit | 088facf700946cb8f2d96c6089185bdc2a67180a (patch) | |
| tree | c5b4e4cffbb3ee4ad2498c2251892bd457e9d3c7 /ext | |
| parent | 5d3045a0769af3a94fba7b5cf646e8498aaef595 (diff) | |
alejandra -> nixfmt-rfc-style
Diffstat (limited to 'ext')
| -rw-r--r-- | ext/openwrt.nix | 25 | ||||
| -rw-r--r-- | ext/terranix/cloudflare/dns.nix | 78 | ||||
| -rw-r--r-- | ext/terranix/cloudflare/pages_domains.nix | 26 | ||||
| -rw-r--r-- | ext/terranix/cloudflare/pages_projects.nix | 39 | ||||
| -rw-r--r-- | ext/terranix/cloudflare/ruleset.nix | 3 | ||||
| -rw-r--r-- | ext/terranix/cloudflare/tls.nix | 6 | ||||
| -rw-r--r-- | ext/terranix/cloudflare/tunnels.nix | 16 | ||||
| -rw-r--r-- | ext/terranix/default.nix | 41 | ||||
| -rw-r--r-- | ext/terranix/tailscale/acl.nix | 65 | ||||
| -rw-r--r-- | ext/terranix/tailscale/default.nix | 3 | ||||
| -rw-r--r-- | ext/terranix/tailscale/devices.nix | 19 | ||||
| -rw-r--r-- | ext/terranix/tailscale/tags.nix | 17 | ||||
| -rw-r--r-- | ext/terranix/versions.nix | 15 |
13 files changed, 201 insertions, 152 deletions
diff --git a/ext/openwrt.nix b/ext/openwrt.nix index f02f8ef..8b39358 100644 --- a/ext/openwrt.nix +++ b/ext/openwrt.nix @@ -3,30 +3,33 @@ inputs, withSystem, ... -}: let - pkgs = withSystem "x86_64-linux" ({pkgs, ...}: pkgs); +}: +let + pkgs = withSystem "x86_64-linux" ({ pkgs, ... }: pkgs); - profileFromRelease = release: - (inputs.openwrt-imagebuilder.lib.profiles { - inherit pkgs release; - }) - .identifyProfile; + profileFromRelease = + release: (inputs.openwrt-imagebuilder.lib.profiles { inherit pkgs release; }).identifyProfile; - mkImage = {profile, ...} @ args: + mkImage = + { profile, ... }@args: inputs.openwrt-imagebuilder.lib.build ( profileFromRelease args.release profile - // builtins.removeAttrs args ["profile" "release"] + // builtins.removeAttrs args [ + "profile" + "release" + ] ); mapImages = lib.mapAttrs (lib.const mkImage); -in { +in +{ flake.legacyPackages.x86_64-linux = { openWrtImages = mapImages { turret = { release = "23.05.0"; profile = "netgear_wac104"; - files = pkgs.runCommand "image-files" {} '' + files = pkgs.runCommand "image-files" { } '' mkdir -p $out/etc/uci-defaults cat > $out/etc/uci-defaults/99-custom << EOF diff --git a/ext/terranix/cloudflare/dns.nix b/ext/terranix/cloudflare/dns.nix index 4da90ab..4be834c 100644 --- a/ext/terranix/cloudflare/dns.nix +++ b/ext/terranix/cloudflare/dns.nix @@ -1,52 +1,60 @@ -{lib, ...}: let - mkRecord = { - name, - value, - type, - zone_id, - }: +{ lib, ... }: +let + mkRecord = { - inherit name value type zone_id; + name, + value, + type, + zone_id, + }: + { + inherit + name + value + type + zone_id + ; ttl = 1; } - // lib.optionalAttrs (type != "TXT") {proxied = true;}; + // lib.optionalAttrs (type != "TXT") { proxied = true; }; zones = { getchoo_com = lib.tfRef "var.getchoo_com_zone_id"; }; - inherit - (zones) - getchoo_com - ; + inherit (zones) getchoo_com; atlas_tunnel = lib.tfRef "data.cloudflare_tunnel.atlas-nginx.id" + ".cfargotunnel.com"; pagesSubdomainFor = project: lib.tfRef "resource.cloudflare_pages_project.${project}.subdomain"; - blockEmailSpoofingFor = domain: let - zone_id = zones.${domain}; - in { - "${domain}_dmarc" = { - name = "_dmarc"; - value = "v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s;"; - type = "TXT"; - inherit zone_id; - }; + blockEmailSpoofingFor = + domain: + let + zone_id = zones.${domain}; + in + { + "${domain}_dmarc" = { + name = "_dmarc"; + value = "v=DMARC1; p=reject; sp=reject; adkim=s; aspf=s;"; + type = "TXT"; + inherit zone_id; + }; - "${domain}_domainkey" = { - name = "*._domainkey"; - value = "v=DKIM1; p="; - type = "TXT"; - inherit zone_id; - }; + "${domain}_domainkey" = { + name = "*._domainkey"; + value = "v=DKIM1; p="; + type = "TXT"; + inherit zone_id; + }; - "${domain}_email" = { - name = "@"; - value = "v=spf1 -all"; - type = "TXT"; - inherit zone_id; + "${domain}_email" = { + name = "@"; + value = "v=spf1 -all"; + type = "TXT"; + inherit zone_id; + }; }; - }; -in { +in +{ resource.cloudflare_zone_dnssec = { getchoo_com_dnssec = { zone_id = getchoo_com; diff --git a/ext/terranix/cloudflare/pages_domains.nix b/ext/terranix/cloudflare/pages_domains.nix index c3c45bb..531b2de 100644 --- a/ext/terranix/cloudflare/pages_domains.nix +++ b/ext/terranix/cloudflare/pages_domains.nix @@ -1,30 +1,32 @@ -{lib, ...}: let - setDomainsFor = { - account_id, - project, - domains, - }: +{ lib, ... }: +let + setDomainsFor = + { + account_id, + project, + domains, + }: lib.listToAttrs ( map (domain: { - name = "${project}_${builtins.replaceStrings ["."] ["_"] domain}"; + name = "${project}_${builtins.replaceStrings [ "." ] [ "_" ] domain}"; value = { inherit account_id; project_name = lib.tfRef "resource.cloudflare_pages_project.${project}.name"; inherit domain; }; - }) - domains + }) domains ); -in { +in +{ resource.cloudflare_pages_domain = setDomainsFor { account_id = lib.tfRef "var.account_id"; project = "personal_website"; - domains = ["getchoo.com"]; + domains = [ "getchoo.com" ]; } // setDomainsFor { account_id = lib.tfRef "var.account_id"; project = "teawie_api"; - domains = ["api.getchoo.com"]; + domains = [ "api.getchoo.com" ]; }; } diff --git a/ext/terranix/cloudflare/pages_projects.nix b/ext/terranix/cloudflare/pages_projects.nix index 5b6e64e..37ca785 100644 --- a/ext/terranix/cloudflare/pages_projects.nix +++ b/ext/terranix/cloudflare/pages_projects.nix @@ -1,15 +1,16 @@ -{lib, ...}: let - getGitHubRepo = { - owner, - repo_name, - }: { - type = "github"; - config = { - inherit owner repo_name; - production_branch = "main"; +{ lib, ... }: +let + getGitHubRepo = + { owner, repo_name }: + { + type = "github"; + config = { + inherit owner repo_name; + production_branch = "main"; + }; }; - }; -in { +in +{ resource.cloudflare_pages_project = { personal_website = { account_id = lib.tfRef "var.account_id"; @@ -27,14 +28,16 @@ in { destination_dir = "/dist"; }; - deployment_configs = let - environment_variables = { - MINIFLUX_URL = "https://miniflux.getchoo.com"; + deployment_configs = + let + environment_variables = { + MINIFLUX_URL = "https://miniflux.getchoo.com"; + }; + in + { + production = [ { inherit environment_variables; } ]; + preview = [ { inherit environment_variables; } ]; }; - in { - production = [{inherit environment_variables;}]; - preview = [{inherit environment_variables;}]; - }; }; teawie_api = { diff --git a/ext/terranix/cloudflare/ruleset.nix b/ext/terranix/cloudflare/ruleset.nix index 9f611c4..98364d9 100644 --- a/ext/terranix/cloudflare/ruleset.nix +++ b/ext/terranix/cloudflare/ruleset.nix @@ -1,4 +1,5 @@ -{lib, ...}: { +{ lib, ... }: +{ resource.cloudflare_ruleset = { getchoo_com_redirects = { kind = "zone"; diff --git a/ext/terranix/cloudflare/tls.nix b/ext/terranix/cloudflare/tls.nix index 1fcc7ac..77450ad 100644 --- a/ext/terranix/cloudflare/tls.nix +++ b/ext/terranix/cloudflare/tls.nix @@ -1,9 +1,11 @@ -{lib, ...}: let +{ lib, ... }: +let baseSettings = { always_use_https = "on"; ssl = "strict"; }; -in { +in +{ resource.cloudflare_zone_settings_override = { getchoo_com_settings = { zone_id = lib.tfRef "var.getchoo_com_zone_id"; diff --git a/ext/terranix/cloudflare/tunnels.nix b/ext/terranix/cloudflare/tunnels.nix index f745deb..0bbf6f6 100644 --- a/ext/terranix/cloudflare/tunnels.nix +++ b/ext/terranix/cloudflare/tunnels.nix @@ -1,13 +1,9 @@ -{lib, ...}: { - data.cloudflare_tunnel = - lib.genAttrs - [ - "atlas-nginx" - ] - (name: { - inherit name; - account_id = lib.tfRef "var.account_id"; - }); +{ lib, ... }: +{ + data.cloudflare_tunnel = lib.genAttrs [ "atlas-nginx" ] (name: { + inherit name; + account_id = lib.tfRef "var.account_id"; + }); resource.cloudflare_authenticated_origin_pulls = { getchoo_com_origin = { diff --git a/ext/terranix/default.nix b/ext/terranix/default.nix index c70d4d8..44ede51 100644 --- a/ext/terranix/default.nix +++ b/ext/terranix/default.nix @@ -1,25 +1,24 @@ -{inputs, ...}: { - perSystem = { - pkgs, - system, - ... - }: { - packages = { - opentofu = pkgs.opentofu.withPlugins (plugins: [ - plugins.cloudflare - plugins.tailscale - ]); +{ inputs, ... }: +{ + perSystem = + { pkgs, system, ... }: + { + packages = { + opentofu = pkgs.opentofu.withPlugins (plugins: [ + plugins.cloudflare + plugins.tailscale + ]); - terranix = inputs.terranix.lib.terranixConfiguration { - inherit system; - modules = [ - ./cloudflare - ./tailscale - ./cloud.nix - ./vars.nix - ./versions.nix - ]; + terranix = inputs.terranix.lib.terranixConfiguration { + inherit system; + modules = [ + ./cloudflare + ./tailscale + ./cloud.nix + ./vars.nix + ./versions.nix + ]; + }; }; }; - }; } diff --git a/ext/terranix/tailscale/acl.nix b/ext/terranix/tailscale/acl.nix index 338e373..80e3537 100644 --- a/ext/terranix/tailscale/acl.nix +++ b/ext/terranix/tailscale/acl.nix @@ -1,24 +1,51 @@ -{lib, ...}: { +{ lib, ... }: +{ resource.tailscale_acl.default = { - acl = toString (builtins.toJSON { - tagOwners = let - me = ["getchoo@github"]; - tags = map (name: "tag:${name}") ["server" "personal"]; - in - lib.genAttrs tags (_: me); + acl = toString ( + builtins.toJSON { + tagOwners = + let + me = [ "getchoo@github" ]; + tags = map (name: "tag:${name}") [ + "server" + "personal" + ]; + in + lib.genAttrs tags (_: me); - acls = let - mkAcl = action: src: dst: {inherit action src dst;}; - in [ - (mkAcl "accept" ["tag:personal"] ["*:*"]) - (mkAcl "accept" ["tag:server"] ["tag:server:*"]) - ]; + acls = + let + mkAcl = action: src: dst: { inherit action src dst; }; + in + [ + (mkAcl "accept" [ "tag:personal" ] [ "*:*" ]) + (mkAcl "accept" [ "tag:server" ] [ "tag:server:*" ]) + ]; - ssh = let - mkSshAcl = action: src: dst: users: {inherit action src dst users;}; - in [ - (mkSshAcl "accept" ["tag:personal"] ["tag:server" "tag:personal"] ["autogroup:nonroot" "root"]) - ]; - }); + ssh = + let + mkSshAcl = action: src: dst: users: { + inherit + action + src + dst + users + ; + }; + in + [ + (mkSshAcl "accept" [ "tag:personal" ] + [ + "tag:server" + "tag:personal" + ] + [ + "autogroup:nonroot" + "root" + ] + ) + ]; + } + ); }; } diff --git a/ext/terranix/tailscale/default.nix b/ext/terranix/tailscale/default.nix index 2225fd5..b370b34 100644 --- a/ext/terranix/tailscale/default.nix +++ b/ext/terranix/tailscale/default.nix @@ -1,4 +1,5 @@ -{lib, ...}: { +{ lib, ... }: +{ imports = [ ./acl.nix ./devices.nix diff --git a/ext/terranix/tailscale/devices.nix b/ext/terranix/tailscale/devices.nix index 44ee3f1..625c56e 100644 --- a/ext/terranix/tailscale/devices.nix +++ b/ext/terranix/tailscale/devices.nix @@ -1,11 +1,14 @@ -{lib, ...}: { - data.tailscale_device = let - toDevices = devices: - lib.genAttrs devices (name: { - name = "${name}.tailc59d6.ts.net"; - wait_for = "60s"; - }); - in +{ lib, ... }: +{ + data.tailscale_device = + let + toDevices = + devices: + lib.genAttrs devices (name: { + name = "${name}.tailc59d6.ts.net"; + wait_for = "60s"; + }); + in toDevices [ "atlas" "caroline" diff --git a/ext/terranix/tailscale/tags.nix b/ext/terranix/tailscale/tags.nix index ff41c82..3e82dbb 100644 --- a/ext/terranix/tailscale/tags.nix +++ b/ext/terranix/tailscale/tags.nix @@ -1,10 +1,15 @@ -{lib, ...}: { - resource.tailscale_device_tags = let - getDeviceID = device: lib.tfRef "data.tailscale_device.${device}.id"; - toTags = n: v: {device_id = getDeviceID n;} // v; +{ lib, ... }: +{ + resource.tailscale_device_tags = + let + getDeviceID = device: lib.tfRef "data.tailscale_device.${device}.id"; + toTags = n: v: { device_id = getDeviceID n; } // v; - tags = lib.genAttrs ["server" "personal"] (n: ["tag:${n}"]); - in + tags = lib.genAttrs [ + "server" + "personal" + ] (n: [ "tag:${n}" ]); + in builtins.mapAttrs toTags { atlas.tags = tags.server; caroline.tags = tags.personal; diff --git a/ext/terranix/versions.nix b/ext/terranix/versions.nix index 53bb5c6..6ac0b3e 100644 --- a/ext/terranix/versions.nix +++ b/ext/terranix/versions.nix @@ -1,12 +1,11 @@ -{lib, ...}: { - terraform.required_providers = let - registry = "registry.terraform.io"; +{ lib, ... }: +{ + terraform.required_providers = + let + registry = "registry.terraform.io"; - fmtSource = _: value: - lib.recursiveUpdate value { - source = "${registry}/${value.source}"; - }; - in + fmtSource = _: value: lib.recursiveUpdate value { source = "${registry}/${value.source}"; }; + in lib.mapAttrs fmtSource { cloudflare.source = "cloudflare/cloudflare"; |