From d1f70d53aabb5eec936545d92096a30054a038eb Mon Sep 17 00:00:00 2001 From: Lunarix <3759687+Skarlett@users.noreply.github.com> Date: Thu, 11 Apr 2024 08:42:27 -0500 Subject: [PATCH 01/23] Delete flake.lock --- flake.lock | 63 ------------------------------------------------------ 1 file changed, 63 deletions(-) delete mode 100644 flake.lock diff --git a/flake.lock b/flake.lock deleted file mode 100644 index d3ed9bd..0000000 --- a/flake.lock +++ /dev/null @@ -1,63 +0,0 @@ -{ - "nodes": { - "nixpkgs": { - "locked": { - "lastModified": 1706386369, - "narHash": "sha256-iL18ktG4tNbJVYaV3h9155N4X5cvfNTgQXhVug1g0yI=", - "owner": "nixos", - "repo": "nixpkgs", - "rev": "30b34ac00788d0dce98a992b6d92779b9eb6bc19", - "type": "github" - }, - "original": { - "owner": "nixos", - "repo": "nixpkgs", - "type": "github" - } - }, - "nixpkgs-lib": { - "locked": { - "dir": "lib", - "lastModified": 1703961334, - "narHash": "sha256-M1mV/Cq+pgjk0rt6VxoyyD+O8cOUiai8t9Q6Yyq4noY=", - "owner": "NixOS", - "repo": "nixpkgs", - "rev": "b0d36bd0a420ecee3bc916c91886caca87c894e9", - "type": "github" - }, - "original": { - "dir": "lib", - "owner": "NixOS", - "ref": "nixos-unstable", - "repo": "nixpkgs", - "type": "github" - } - }, - "parts": { - "inputs": { - "nixpkgs-lib": "nixpkgs-lib" - }, - "locked": { - "lastModified": 1704982712, - "narHash": "sha256-2Ptt+9h8dczgle2Oo6z5ni5rt/uLMG47UFTR1ry/wgg=", - "owner": "hercules-ci", - "repo": "flake-parts", - "rev": "07f6395285469419cf9d078f59b5b49993198c00", - "type": "github" - }, - "original": { - "owner": "hercules-ci", - "repo": "flake-parts", - "type": "github" - } - }, - "root": { - "inputs": { - "nixpkgs": "nixpkgs", - "parts": "parts" - } - } - }, - "root": "root", - "version": 7 -} From 89c295d7efa555447b1cf1e1dc6430d57b38553c Mon Sep 17 00:00:00 2001 From: Lunarix <3759687+Skarlett@users.noreply.github.com> Date: Tue, 16 Apr 2024 12:13:09 -0500 Subject: [PATCH 02/23] fix: agenix --- flake-modules/flake-guard/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake-modules/flake-guard/default.nix b/flake-modules/flake-guard/default.nix index 7d2e03f..68448bd 100644 --- a/flake-modules/flake-guard/default.nix +++ b/flake-modules/flake-guard/default.nix @@ -96,8 +96,8 @@ in else ( if (lookup != null && config ? "sops" && config.sops.secrets ? "${lookup}" ) then config.sops.secrets.${lookup}.path - else if (lookup != null && config ? "age" && config.age.secrets ? "${lookup}" ) then - config.age.secrets.${lookup}.path + else if (lookup != null && config ? "agenix" && config.agenix.secrets ? "${lookup}" ) then + config.agenix.secrets.${lookup}.path else null ); ips = with peer-data; ipv4 ++ ipv6; From a38581e9b9115facb9272f0bc735040d72936d59 Mon Sep 17 00:00:00 2001 From: Lunarix <3759687+Skarlett@users.noreply.github.com> Date: Tue, 16 Apr 2024 12:39:46 -0500 Subject: [PATCH 03/23] fix: agenix --- flake-modules/flake-guard/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/flake-modules/flake-guard/default.nix b/flake-modules/flake-guard/default.nix index 68448bd..7d2e03f 100644 --- a/flake-modules/flake-guard/default.nix +++ b/flake-modules/flake-guard/default.nix @@ -96,8 +96,8 @@ in else ( if (lookup != null && config ? "sops" && config.sops.secrets ? "${lookup}" ) then config.sops.secrets.${lookup}.path - else if (lookup != null && config ? "agenix" && config.agenix.secrets ? "${lookup}" ) then - config.agenix.secrets.${lookup}.path + else if (lookup != null && config ? "age" && config.age.secrets ? "${lookup}" ) then + config.age.secrets.${lookup}.path else null ); ips = with peer-data; ipv4 ++ ipv6; From 8e0d33c6d4f62d0c54723805eb56fbc1ff30ad4b Mon Sep 17 00:00:00 2001 From: allow Date: Tue, 16 Apr 2024 13:02:30 -0500 Subject: [PATCH 04/23] fix privateKeyFile for nixos-module --- flake-modules/flake-guard/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake-modules/flake-guard/default.nix b/flake-modules/flake-guard/default.nix index 7d2e03f..1abe38c 100644 --- a/flake-modules/flake-guard/default.nix +++ b/flake-modules/flake-guard/default.nix @@ -58,7 +58,7 @@ in }; privateKeyFile = mkOption { - type = types.str; + type = types.unspecified; }; }; }; From 3a5acf87b3fefa904bd3b40a9b1033e0c2ce9848 Mon Sep 17 00:00:00 2001 From: allow Date: Sat, 1 Jun 2024 08:56:11 -0500 Subject: [PATCH 05/23] add `persistentKeepalive` to peer options --- flake-modules/flake-guard/lib.nix | 4 +++- flake-modules/flake-guard/options.nix | 5 +++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/flake-modules/flake-guard/lib.nix b/flake-modules/flake-guard/lib.nix index cc239f0..6bf02f3 100644 --- a/flake-modules/flake-guard/lib.nix +++ b/flake-modules/flake-guard/lib.nix @@ -19,7 +19,9 @@ inherit (lib) in rec { toPeer = p: { - inherit (p) publicKey; + inherit (p) + publicKey + persistentKeepalive; allowedIPs = p.ipv4 ++ p.ipv6; endpoint = p.selfEndpoint; }; diff --git a/flake-modules/flake-guard/options.nix b/flake-modules/flake-guard/options.nix index 9a4c44d..f6b096a 100644 --- a/flake-modules/flake-guard/options.nix +++ b/flake-modules/flake-guard/options.nix @@ -55,6 +55,11 @@ inherit (lib) default = null; }; + persistentKeepalive= mkOption { + type = types.nullOr types.int; + default = null; + }; + # module = mkOption { # type = types.nullOr types.unspecified; # default = null; From 6ed2d207cfbe778112a93b1f7a935a4526c92500 Mon Sep 17 00:00:00 2001 From: Lunarix <3759687+Skarlett@users.noreply.github.com> Date: Sun, 9 Jun 2024 08:02:42 -0500 Subject: [PATCH 06/23] Match deploy-rs field --- flake-modules/deploy-rs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake-modules/deploy-rs/default.nix b/flake-modules/deploy-rs/default.nix index 5e1496e..bd3c79d 100644 --- a/flake-modules/deploy-rs/default.nix +++ b/flake-modules/deploy-rs/default.nix @@ -52,7 +52,7 @@ let ''; }; - autoRollback = mkOption { + autoRollBack = mkOption { type = types.bool; default = true; description = '' From 5ee3338a06916d37f749cdfa2464c7e5407e0b06 Mon Sep 17 00:00:00 2001 From: Lunarix <3759687+Skarlett@users.noreply.github.com> Date: Sun, 9 Jun 2024 08:03:57 -0500 Subject: [PATCH 07/23] revert previous --- flake-modules/deploy-rs/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake-modules/deploy-rs/default.nix b/flake-modules/deploy-rs/default.nix index bd3c79d..5e1496e 100644 --- a/flake-modules/deploy-rs/default.nix +++ b/flake-modules/deploy-rs/default.nix @@ -52,7 +52,7 @@ let ''; }; - autoRollBack = mkOption { + autoRollback = mkOption { type = types.bool; default = true; description = '' From 867b99c1cb22cdce087017dd7cd1f4dded6b0513 Mon Sep 17 00:00:00 2001 From: allow Date: Thu, 13 Jun 2024 10:10:36 -0500 Subject: [PATCH 08/23] add domains flake module (cherry picked from commit 545a95b16949c5f13ac645a689b1ba2c39186e3d) --- flake-modules/domains/default.nix | 60 +++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 flake-modules/domains/default.nix diff --git a/flake-modules/domains/default.nix b/flake-modules/domains/default.nix new file mode 100644 index 0000000..a553c97 --- /dev/null +++ b/flake-modules/domains/default.nix @@ -0,0 +1,60 @@ +{ + inputs + , config + , lib + , flake-parts-lib + , ... +}: +{ + options.domains = lib.mkOption { + default = {}; + + description = '' + evaluate flake modules as their under their own namespace, + seperate from the parent. These options are built on their + respective names in `config.build.domains` + ''; + + example = '' + domains."hello-world".specialArgs = { }; + domains."hello-world".modules = [ + ({inputs, config, lib, ...}: { + systems = ["x86_64-linux"]; + imports = [ inputs.lynx.flakeModules.flake-guard ]; + + wireguard.enable = true; + wireguard.networks.vxlan = { + sopsLookup = "wg-vxlan"; + peers.by-name.gateway = { + publicKey = "nwDPjwn9KPKw2wYNMe0CHP5oIJBJHFruRy62EoTjU1A="; + ipv4 = ["172.16.1.1"]; + }; + }; + }) + ]; + ''; + + type = with lib.types; attrsOf (submodule { + options.modules = lib.mkOption { + type = listOf deferredModule; + default = []; + }; + + options.specialArgs = mkOption { + type = attrsOf raw; + default = {}; + }; + }); + }; + + options.build.domains = lib.mkOption { + type = with lib.types; lazyAttrsOf raw; + default = {}; + }; + + config.build.domains = builtins.mapAttrs(domain: toplevel: + (flake-parts-lib.evalFlakeModule { + inherit inputs; + } toplevel) + ) config.domains; +} From 06876f05915b12030231c5c969e54410409ab329 Mon Sep 17 00:00:00 2001 From: allow Date: Thu, 13 Jun 2024 10:12:18 -0500 Subject: [PATCH 09/23] export domains (cherry picked from commit 2c693f36308baef0dc49c80a0085f74579e0ee9c) --- flake.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/flake.nix b/flake.nix index aa85efb..3fcb43f 100644 --- a/flake.nix +++ b/flake.nix @@ -5,6 +5,7 @@ deploy-rs = import ./flake-modules/deploy-rs; lynx-docs = import ./flake-modules/lynx-docs; flake-guard = import ./flake-modules/flake-guard; + domains = import ./flake-modules/domains; profile-parts-homexts = import ./flake-modules/profile-parts-homext.nix; }; From d8fb24ce74a60ba638ea0a869b08ec4bc9e78713 Mon Sep 17 00:00:00 2001 From: allow Date: Thu, 13 Jun 2024 11:26:15 -0500 Subject: [PATCH 10/23] resolve --- flake-modules/domains/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/flake-modules/domains/default.nix b/flake-modules/domains/default.nix index a553c97..06865dd 100644 --- a/flake-modules/domains/default.nix +++ b/flake-modules/domains/default.nix @@ -40,7 +40,7 @@ default = []; }; - options.specialArgs = mkOption { + options.specialArgs = lib.mkOption { type = attrsOf raw; default = {}; }; @@ -55,6 +55,7 @@ config.build.domains = builtins.mapAttrs(domain: toplevel: (flake-parts-lib.evalFlakeModule { inherit inputs; - } toplevel) + inherit (toplevel) specialArgs; + } { imports = toplevel.modules; }) ) config.domains; } From 8f7966047159e42c020c7bfd5539a8e86657e0fe Mon Sep 17 00:00:00 2001 From: Lunarix <3759687+Skarlett@users.noreply.github.com> Date: Thu, 13 Jun 2024 15:31:09 -0500 Subject: [PATCH 11/23] Update default.nix --- flake-modules/domains/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/flake-modules/domains/default.nix b/flake-modules/domains/default.nix index 06865dd..b0aeede 100644 --- a/flake-modules/domains/default.nix +++ b/flake-modules/domains/default.nix @@ -10,7 +10,7 @@ default = {}; description = '' - evaluate flake modules as their under their own namespace, + evaluate flake modules as their own namespace, seperate from the parent. These options are built on their respective names in `config.build.domains` ''; From 74ede3720e9935e052c5460ad19943f73a627d38 Mon Sep 17 00:00:00 2001 From: allow Date: Wed, 19 Jun 2024 07:24:03 -0500 Subject: [PATCH 12/23] better error message --- flake-modules/flake-guard/default.nix | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/flake-modules/flake-guard/default.nix b/flake-modules/flake-guard/default.nix index 1abe38c..816fbfd 100644 --- a/flake-modules/flake-guard/default.nix +++ b/flake-modules/flake-guard/default.nix @@ -26,11 +26,16 @@ in let cfg = config.networking.wireguard.networks; in { + options.networking.wireugard._flake-guard = mkOption { + internal = true; + default = rootConfig.enable; + type = types.bool; + }; + options.networking.wireguard.networks = mkOption { default = {}; type = types.attrsOf (types.submodule { options = { - autoConfig = { interface = mkEnableOption "automatically generate the underlying network interface"; peers = mkEnableOption "automatically generate the peers -- this will add all peers in the network to the interface."; @@ -123,6 +128,17 @@ in ); }) config.networking.wireguard.networks; + + assertions = [ + { assertion = (!config.networking.wireguard._flake-guard) && + lib.any (lib.mapAttrsToList (k: v: v.interface || v.peers )); + message = '' + You have enabled `networking.wireguard.networks.*.autoConfig.(peers|interface)` + But you have not set `wireguard.enable` to `true` in the flakeModule system. + ''; + } + ]; + }; }; } From 850fb2f7df490540f7b9453351d4282d028a2d37 Mon Sep 17 00:00:00 2001 From: allow Date: Wed, 19 Jun 2024 07:46:15 -0500 Subject: [PATCH 13/23] simplify --- flake-modules/flake-guard/default.nix | 31 +++++---------------------- flake-modules/flake-guard/options.nix | 2 -- 2 files changed, 5 insertions(+), 28 deletions(-) diff --git a/flake-modules/flake-guard/default.nix b/flake-modules/flake-guard/default.nix index 816fbfd..09edcab 100644 --- a/flake-modules/flake-guard/default.nix +++ b/flake-modules/flake-guard/default.nix @@ -26,12 +26,6 @@ in let cfg = config.networking.wireguard.networks; in { - options.networking.wireugard._flake-guard = mkOption { - internal = true; - default = rootConfig.enable; - type = types.bool; - }; - options.networking.wireguard.networks = mkOption { default = {}; type = types.attrsOf (types.submodule { @@ -70,12 +64,8 @@ in }); }; - config = mkIf rootConfig.enable - { - - networking.wireguard.networks = mapAttrs (net-name: network: + config.networking.wireguard.networks = (mapAttrs (net-name: network: let - self-name = builtins.head (builtins.filter (x: x == config.networking.hostName) (builtins.attrNames network.peers.by-name)); @@ -113,10 +103,11 @@ in inherit self; peers.by-name = mapAttrs (pname: peer: (toPeer peer)) network.peers.by-name; peers.list = map toPeer (builtins.attrValues network.peers.by-name); - }) rootConfig.networks; + }) rootConfig.networks); - networking.wireguard.interfaces = mapAttrs (net-name: network: - mkIf network.autoConfig.interface { + config.networking.wireguard.interfaces = mapAttrs (net-name: network: + mkIf network.autoConfig.interface + { inherit (config.networking.wireguard.networks.${net-name}.self) listenPort privateKeyFile @@ -128,17 +119,5 @@ in ); }) config.networking.wireguard.networks; - - assertions = [ - { assertion = (!config.networking.wireguard._flake-guard) && - lib.any (lib.mapAttrsToList (k: v: v.interface || v.peers )); - message = '' - You have enabled `networking.wireguard.networks.*.autoConfig.(peers|interface)` - But you have not set `wireguard.enable` to `true` in the flakeModule system. - ''; - } - ]; - - }; }; } diff --git a/flake-modules/flake-guard/options.nix b/flake-modules/flake-guard/options.nix index f6b096a..8adad16 100644 --- a/flake-modules/flake-guard/options.nix +++ b/flake-modules/flake-guard/options.nix @@ -74,8 +74,6 @@ inherit (lib) in { options.wireguard = { - enable = mkEnableOption "Enable wireguard"; - networks = mkOption { type = types.attrsOf (types.submodule { options = { From 356b3b7f5deed52acc40dfc56d0361b197a35f23 Mon Sep 17 00:00:00 2001 From: allow Date: Thu, 20 Jun 2024 03:59:12 -0500 Subject: [PATCH 14/23] add `assertions` `evalFlakeModuleWithAssertions` and `mkFlakeWithAssertions` --- flake-modules/builtins/assertions.nix | 30 +++++++++++++++++++++ flake-modules/domains/default.nix | 4 ++- flake-modules/flake-guard/default.nix | 19 +++++++++++-- flake-modules/flake-guard/options.nix | 21 ++++++++------- flake.nix | 2 ++ lib.nix | 39 +++++++++++++++++++++++++++ 6 files changed, 102 insertions(+), 13 deletions(-) create mode 100644 flake-modules/builtins/assertions.nix create mode 100644 lib.nix diff --git a/flake-modules/builtins/assertions.nix b/flake-modules/builtins/assertions.nix new file mode 100644 index 0000000..dc14e14 --- /dev/null +++ b/flake-modules/builtins/assertions.nix @@ -0,0 +1,30 @@ +{ lib, ... }: +with lib; +{ + options = { + assertions = mkOption { + type = types.listOf types.unspecified; + internal = true; + default = []; + example = [ { assertion = false; message = "you can't enable this for that reason"; } ]; + description = '' + This option allows modules to express conditions that must + hold for the evaluation of the system configuration to + succeed, along with associated error messages for the user. + ''; + }; + + warnings = mkOption { + internal = true; + default = []; + type = types.listOf types.str; + example = [ "The `foo' service is deprecated and will go away soon!" ]; + description = '' + This option allows modules to show warnings to users during + the evaluation of the system configuration. + ''; + }; + }; + + # impl of this is in lib.nix:evalFlakeModules +} diff --git a/flake-modules/domains/default.nix b/flake-modules/domains/default.nix index b0aeede..21e676c 100644 --- a/flake-modules/domains/default.nix +++ b/flake-modules/domains/default.nix @@ -1,7 +1,9 @@ { inputs , config + , stdlib , lib + , lynxlib , flake-parts-lib , ... }: @@ -53,7 +55,7 @@ }; config.build.domains = builtins.mapAttrs(domain: toplevel: - (flake-parts-lib.evalFlakeModule { + (lynxlib.evalFlakeModuleWithAssertions { inherit inputs; inherit (toplevel) specialArgs; } { imports = toplevel.modules; }) diff --git a/flake-modules/flake-guard/default.nix b/flake-modules/flake-guard/default.nix index 09edcab..2ac879c 100644 --- a/flake-modules/flake-guard/default.nix +++ b/flake-modules/flake-guard/default.nix @@ -11,6 +11,7 @@ let mkOption mkEnableOption mkIf + mkRemovedOptionModule types optionalString optionals @@ -20,7 +21,17 @@ let ; in { - imports = [ ./options.nix ]; + imports = [ + (mkRemovedOptionModule [ "wireguard" "enable" ] '' + wireguard.enable was removed because it often causes user errors + where `wireguard.enable` was set to `false` but users had enabled + the nixos options `autoConfig.interface`. + This lead to errors messages which were hard to understand. + '') + + ./options.nix + ]; + flake.nixosModules.flake-guard-host = {config, ...}: let cfg = config.networking.wireguard.networks; @@ -64,7 +75,8 @@ in }); }; - config.networking.wireguard.networks = (mapAttrs (net-name: network: + config.networking.wireguard.networks = + (mapAttrs (net-name: network: let self-name = builtins.head (builtins.filter (x: x == config.networking.hostName) @@ -120,4 +132,7 @@ in }) config.networking.wireguard.networks; }; + + + } diff --git a/flake-modules/flake-guard/options.nix b/flake-modules/flake-guard/options.nix index 8adad16..d93be96 100644 --- a/flake-modules/flake-guard/options.nix +++ b/flake-modules/flake-guard/options.nix @@ -74,6 +74,7 @@ inherit (lib) in { options.wireguard = { + enable = mkEnableOption "depreciated"; networks = mkOption { type = types.attrsOf (types.submodule { options = { @@ -130,14 +131,14 @@ in }; config.wireguard.build.networks = - mapAttrs (net-name: network: - { - peers.by-name = mapAttrs (peer-name: peer: - peer // { - sopsLookup = if peer.sopsLookup != null - then peer.sopsLookup - else network.sopsLookup; - } - ) network.peers.by-name; - }) config.wireguard.networks; + (mapAttrs (net-name: network: + { + peers.by-name = mapAttrs (peer-name: peer: + peer // { + sopsLookup = if peer.sopsLookup != null + then peer.sopsLookup + else network.sopsLookup; + } + ) network.peers.by-name; + }) config.wireguard.networks); } diff --git a/flake.nix b/flake.nix index 3fcb43f..e40f860 100644 --- a/flake.nix +++ b/flake.nix @@ -16,5 +16,7 @@ reuse-password-prompt = import ./nixos-modules/fs/zfs/reuse-password-prompt.nix; }; }; + + lib = import ./lib.nix; }; } diff --git a/lib.nix b/lib.nix new file mode 100644 index 0000000..3f462f1 --- /dev/null +++ b/lib.nix @@ -0,0 +1,39 @@ +{ flake-parts-lib, ... }: +with builtins; +let + inherit (flake-parts-lib) evalFlakeModule; + + singleModuleBase = x: { + imports = [ + ./flake-modules/builtins/assertions.nix + x + ]; + }; + + evalAssertions = eval: + let + failedAssertions = map (x: x.message) (filter (x: !x.assertion) eval.config.assertions); + warnings = eval.config.warnings; + in + if (failedAssertions != []) + then + builtins.abort (concatStringsSep "\n\n" failedAssertions) + else + if (warnings != []) + then + builtins.trace (concatStringsSep "\n\n" warnings) + eval + else eval; + + + evalFlakeModuleWithAssertions = a: m: + evalAssertions (evalFlakeModule a (singleModuleBase m)); +in +{ + inherit evalFlakeModuleWithAssertions; + mkFlakeWithAssertions = args: module: + let + eval = evalFlakeModuleWithAssertions args module; + in + eval.config.flake; +} From 8baa92d230307e1fa284f3d3efe4b69755c377ef Mon Sep 17 00:00:00 2001 From: Lunarix <3759687+Skarlett@users.noreply.github.com> Date: Thu, 20 Jun 2024 04:49:40 -0500 Subject: [PATCH 15/23] Update README.md --- README.md | 17 ++++++++++++++--- 1 file changed, 14 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 2f38a3a..b4c2b2c 100644 --- a/README.md +++ b/README.md @@ -17,12 +17,23 @@ lynx aims to have similar goals to nixpkgs, providing documentation, testing, an }; outputs = inputs@{self, parts, nixpkgs, lynx, ...}: - parts.lib.mkFlake { inherit inputs; } + let + lynx' = lynx.lib { flake-parts-lib=parts.lib; }; + # mkFlake with config.assertions and + # config.warnings support + ## parts.lib.mkFlake can be used instead aswell. + mkFlake = lynx'.mkFlakeWithAssertions; + in + mkFlake { inherit inputs; } (_: # https://flake.parts/module-arguments { systems = ["x86_64-linux"]; - imports = [ ]; - + imports = with lynx.flakeModules; [ + flake-guard # define a wireguard network once, and use it everywhere. + deploy-rs # types for deploy-rs + domains # evaluate flake modules in their own namespace + ]; + flake.nixosConfigurations.default = nixpkgs.lib.nixosSystem { specialArgs = { inherit inputs self; } modules = [ From b084d3380542b6a76f467247782e0016c99d21a9 Mon Sep 17 00:00:00 2001 From: allow Date: Thu, 20 Jun 2024 05:32:14 -0500 Subject: [PATCH 16/23] strictly use filepaths --- README.md | 2 +- flake.nix | 19 ++++++++++--------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index b4c2b2c..d2c63ba 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ lynx aims to have similar goals to nixpkgs, providing documentation, testing, an outputs = inputs@{self, parts, nixpkgs, lynx, ...}: let - lynx' = lynx.lib { flake-parts-lib=parts.lib; }; + lynx' = import lynx.lib { flake-parts-lib=parts.lib; }; # mkFlake with config.assertions and # config.warnings support ## parts.lib.mkFlake can be used instead aswell. diff --git a/flake.nix b/flake.nix index e40f860..c9958c3 100644 --- a/flake.nix +++ b/flake.nix @@ -2,21 +2,22 @@ description = "Repository of shared modules"; outputs = _: { flakeModules = { - deploy-rs = import ./flake-modules/deploy-rs; - lynx-docs = import ./flake-modules/lynx-docs; - flake-guard = import ./flake-modules/flake-guard; - domains = import ./flake-modules/domains; - profile-parts-homexts = import ./flake-modules/profile-parts-homext.nix; + "builtins" = ./flake-modules/builtins; + deploy-rs = ./flake-modules/deploy-rs; + lynx-docs = ./flake-modules/lynx-docs; + flake-guard = ./flake-modules/flake-guard; + domains = ./flake-modules/domains; + profile-parts-homexts = ./flake-modules/profile-parts-homext.nix; }; nixosModules = { - globals = import ./nixos-modules/globals.nix; + globals = ./nixos-modules/globals.nix; fs.zfs = { - encrypted-ephemeral = import ./nixos-modules/fs/zfs/encrypted-ephemeral.nix; - reuse-password-prompt = import ./nixos-modules/fs/zfs/reuse-password-prompt.nix; + encrypted-ephemeral = ./nixos-modules/fs/zfs/encrypted-ephemeral.nix; + reuse-password-prompt = ./nixos-modules/fs/zfs/reuse-password-prompt.nix; }; }; - lib = import ./lib.nix; + lib = ./lib.nix; }; } From 267ca72b11896bec902415b7f02961d8a48a0bd1 Mon Sep 17 00:00:00 2001 From: allow Date: Thu, 20 Jun 2024 05:47:37 -0500 Subject: [PATCH 17/23] remove `wireguard.enable` --- flake-modules/flake-guard/options.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/flake-modules/flake-guard/options.nix b/flake-modules/flake-guard/options.nix index d93be96..4e579fb 100644 --- a/flake-modules/flake-guard/options.nix +++ b/flake-modules/flake-guard/options.nix @@ -74,7 +74,6 @@ inherit (lib) in { options.wireguard = { - enable = mkEnableOption "depreciated"; networks = mkOption { type = types.attrsOf (types.submodule { options = { From 1e65f546b6698a705d11b61365615c27affa8d4a Mon Sep 17 00:00:00 2001 From: allow Date: Thu, 20 Jun 2024 05:55:14 -0500 Subject: [PATCH 18/23] document `flakeModules."builtins"` --- README.md | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index d2c63ba..897db65 100644 --- a/README.md +++ b/README.md @@ -29,9 +29,11 @@ lynx aims to have similar goals to nixpkgs, providing documentation, testing, an { systems = ["x86_64-linux"]; imports = with lynx.flakeModules; [ - flake-guard # define a wireguard network once, and use it everywhere. - deploy-rs # types for deploy-rs - domains # evaluate flake modules in their own namespace + flake-guard # define a wireguard network once, and use it everywhere. + deploy-rs # types for deploy-rs + domains # evaluate flake modules in their own namespace + # "builtins" # include this if you're using `parts.lib.mkFlake` + # instead `of `mkFlakeWithAssertions` ]; flake.nixosConfigurations.default = nixpkgs.lib.nixosSystem { From d2ef20075060ec252317489ec297bf4acb5111e6 Mon Sep 17 00:00:00 2001 From: allow Date: Thu, 20 Jun 2024 05:57:09 -0500 Subject: [PATCH 19/23] add `builtins/default.nix` --- flake-modules/builtins/default.nix | 4 ++++ 1 file changed, 4 insertions(+) create mode 100644 flake-modules/builtins/default.nix diff --git a/flake-modules/builtins/default.nix b/flake-modules/builtins/default.nix new file mode 100644 index 0000000..c0f8ad9 --- /dev/null +++ b/flake-modules/builtins/default.nix @@ -0,0 +1,4 @@ +{ imports = [ + ./assertions.nix + ]; +} From c8300ae802ce2631eefc88c381638133ab601230 Mon Sep 17 00:00:00 2001 From: Lunarix <3759687+Skarlett@users.noreply.github.com> Date: Thu, 20 Jun 2024 06:01:46 -0500 Subject: [PATCH 20/23] remove `wireguard.enable` from docs --- flake-modules/flake-guard/readme.md | 1 - 1 file changed, 1 deletion(-) diff --git a/flake-modules/flake-guard/readme.md b/flake-modules/flake-guard/readme.md index c1a58df..f57c03a 100644 --- a/flake-modules/flake-guard/readme.md +++ b/flake-modules/flake-guard/readme.md @@ -10,7 +10,6 @@ flake guard allows you to define your wireguard network once, and use it across { imports = [ inputs.lynx.flakeModules.flake-guard ]; - wireguard.enable = true; wireguard.networks.my-network = { # assumes same sop keys for all hosts. # this also works with agenix From 6271fd18dcdf488579ec4a96edab89ba5d9ff3c4 Mon Sep 17 00:00:00 2001 From: Lunarix <3759687+Skarlett@users.noreply.github.com> Date: Thu, 20 Jun 2024 06:21:47 -0500 Subject: [PATCH 21/23] Update contributor.md --- docs/contributor.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/docs/contributor.md b/docs/contributor.md index f854c93..88e50ff 100644 --- a/docs/contributor.md +++ b/docs/contributor.md @@ -18,10 +18,6 @@ Lynx does **not contain**: - Nixos Configurations (Share your modules with us instead) Instead, you may write tests which we run on our CI - - - Overlays (They're just cursed at scale.) - Everyone seems to hate them, and I've never needed them. - So they're not included here. - Does not use `self` (flake modules isolated) Availability to `self` isn't nessicary. We instead prefer you use flake-modules `options` to declare namespaced variables. From ee0bd5fde93e68ffdde4ce2a76a722029b3af675 Mon Sep 17 00:00:00 2001 From: Lunarix <3759687+Skarlett@users.noreply.github.com> Date: Wed, 10 Jul 2024 13:40:33 -0500 Subject: [PATCH 22/23] Update encrypted-ephemeral.nix hotpatch --- nixos-modules/fs/zfs/encrypted-ephemeral.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos-modules/fs/zfs/encrypted-ephemeral.nix b/nixos-modules/fs/zfs/encrypted-ephemeral.nix index 58350ca..e4f85a9 100644 --- a/nixos-modules/fs/zfs/encrypted-ephemeral.nix +++ b/nixos-modules/fs/zfs/encrypted-ephemeral.nix @@ -5,7 +5,7 @@ { config, lib, pkgs, ... }: with lib; let - cfg = config.boot.zfs.ephemeral; + cfg = config.lynx.boot.zfs.ephemeral; mkEZfs = mkOrder 1501; in { From ad66210b43c14e457e25e40f9228f23988cdd517 Mon Sep 17 00:00:00 2001 From: allow Date: Thu, 1 Aug 2024 12:57:44 -0500 Subject: [PATCH 23/23] Revert "Update encrypted-ephemeral.nix" This reverts commit ee0bd5fde93e68ffdde4ce2a76a722029b3af675. --- nixos-modules/fs/zfs/encrypted-ephemeral.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/nixos-modules/fs/zfs/encrypted-ephemeral.nix b/nixos-modules/fs/zfs/encrypted-ephemeral.nix index e4f85a9..58350ca 100644 --- a/nixos-modules/fs/zfs/encrypted-ephemeral.nix +++ b/nixos-modules/fs/zfs/encrypted-ephemeral.nix @@ -5,7 +5,7 @@ { config, lib, pkgs, ... }: with lib; let - cfg = config.lynx.boot.zfs.ephemeral; + cfg = config.boot.zfs.ephemeral; mkEZfs = mkOrder 1501; in {