newedge/liminix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

nixfmt-rfc-style

Browse Source 
There is nothing in this commit except for the changes made by
nix-shell -p nixfmt-rfc-style --run "nixfmt ."

If this has mucked up your open branches then sorry about that. You
can probably nixfmt them to match before merging
This commit is contained in:
Daniel Barlow
2025-02-10 21:55:08 +00:00
parent 13cc5a8992
commit 7e2b0068e6
211 changed files with 6049 additions and 4355 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
examples/arhcive.nix
View File

@@ -9,13 +9,15 @@
pkgs,
lib,
...
}: let
}:
let
secrets = import ./extneder-secrets.nix;
inherit (pkgs.liminix.services) oneshot longrun target;
inherit (pkgs.pseudofile) dir symlink;
inherit (pkgs) writeText serviceFns;
svc = config.system.service;
in rec {
in
rec {
boot = {
tftp = {
serverip = "10.0.0.1";
@@ -34,10 +36,11 @@ in rec {
];
hostname = "arhcive";
services.dhcpc =
let iface = config.hardware.networkInterfaces.lan;
in svc.network.dhcp.client.build {
let
iface = config.hardware.networkInterfaces.lan;
in
svc.network.dhcp.client.build {
interface = iface;
dependencies = [ config.services.hostname ];
};
@@ -45,7 +48,10 @@ in rec {
services.sshd = svc.ssh.build { };
services.watchdog = svc.watchdog.build {
watched = with config.services ; [ sshd dhcpc ];
watched = with config.services; [
sshd
dhcpc
];
};
services.resolvconf = oneshot rec {
@@ -63,17 +69,20 @@ in rec {
etc = dir {
"resolv.conf" = symlink "${services.resolvconf}/.outputs/resolv.conf";
};
srv = dir {};
srv = dir { };
};
services.defaultroute4 = svc.network.route.build {
via = "$(output ${services.dhcpc} router)";
target = "default";
dependencies = [services.dhcpc];
dependencies = [ services.dhcpc ];
};
programs.busybox = {
applets = ["lsusb" "tar"];
programs.busybox = {
applets = [
"lsusb"
"tar"
];
options = {
FEATURE_LS_TIMESTAMPS = "y";
FEATURE_LS_SORTFILES = "y";
@@ -108,7 +117,8 @@ in rec {
gid = backup
secrets file = ${secrets_file}/.outputs/secrets
'';
in longrun {
in
longrun {
name = "rsync";
run = ''
${pkgs.rsyncSmall}/bin/rsync --no-detach --daemon --config=${configFile}

35
examples/demo.nix
View File

@@ -14,7 +14,8 @@ let
ipv4LocalNet = "10.8.0";
svc = config.system.service;
in rec {
in
rec {
boot = {
tftp = {
freeSpaceBytes = 3 * 1024 * 1024;
@@ -99,8 +100,10 @@ in rec {
};
services.dns =
let interface = services.int;
in svc.dnsmasq.build {
let
interface = services.int;
in
svc.dnsmasq.build {
resolvconf = services.resolvconf;
inherit interface;
ranges = [
@@ -124,12 +127,16 @@ in rec {
services.wan = svc.pppoe.build {
interface = config.hardware.networkInterfaces.wan;
ppp-options = [
"debug" "+ipv6" "noauth"
"debug"
"+ipv6"
"noauth"
# EDIT: change the strings "chap-username"
# and "chap-secret" to match the username/password
# provided by your ISP for PPP logins
"name" "chap-username"
"password" "chap-secret"
"name"
"chap-username"
"password"
"chap-secret"
];
};
@@ -146,8 +153,10 @@ in rec {
};
filesystem =
let inherit (pkgs.pseudofile) dir symlink;
in dir {
let
inherit (pkgs.pseudofile) dir symlink;
in
dir {
etc = dir {
"resolv.conf" = symlink "${services.resolvconf}/.outputs/resolv.conf";
};
@@ -176,10 +185,12 @@ in rec {
# LAN interfaces respectively.
services.dhcp6c =
let client = svc.dhcp6c.client.build {
interface = services.wan;
};
in bundle {
let
client = svc.dhcp6c.client.build {
interface = services.wan;
};
in
bundle {
name = "dhcp6c";
contents = [
(svc.dhcp6c.prefix.build {

17
examples/extneder.nix
View File

@@ -10,10 +10,12 @@
lib,
modulesPath,
...
}: let
}:
let
secrets = import ./extneder-secrets.nix;
svc = config.system.service;
in rec {
in
rec {
boot = {
tftp = {
serverip = "192.168.8.148";
@@ -30,7 +32,7 @@ in rec {
hostname = "extneder";
profile.wap = {
interfaces = with config.hardware.networkInterfaces; [
interfaces = with config.hardware.networkInterfaces; [
lan
wlan
];
@@ -47,7 +49,12 @@ in rec {
};
};
services.sshd = svc.ssh.build {};
services.sshd = svc.ssh.build { };
users.root.passwd = lib.mkForce secrets.root.passwd;
defaultProfile.packages = with pkgs; [nftables strace tcpdump swconfig];
defaultProfile.packages = with pkgs; [
nftables
strace
tcpdump
swconfig
];
}

5
examples/hello-from-mt300.nix
View File

@@ -1,8 +1,9 @@
{ config, pkgs, ... } :
{ config, pkgs, ... }:
let
svc = config.system.service;
in rec {
in
rec {
imports = [
../modules/network
../modules/ssh

15
examples/hello-from-qemu.nix
View File

@@ -1,8 +1,9 @@
{ config, pkgs, ... } :
{ config, pkgs, ... }:
let
svc = config.system.service;
in rec {
in
rec {
imports = [
../modules/network
../modules/dnsmasq
@@ -14,7 +15,9 @@ in rec {
# configure the internal network (LAN) with an address
services.int = svc.network.address.build {
interface = config.hardware.networkInterfaces.lan;
family = "inet"; address ="10.3.0.1"; prefixLength = 16;
family = "inet";
address = "10.3.0.1";
prefixLength = 16;
};
services.sshd = svc.ssh.build { };
@@ -26,8 +29,10 @@ in rec {
};
services.dns =
let interface = services.int;
in svc.dnsmasq.build {
let
interface = services.int;
in
svc.dnsmasq.build {
inherit interface;
ranges = [
"10.3.0.10,10.3.0.240"

20
examples/module-https-proxy.nix
View File

@@ -19,19 +19,21 @@
{ config, pkgs, ... }:
let
inherit (pkgs.liminix.services) longrun;
inherit (pkgs.liminix.services) longrun;
inherit (pkgs) writeText;
nginx_uid = 62;
in {
in
{
config = {
users.nginx = {
uid = nginx_uid; gid= nginx_uid;
uid = nginx_uid;
gid = nginx_uid;
dir = "/run/";
shell = "/bin/false";
};
groups.nginx = {
gid= nginx_uid;
usernames = ["nginx"];
gid = nginx_uid;
usernames = [ "nginx" ];
};
services.sniproxy =
@@ -41,7 +43,8 @@ in {
zlib = null;
options = [
"stream"
"stream_ssl_module" "stream_ssl_preread_module"
"stream_ssl_module"
"stream_ssl_preread_module"
"stream_map_module"
];
};
@@ -71,8 +74,9 @@ in {
ssl_preread on;
}
}
'';
in longrun {
'';
in
longrun {
name = "sniproxy";
run = ''
${nginx}/bin/nginx -c ${conf}

34
examples/nwa50ax-ap.nix
View File

@@ -1,4 +1,4 @@
{ config, pkgs, ... } :
{ config, pkgs, ... }:
let
inherit (pkgs.liminix.services) target;
svc = config.system.service;
@@ -43,13 +43,16 @@ let
he_oper_centr_freq_seg0_idx = 42;
require_vht = 1;
};
mkWifiSta = params: interface: secrets: svc.hostapd.build {
inherit interface;
mkWifiSta =
params: interface: secrets:
svc.hostapd.build {
inherit interface;
params = params // {
inherit (secrets) ssid wpa_passphrase;
};
};
in rec {
};
in
rec {
imports = [
../modules/wlan.nix
../modules/network
@@ -87,8 +90,10 @@ in rec {
};
services.dhcpv4 =
let iface = services.int;
in svc.network.dhcp.client.build { interface = iface; };
let
iface = services.int;
in
svc.network.dhcp.client.build { interface = iface; };
services.defaultroute4 = svc.network.route.build {
via = "$(output ${services.dhcpv4} address)";
@@ -102,7 +107,9 @@ in rec {
};
services.ntp = config.system.service.ntp.build {
pools = { "pool.ntp.org" = ["iburst"] ; };
pools = {
"pool.ntp.org" = [ "iburst" ];
};
};
boot.tftp = {
@@ -113,7 +120,14 @@ in rec {
# wlan0 is the 2.4GHz interface.
services.hostap-1 = mkWifiSta baseParams config.hardware.networkInterfaces.wlan0 secrets-1;
# wlan1 is the 5GHz interface, e.g. AX capable.
services.hostap-2 = mkWifiSta (baseParams // modernParams) config.hardware.networkInterfaces.wlan1 secrets-2;
services.hostap-2 = mkWifiSta (
baseParams // modernParams
) config.hardware.networkInterfaces.wlan1 secrets-2;
defaultProfile.packages = with pkgs; [ zyxel-bootconfig iw min-collect-garbage mtdutils ];
defaultProfile.packages = with pkgs; [
zyxel-bootconfig
iw
min-collect-garbage
mtdutils
];
}

44
examples/recovery.nix
View File

@@ -1,4 +1,9 @@
{ config, pkgs, lib, ... } :
{
config,
pkgs,
lib,
...
}:
let
inherit (pkgs) serviceFns;
svc = config.system.service;
@@ -9,7 +14,8 @@ let
cd ${pkgs.util-linux-small}/bin
cp fdisk sfdisk mkswap $out/bin
'';
in rec {
in
rec {
imports = [
../modules/network
../modules/ssh
@@ -67,19 +73,23 @@ in rec {
'';
};
services.growfs = let name = "growfs"; in oneshot {
inherit name;
up = ''
device=$(grep /persist /proc/1/mountinfo | cut -f9 -d' ')
${pkgs.e2fsprogs}/bin/resize2fs $device
'';
};
services.growfs =
let
name = "growfs";
in
oneshot {
inherit name;
up = ''
device=$(grep /persist /proc/1/mountinfo | cut -f9 -d' ')
${pkgs.e2fsprogs}/bin/resize2fs $device
'';
};
filesystem = dir {
etc = dir {
"resolv.conf" = symlink "${services.resolvconf}/.outputs/resolv.conf";
};
mnt = dir {};
mnt = dir { };
};
rootfsType = "ext4";
@@ -92,20 +102,20 @@ in rec {
# create this hashed password string
passwd = "$6$y7WZ5hM6l5nriLmo$5AJlmzQZ6WA.7uBC7S8L4o19ESR28Dg25v64/vDvvCN01Ms9QoHeGByj8lGlJ4/b.dbwR9Hq2KXurSnLigt1W1";
openssh.authorizedKeys.keys =
let fromBuild =
(builtins.readFile
((builtins.toPath (builtins.getEnv "HOME")) + "/.ssh/authorized_keys")
);
in lib.splitString "\n" fromBuild;
let
fromBuild = (
builtins.readFile ((builtins.toPath (builtins.getEnv "HOME")) + "/.ssh/authorized_keys")
);
in
lib.splitString "\n" fromBuild;
};
defaultProfile.packages = with pkgs; [
e2fsprogs # ext4
btrfs-progs
mtdutils # mtd, jffs2, ubifs
dtc # you never know when you might need device tree stuff
dtc # you never know when you might need device tree stuff
some-util-linux
libubootenv # fw_{set,print}env
pciutils

47
examples/rotuer.nix
View File

@@ -4,7 +4,13 @@
# devices: mostly you will need to attend to the number of wlan and lan
# interfaces
{ config, pkgs, lib, modulesPath, ... } :
{
config,
pkgs,
lib,
modulesPath,
...
}:
let
secrets = {
domainName = "fake.liminix.org";
@@ -17,7 +23,8 @@ let
wmm_enabled = 1;
};
in rec {
in
rec {
boot = {
tftp = {
freeSpaceBytes = 3 * 1024 * 1024;
@@ -33,22 +40,26 @@ in rec {
profile.gateway = {
lan = {
interfaces = with config.hardware.networkInterfaces;
[
# EDIT: these are the interfaces exposed by the gl.inet gl-ar750:
# if your device has more or differently named lan interfaces,
# specify them here
wlan wlan5
lan
];
interfaces = with config.hardware.networkInterfaces; [
# EDIT: these are the interfaces exposed by the gl.inet gl-ar750:
# if your device has more or differently named lan interfaces,
# specify them here
wlan
wlan5
lan
];
inherit (secrets.lan) prefix;
address = {
family = "inet"; address ="${secrets.lan.prefix}.1"; prefixLength = 24;
family = "inet";
address = "${secrets.lan.prefix}.1";
prefixLength = 24;
};
dhcp = {
start = 10;
end = 240;
hosts = { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix);
hosts =
{ }
// lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix);
localDomain = "lan";
};
};
@@ -95,8 +106,13 @@ in rec {
};
services.ntp = svc.ntp.build {
pools = { "pool.ntp.org" = ["iburst"]; };
makestep = { threshold = 1.0; limit = 3; };
pools = {
"pool.ntp.org" = [ "iburst" ];
};
makestep = {
threshold = 1.0;
limit = 3;
};
};
services.sshd = svc.ssh.build { };
@@ -113,7 +129,8 @@ in rec {
programs.busybox = {
applets = [
"fdisk" "sfdisk"
"fdisk"
"sfdisk"
];
options = {
FEATURE_FANCY_TAIL = "y";

153
examples/router-with-l2tp.nix
View File

@@ -6,7 +6,8 @@
pkgs,
lib,
...
}: let
}:
let
secrets = import ./extneder-secrets.nix;
rsecrets = import ./rotuer-secrets.nix;
@@ -27,7 +28,10 @@
# to start l2tp unless the expected lns address is one of the
# addresses returned. I think this satisfies "do check the DNS"
lns = { hostname = "l2tp.aaisp.net.uk"; address = "194.4.172.12"; };
lns = {
hostname = "l2tp.aaisp.net.uk";
address = "194.4.172.12";
};
inherit (pkgs.liminix.services) oneshot longrun target;
inherit (pkgs.liminix) outputRef;
@@ -39,7 +43,8 @@
inherit (rsecrets) wpa_passphrase;
wmm_enabled = 1;
};
in rec {
in
rec {
boot = {
tftp = {
serverip = "10.0.0.1";
@@ -62,7 +67,9 @@ in rec {
services.wan-address-for-secrets = svc.network.address.build {
interface = config.hardware.networkInterfaces.wan;
family = "inet"; address ="10.0.0.10"; prefixLength = 24;
family = "inet";
address = "10.0.0.10";
prefixLength = 24;
};
services.secrets = svc.secrets.outboard.build {
@@ -83,22 +90,26 @@ in rec {
profile.gateway = {
lan = {
interfaces = with config.hardware.networkInterfaces;
[
# EDIT: these are the interfaces exposed by the gl.inet gl-ar750:
# if your device has more or differently named lan interfaces,
# specify them here
wlan wlan5
lan
];
interfaces = with config.hardware.networkInterfaces; [
# EDIT: these are the interfaces exposed by the gl.inet gl-ar750:
# if your device has more or differently named lan interfaces,
# specify them here
wlan
wlan5
lan
];
inherit (rsecrets.lan) prefix;
address = {
family = "inet"; address ="${rsecrets.lan.prefix}.1"; prefixLength = 24;
family = "inet";
address = "${rsecrets.lan.prefix}.1";
prefixLength = 24;
};
dhcp = {
start = 10;
end = 240;
hosts = { } // lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix);
hosts =
{ }
// lib.optionalAttrs (builtins.pathExists ./static-leases.nix) (import ./static-leases.nix);
localDomain = "lan";
};
};
@@ -107,7 +118,8 @@ in rec {
secret = outputRef config.services.secrets;
username = secret "ppp/username";
password = secret "ppp/password";
in {
in
{
interface =
let
pppoe = svc.pppoe.build {
@@ -126,21 +138,29 @@ in rec {
route = svc.network.route.build {
via = "$(output ${services.bootstrap-dhcpc} router)";
target = lns.address;
dependencies = [services.bootstrap-dhcpc check-address];
dependencies = [
services.bootstrap-dhcpc
check-address
];
};
l2tpd= svc.l2tp.build {
l2tpd = svc.l2tp.build {
lns = lns.address;
inherit username password;
dependencies = [config.services.lns-address route check-address];
dependencies = [
config.services.lns-address
route
check-address
];
};
in
svc.health-check.build {
service = l2tpd;
threshold = 3;
interval = 2;
healthCheck = pkgs.writeAshScript "ping-check" {} "ping 1.1.1.1";
};
in svc.round-robin.build {
svc.health-check.build {
service = l2tpd;
threshold = 3;
interval = 2;
healthCheck = pkgs.writeAshScript "ping-check" { } "ping 1.1.1.1";
};
in
svc.round-robin.build {
name = "wan";
services = [
pppoe
@@ -151,27 +171,33 @@ in rec {
};
wireless.networks = {
"${rsecrets.ssid}" = {
interface = config.hardware.networkInterfaces.wlan;
hw_mode = "g";
channel = "6";
ieee80211n = 1;
} // wirelessConfig // {
wpa_passphrase = outputRef config.services.secrets "wpa_passphrase";
};
"${rsecrets.ssid}" =
{
interface = config.hardware.networkInterfaces.wlan;
hw_mode = "g";
channel = "6";
ieee80211n = 1;
}
// wirelessConfig
// {
wpa_passphrase = outputRef config.services.secrets "wpa_passphrase";
};
"${rsecrets.ssid}5" = rec {
interface = config.hardware.networkInterfaces.wlan5;
hw_mode = "a";
channel = 36;
ht_capab = "[HT40+]";
vht_oper_chwidth = 1;
vht_oper_centr_freq_seg0_idx = channel + 6;
ieee80211n = 1;
ieee80211ac = 1;
} // wirelessConfig // {
wpa_passphrase = outputRef config.services.secrets "wpa_passphrase";
};
"${rsecrets.ssid}5" =
rec {
interface = config.hardware.networkInterfaces.wlan5;
hw_mode = "a";
channel = 36;
ht_capab = "[HT40+]";
vht_oper_chwidth = 1;
vht_oper_centr_freq_seg0_idx = channel + 6;
ieee80211n = 1;
ieee80211ac = 1;
}
// wirelessConfig
// {
wpa_passphrase = outputRef config.services.secrets "wpa_passphrase";
};
};
};
@@ -184,23 +210,28 @@ in rec {
authorizedKeys = outputRef config.services.secrets "ssh/authorizedKeys";
};
services.lns-address = let
ns = "$(output_word ${services.bootstrap-dhcpc} dns 1)";
route-to-bootstrap-nameserver = svc.network.route.build {
via = "$(output ${services.bootstrap-dhcpc} router)";
target = ns;
dependencies = [services.bootstrap-dhcpc];
services.lns-address =
let
ns = "$(output_word ${services.bootstrap-dhcpc} dns 1)";
route-to-bootstrap-nameserver = svc.network.route.build {
via = "$(output ${services.bootstrap-dhcpc} router)";
target = ns;
dependencies = [ services.bootstrap-dhcpc ];
};
in
oneshot rec {
name = "resolve-l2tp-server";
dependencies = [
services.bootstrap-dhcpc
route-to-bootstrap-nameserver
];
up = ''
(in_outputs ${name}
DNSCACHEIP="${ns}" ${pkgs.s6-dns}/bin/s6-dnsip4 ${lns.hostname} \
> addresses
)
'';
};
in oneshot rec {
name = "resolve-l2tp-server";
dependencies = [ services.bootstrap-dhcpc route-to-bootstrap-nameserver ];
up = ''
(in_outputs ${name}
DNSCACHEIP="${ns}" ${pkgs.s6-dns}/bin/s6-dnsip4 ${lns.hostname} \
> addresses
)
'';
};
users.root = rsecrets.root;

41
examples/turris.nix
View File

@@ -1,8 +1,14 @@
{ config, pkgs, lim, ... } :
{
config,
pkgs,
lim,
...
}:
let
svc = config.system.service;
in rec {
in
rec {
imports = [
../modules/network
../modules/ssh
@@ -29,12 +35,14 @@ in rec {
hostname = "omnia";
services.hostap =
let secrets = {
ssid = "not-the-internet";
channel = 4;
wpa_passphrase = "diamond dogs";
};
in svc.hostapd.build {
let
secrets = {
ssid = "not-the-internet";
channel = 4;
wpa_passphrase = "diamond dogs";
};
in
svc.hostapd.build {
interface = config.hardware.networkInterfaces.wlan;
params = {
country_code = "GB";
@@ -51,12 +59,14 @@ in rec {
};
services.hostap5 =
let secrets = {
ssid = "not-the-internet";
channel = 36;
wpa_passphrase = "diamond dogs";
};
in svc.hostapd.build {
let
secrets = {
ssid = "not-the-internet";
channel = 36;
wpa_passphrase = "diamond dogs";
};
in
svc.hostapd.build {
interface = config.hardware.networkInterfaces.wlan5;
params = {
country_code = "GB";
@@ -103,6 +113,7 @@ in rec {
};
defaultProfile.packages = with pkgs; [
figlet pciutils
figlet
pciutils
];
}