diff --git a/dns/common.nix b/dns/common.nix
index 3e3d7f1..160b727 100644
--- a/dns/common.nix
+++ b/dns/common.nix
@@ -69,7 +69,6 @@ let
in
# }}}
{
- satellite.dns.domain = "moonythm.dev";
satellite.dns.records = lib.flatten [
(ghPage "doffycup")
(ghPage "erratic-gate")
diff --git a/dns/pkgs.nix b/dns/pkgs.nix
index 837682e..4d0c823 100644
--- a/dns/pkgs.nix
+++ b/dns/pkgs.nix
@@ -1,37 +1,48 @@
-{ pkgs, self, ... }: rec {
+{ pkgs, self, ... }:
+rec {
octodns-zones =
let
- nixosConfigModules = pkgs.lib.mapAttrsToList
- (_: current: { satellite.dns = current.config.satellite.dns; })
- self.nixosConfigurations;
+ nixosConfigModules = pkgs.lib.mapAttrsToList (
+ key: current:
+ # The iso image doesn't do any dns stuff
+ if key == "iso" then
+ { }
+ else
+ # Copy over all dns records
+ { satellite.dns = current.config.satellite.dns; }
+ ) self.nixosConfigurations;
evaluated = pkgs.lib.evalModules {
- specialArgs = { inherit pkgs; };
+ specialArgs = {
+ inherit pkgs;
+ };
modules = [
../modules/nixos/dns.nix
../modules/common/octodns.nix
./common.nix
- ]
- ++ nixosConfigModules;
+ ] ++ nixosConfigModules;
};
in
evaluated.config.satellite.dns.octodns;
- octodns-sync =
- pkgs.symlinkJoin {
- name = "octodns-sync";
- paths = [ self.packages.${pkgs.system}.octodns ];
- buildInputs = [ pkgs.makeWrapper pkgs.yq ];
- postBuild = ''
- cat ${./octodns.yaml} | yq '.providers.zones.directory="${octodns-zones}"' > $out/config.yaml
- wrapProgram $out/bin/octodns-sync \
- --run 'export CLOUDFLARE_TOKEN=$( \
- sops \
- --decrypt \
- --extract "[\"cloudflare_dns_api_token\"]" \
- ./hosts/nixos/common/secrets.yaml \
- )' \
- --add-flags "--config-file $out/config.yaml"
- '';
- };
-}
+ octodns-sync = pkgs.symlinkJoin {
+ name = "octodns-sync";
+ paths = [ self.packages.${pkgs.system}.octodns ];
+ buildInputs = [
+ pkgs.makeWrapper
+ pkgs.yq
+ ];
+
+ postBuild = ''
+ cat ${./octodns.yaml} | yq '.providers.zones.directory="${octodns-zones}"' > $out/config.yaml
+ wrapProgram $out/bin/octodns-sync \
+ --run 'export CLOUDFLARE_TOKEN=$( \
+ sops \
+ --decrypt \
+ --extract "[\"cloudflare_dns_api_token\"]" \
+ ./hosts/nixos/common/secrets.yaml \
+ )' \
+ --add-flags "--config-file $out/config.yaml"
+ '';
+ };
+}
diff --git a/flake.lock b/flake.lock
index 93b6cc7..266f2f7 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1475,11 +1475,11 @@
},
"nixpkgs-unstable": {
"locked": {
- "lastModified": 1724819573,
- "narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=",
+ "lastModified": 1728492678,
+ "narHash": "sha256-9UTxR8eukdg+XZeHgxW5hQA9fIKHsKCdOIUycTryeVw=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "71e91c409d1e654808b2621f28a327acfdad8dc2",
+ "rev": "5633bcff0c6162b9e4b5f1264264611e950c8ec7",
"type": "github"
},
"original": {
@@ -1632,11 +1632,11 @@
},
"nixpkgs_7": {
"locked": {
- "lastModified": 1720691131,
- "narHash": "sha256-CWT+KN8aTPyMIx8P303gsVxUnkinIz0a/Cmasz1jyIM=",
+ "lastModified": 1728500571,
+ "narHash": "sha256-dOymOQ3AfNI4Z337yEwHGohrVQb4yPODCW9MDUyAc4w=",
"owner": "nixos",
"repo": "nixpkgs",
- "rev": "a046c1202e11b62cbede5385ba64908feb7bfac4",
+ "rev": "d51c28603def282a24fa034bcb007e2bcb5b5dd0",
"type": "github"
},
"original": {
diff --git a/flake.nix b/flake.nix
index 16255b8..f7159fc 100644
--- a/flake.nix
+++ b/flake.nix
@@ -104,7 +104,7 @@
in
myPkgs
// {
- octodns = upkgs.octodns.withProviders (ps: [ myPkgs.octodns-cloudflare ]);
+ octodns = myPkgs.octodns.withProviders (ps: [ myPkgs.octodns-cloudflare ]);
}
// (import ./dns/pkgs.nix) { inherit pkgs self system; }
);
diff --git a/modules/common/octodns.nix b/modules/common/octodns.nix
index 2d93246..08ddc06 100644
--- a/modules/common/octodns.nix
+++ b/modules/common/octodns.nix
@@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
+ config,
+ pkgs,
+ lib,
+ ...
+}:
let
format = pkgs.formats.yaml { };
cfg = config.satellite.dns;
@@ -12,32 +17,29 @@ in
config.satellite.dns.octodns =
let
grouped = builtins.groupBy (entry: entry.zone) cfg.records;
- cpLines = lib.mapAttrsToList
- (zone: group:
- let
- grouped = builtins.groupBy (entry: entry.at) group;
- contents = lib.mapAttrs
- (at: entries: lib.lists.forEach entries
- (entry:
- let
- content =
- if builtins.typeOf entry.value == "list"
- then { values = entry.value; }
- else { inherit (entry) value; };
- cloudflare =
- if entry.enableCloudflareProxy then {
- octodns.cloudflare.proxied = true;
- } else { };
- in
- { inherit (entry) ttl type; }
- // content // cloudflare
- ))
- grouped;
- file = format.generate "${zone}.yaml" contents;
- in
- "cp ${file} $out/${zone}.yaml"
- )
- grouped;
+ cpLines = lib.mapAttrsToList (
+ zone: group:
+ let
+ grouped = builtins.groupBy (entry: entry.at) group;
+ contents = lib.mapAttrs (
+ at: entries:
+ lib.lists.forEach entries (
+ entry:
+ let
+ content =
+ if builtins.typeOf entry.value == "list" then
+ { values = entry.value; }
+ else
+ { inherit (entry) value; };
+ cloudflare = if entry.enableCloudflareProxy then { octodns.cloudflare.proxied = true; } else { };
+ in
+ { inherit (entry) ttl type; } // content // cloudflare
+ )
+ ) grouped;
+ file = format.generate "${zone}.yaml" contents;
+ in
+ "cp ${file} $out/${zone}.yaml"
+ ) grouped;
in
pkgs.runCommand "octodns-zones" { } ''
mkdir $out
diff --git a/modules/nixos/cloudflared.nix b/modules/nixos/cloudflared.nix
index 69a5d25..ab0b424 100644
--- a/modules/nixos/cloudflared.nix
+++ b/modules/nixos/cloudflared.nix
@@ -85,6 +85,7 @@ in
at = subdomain;
zone = cfg.domain;
value = "${cfg.tunnel}.cfargotunnel.com.";
+ enableCloudflareProxy = true;
};
in
lib.attrsets.mapAttrsToList (_: mkDnsRecord) cfg.at;
diff --git a/modules/nixos/dns.nix b/modules/nixos/dns.nix
index edaad21..d9afce8 100644
--- a/modules/nixos/dns.nix
+++ b/modules/nixos/dns.nix
@@ -1,4 +1,9 @@
-{ config, pkgs, lib, ... }:
+{
+ config,
+ pkgs,
+ lib,
+ ...
+}:
let
format = pkgs.formats.yaml { };
cfg = config.satellite.dns;
@@ -13,47 +18,59 @@ in
records = lib.mkOption {
description = "List of records to create";
default = [ ];
- type = lib.types.listOf (lib.types.submodule ({ config, ... }: {
- options = {
- at = lib.mkOption {
- description = "Subdomain to use for entry";
- type = lib.types.nullOr lib.types.str;
- };
+ type = lib.types.listOf (
+ lib.types.submodule (
+ { config, ... }:
+ {
+ options = {
+ at = lib.mkOption {
+ description = "Subdomain to use for entry";
+ type = lib.types.nullOr lib.types.str;
+ };
- zone = lib.mkOption {
- description = "Zone this record is a part of";
- type = lib.types.str;
- default = cfg.domain;
- };
+ zone = lib.mkOption {
+ description = "Zone this record is a part of";
+ type = lib.types.str;
+ default = cfg.domain;
+ };
- type = lib.mkOption {
- type = lib.types.enum [ "A" "AAAA" "TXT" "CNAME" "MX" ];
- description = "The type of the DNS record";
- };
+ type = lib.mkOption {
+ type = lib.types.enum [
+ "A"
+ "AAAA"
+ "TXT"
+ "CNAME"
+ "MX"
+ ];
+ description = "The type of the DNS record";
+ };
- to = lib.mkOption {
- type = lib.types.nullOr lib.types.str;
- description = "Shorthand for CNMAE-ing to a subdomain of the given zone";
- default = null;
- };
+ to = lib.mkOption {
+ type = lib.types.nullOr lib.types.str;
+ description = "Shorthand for CNMAE-ing to a subdomain of the given zone";
+ default = null;
+ };
- value = lib.mkOption {
- type = format.type;
- description = "The value assigned to the record, in octodns format";
- };
+ value = lib.mkOption {
+ type = format.type;
+ description = "The value assigned to the record, in octodns format";
+ };
- ttl = lib.mkOption {
- type = lib.types.int;
- description = "The TTL assigned to the record";
- default = 300;
- };
+ ttl = lib.mkOption {
+ type = lib.types.int;
+ description = "The TTL assigned to the record";
+ default = 300;
+ };
- enableCloudflareProxy = lib.mkEnableOption "proxying using cloudflare";
- };
+ enableCloudflareProxy = lib.mkEnableOption "proxying using cloudflare";
+ };
- config.value = lib.mkIf (config.type == "CNAME" && config.to != null)
- "${config.to}.${config.zone}.";
- }));
+ config.value = lib.mkIf (
+ config.type == "CNAME" && config.to != null
+ ) "${config.to}.${config.zone}.";
+ }
+ )
+ );
};
};
}
diff --git a/modules/nixos/nginx.nix b/modules/nixos/nginx.nix
index 8dd0008..84f0f63 100644
--- a/modules/nixos/nginx.nix
+++ b/modules/nixos/nginx.nix
@@ -1,5 +1,6 @@
{ config, lib, ... }:
-let cfg = config.satellite.nginx;
+let
+ cfg = config.satellite.nginx;
in
{
options.satellite.nginx = {
@@ -11,88 +12,102 @@ in
at = lib.mkOption {
description = "Per-subdomain nginx configuration";
- type = lib.types.attrsOf (lib.types.submodule ({ name, config, ... }: {
- options.subdomain = lib.mkOption {
- description = ''
- Subdomain to use for host generation.
- Only required if `host` is not set manually.
- '';
- type = lib.types.str;
- default = name;
- };
+ type = lib.types.attrsOf (
+ lib.types.submodule (
+ { name, config, ... }:
+ {
+ options.subdomain = lib.mkOption {
+ description = ''
+ Subdomain to use for host generation.
+ Only required if `host` is not set manually.
+ '';
+ type = lib.types.str;
+ default = name;
+ };
- options.host = lib.mkOption {
- description = "Host to route requests from";
- type = lib.types.str;
- };
+ options.host = lib.mkOption {
+ description = "Host to route requests from";
+ type = lib.types.str;
+ };
- config.host = "${config.subdomain}.${cfg.domain}";
+ config.host = "${config.subdomain}.${cfg.domain}";
- options.url = lib.mkOption {
- description = "External https url used to access this host";
- type = lib.types.str;
- };
+ options.url = lib.mkOption {
+ description = "External https url used to access this host";
+ type = lib.types.str;
+ };
- config.url = "https://${config.host}";
+ config.url = "https://${config.host}";
- options.port = lib.mkOption {
- description = "Port to proxy requests to";
- type = lib.types.nullOr lib.types.port;
- default = null;
- };
+ options.port = lib.mkOption {
+ description = "Port to proxy requests to";
+ type = lib.types.nullOr lib.types.port;
+ default = null;
+ };
- options.files = lib.mkOption {
- description = "Path to serve files from";
- type = lib.types.nullOr lib.types.path;
- default = null;
- };
- }));
+ options.files = lib.mkOption {
+ description = "Path to serve files from";
+ type = lib.types.nullOr lib.types.path;
+ default = null;
+ };
+ }
+ )
+ );
default = { };
};
};
config = {
assertions =
- let assertSingleTarget = config:
- {
+ let
+ assertSingleTarget = config: {
assertion = (config.port == null) == (config.files != null);
message = ''
Precisely one of the options 'satellite.nginx.at.${config.subdomain}.port'
and 'satellite.nginx.at.${config.subdomain}.files' must be specified.
'';
};
- in lib.mapAttrsToList (_: assertSingleTarget) cfg.at;
+ in
+ lib.mapAttrsToList (_: assertSingleTarget) cfg.at;
services.nginx.virtualHosts =
- let mkNginxConfig = { host, port, files, ... }: {
- name = host;
- value =
- let extra =
- if port != null then {
- locations."/" = {
- proxyPass = "http://localhost:${toString port}";
- proxyWebsockets = true;
- };
+ let
+ mkNginxConfig = args: {
+ name = args.host;
+ value =
+ let
+ extra =
+ if args.port != null then
+ {
+ locations."/" = {
+ proxyPass = "http://localhost:${toString args.port}";
+ proxyWebsockets = true;
+ };
+ }
+ else
+ { root = args.files; };
+ in
+ {
+ enableACME = true;
+ acmeRoot = null;
+ forceSSL = true;
}
- else {
- root = files;
- };
- in
- {
- enableACME = true;
- acmeRoot = null;
- forceSSL = true;
- } // extra;
- };
- in lib.attrsets.mapAttrs' (_: mkNginxConfig) cfg.at;
+ // extra;
+ };
+ in
+ lib.attrsets.mapAttrs' (_: mkNginxConfig) cfg.at;
satellite.dns.records =
- let mkDnsRecord = { subdomain, ... }: {
- type = "CNAME";
- zone = cfg.domain;
- at = subdomain;
- to = "${config.networking.hostName}.${cfg.domain}.";
- };
- in lib.attrsets.mapAttrsToList (_: mkDnsRecord) cfg.at;
+ let
+ mkDnsRecord =
+ { subdomain, ... }:
+ {
+ type = "CNAME";
+ zone = cfg.domain;
+ at = subdomain;
+ to = config.networking.hostName;
+ };
+ in
+ lib.attrsets.mapAttrsToList (_: mkDnsRecord) cfg.at;
};
}
diff --git a/pkgs/default.nix b/pkgs/default.nix
index 91c8bae..1c6447f 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -1,12 +1,29 @@
# Custom packages, that can be defined similarly to ones from nixpkgs
# You can build them using 'nix build .#example' or (legacy) 'nix-build -A example'
-{ pkgs ? (import ../nixpkgs.nix) { }, upkgs ? pkgs, ... }:
-let plymouthThemes = pkgs.callPackage (import ./plymouth-themes.nix) { }; in
{
- # example = pkgs.callPackage (import ./example.nix) {};
+ pkgs ? (import ../nixpkgs.nix) { },
+ upkgs ? pkgs,
+ ...
+}:
+let
+ plymouthThemes = pkgs.callPackage (import ./plymouth-themes.nix) { };
+in
+rec {
+ plymouthThemeCutsAlt = plymouthThemes.cuts_alt;
vimclip = pkgs.callPackage (import ./vimclip.nix) { };
homer = pkgs.callPackage (import ./homer.nix) { };
- octodns-cloudflare = pkgs.python3Packages.callPackage (import ./octodns-cloudflare.nix) { };
- plymouthThemeCutsAlt = plymouthThemes.cuts_alt;
+
+ octodns = pkgs.octodns.overrideAttrs (_: {
+ version = "unstable-2024-10-08";
+ src = pkgs.fetchFromGitHub {
+ owner = "octodns";
+ repo = "octodns";
+ rev = "a1456cb1fcf00916ca06b204755834210a3ea9cf";
+ sha256 = "192hbxhb0ghcbzqy3h8q194n4iy7bqfj9ra9qqjff3x2z223czxb";
+ };
+ });
+ octodns-cloudflare = pkgs.python3Packages.callPackage (import ./octodns-cloudflare.nix) {
+ inherit octodns;
+ };
}
diff --git a/pkgs/octodns-cloudflare.nix b/pkgs/octodns-cloudflare.nix
index e960238..2fd27cc 100644
--- a/pkgs/octodns-cloudflare.nix
+++ b/pkgs/octodns-cloudflare.nix
@@ -1,18 +1,18 @@
-{ lib
-, buildPythonPackage
-, fetchFromGitHub
-, octodns
-, pytestCheckHook
-, pythonOlder
-, dnspython
-, setuptools
-, requests
-, requests-mock
+{
+ buildPythonPackage,
+ fetchFromGitHub,
+ octodns,
+ pytestCheckHook,
+ pythonOlder,
+ dnspython,
+ setuptools,
+ requests,
+ requests-mock,
}:
-buildPythonPackage rec {
+buildPythonPackage {
pname = "octodns-cloudflare";
- version = "unstable-2024-05-31";
+ version = "unstable-2024-10-08";
pyproject = true;
disabled = pythonOlder "3.8";
@@ -20,13 +20,11 @@ buildPythonPackage rec {
src = fetchFromGitHub {
owner = "octodns";
repo = "octodns-cloudflare";
- rev = "3c01938e280767f433eb276a75d6b02c152c02af";
- sha256 = "1dnvyvf6mlpqcsrj11192li2mhqfs8w6pvaqmsy3jsqjqczmgmf5";
+ rev = "61a4b404b15c0c14cb18d36b48b834490e743319";
+ sha256 = "0kcih4dxgl9ihh22j6d7dbd0d1ylrjp6f60w1p5gzyini1c0a0x1";
};
- nativeBuildInputs = [
- setuptools
- ];
+ nativeBuildInputs = [ setuptools ];
propagatedBuildInputs = [
octodns