wirenix/wire.nix

/*
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at https://mozilla.org/MPL/2.0/.
 */
{ config, lib, ... }@inputs: 
with lib;
with import ./lib.nix;
with builtins;
let 
  cfg = config.wirenix;
  parsers = defaultParsers // cfg.additionalParsers;
  configurers = defaultConfigurers // cfg.additionalConfigurers;
  availableKeyProviders = defaultKeyProviders // cfg.additionalKeyProviders;
  acl = cfg.aclConfig;
  parser = parsers."${acl.version}" inputs;
  configurer = (getAttr cfg.configurer configurers) inputs; #config.wirenix.configurer inputs;
  keyProviders = map (providerName: getAttr providerName availableKeyProviders) cfg.keyProviders; # config.wirenix.keyProviders;
  mkMergeTopLevel = names: attrs: attrsets.getAttrs names (
    mapAttrs (k: v: mkMerge v) (attrsets.foldAttrs (n: a: [n] ++ a) [] attrs)
  );
  /** 
   *  We can merge if we want to
   *  We can leave your friends behind
   * 'Cause your friends don't merge and if they don't merge
   *  Well they're, no friends of mine.
   */
  safetyMerge = possibleTopLevelKeys: attrs: 
    (mkMergeTopLevel possibleTopLevelKeys ((lists.singleton (attrsets.genAttrs possibleTopLevelKeys (name: {})))++attrs));
in
{
  options = {
    age = {};
    sops = {};
    wirenix = {
      enable = mkEnableOption "wirenix";
      peerName = mkOption {
        default = config.networking.hostName;
        defaultText = literalExpression "hostName";
        example = "bernd";
        type = types.str;
        description = mdDoc ''
          Name of the peer using this module, to match the name in
          `wirenix.config.peers.*.name`
        '';
      };
      configurer = mkOption {
        default = "static";
        type = types.str;
        description = mdDoc ''
          Configurer to use. Builtin values can be 
          "static" or "networkd". Or, you can put
          your own configurer that you registered in
          `additionalConfigurers` here.
        '';
      };
      keyProviders = mkOption {
        default = ["acl"];
        type = with types; listOf str;
        description = mdDoc ''
          List of key providers. Key providers will be queried in order.
          Builtin providers are `wirenix.lib.defaultKeyProviders.acl`
          and `wirenix.lib.defaultKeyProviders.agenix-rekey`. The latter
          requires the agenix-rekey flake.
        '';
      };
      additionalKeyProviders = mkOption {
        default = {};
        type = with types; attrsOf (functionTo attrs);
        description = mdDoc ''
          Additional key providers to load, with their names being used to select them in the
          `keyProviders` option
        '';
      };
      additionalParsers = mkOption {
        default = {};
        type = with types; attrsOf (functionTo attrs);
        description = mdDoc ''
          Additional parsers to load, with their names being used to compare to the acl's
          "version" field.
        '';
      };
      additionalConfigurers = mkOption {
        default = {};
        type = with types; attrsOf (functionTo attrs);
        description = mdDoc ''
          Additional configurers to load, with their names being used to select them in the
          `configurer` option.
        '';
      };
      aclConfig = mkOption {
        type = types.attrs;
        description = ''
          Shared configuration file that describes all clients
        '';
      };
      secretsDir = mkOption {
        default = null;
        type = with types; nullOr path;
        description = mdDoc ''
          If using a secrets manager, where you have wirenix secrets stored. Must be
          the same on all peers that need to connect to eachother
        '';
      };
    };
  };
  
  # --------------------------------------------------------------- #
  # Due to merge weirdness, I have to define what configuration keys
  # we're touching upfront, and make sure they exist
  config = mkIf cfg.enable (safetyMerge ["networking" "sops" "age" "systemd" "services" "environment"]
    [
      (configurer keyProviders (parser acl) cfg.peerName)
    ]
  );
}
add license 1 year ago			`/*`
			`* This Source Code Form is subject to the terms of the Mozilla Public`
			`* License, v. 2.0. If a copy of the MPL was not distributed with this`
			`* file, You can obtain one at https://mozilla.org/MPL/2.0/.`
			`*/`
you know it's good when you keep rewriting it 1 year ago			`{ config, lib, ... }@inputs:`
Made helper functions to remap data in more config-friendly ways 1 year ago			`with lib;`
improved documentation 1 year ago			`with import ./lib.nix;`
Bumper car bugfixing until it actually works as a flake 1 year ago			`with builtins;`
			`let`
			`cfg = config.wirenix;`
			`parsers = defaultParsers // cfg.additionalParsers;`
			`configurers = defaultConfigurers // cfg.additionalConfigurers;`
			`availableKeyProviders = defaultKeyProviders // cfg.additionalKeyProviders;`
			`acl = cfg.aclConfig;`
			`parser = parsers."${acl.version}" inputs;`
			`configurer = (getAttr cfg.configurer configurers) inputs; #config.wirenix.configurer inputs;`
			`keyProviders = map (providerName: getAttr providerName availableKeyProviders) cfg.keyProviders; # config.wirenix.keyProviders;`
			`mkMergeTopLevel = names: attrs: attrsets.getAttrs names (`
			`mapAttrs (k: v: mkMerge v) (attrsets.foldAttrs (n: a: [n] ++ a) [] attrs)`
			`);`
			`/**`
			`* We can merge if we want to`
			`* We can leave your friends behind`
			`* 'Cause your friends don't merge and if they don't merge`
			`* Well they're, no friends of mine.`
			`*/`
			`safetyMerge = possibleTopLevelKeys: attrs:`
			`(mkMergeTopLevel possibleTopLevelKeys ((lists.singleton (attrsets.genAttrs possibleTopLevelKeys (name: {})))++attrs));`
			`in`
Made helper functions to remap data in more config-friendly ways 1 year ago			`{`
			`options = {`
Simple test 1 year ago			`age = {};`
			`sops = {};`
added options for specifying endpoints, other refactoring 1 year ago			`wirenix = {`
Bumper car bugfixing until it actually works as a flake 1 year ago			`enable = mkEnableOption "wirenix";`
added options for specifying endpoints, other refactoring 1 year ago			`peerName = mkOption {`
			`default = config.networking.hostName;`
			`defaultText = literalExpression "hostName";`
			`example = "bernd";`
			`type = types.str;`
			`description = mdDoc ''`
			`Name of the peer using this module, to match the name in`
			`wirenix.config.peers.*.name`
			`'';`
			`};`
you know it's good when you keep rewriting it 1 year ago			`configurer = mkOption {`
Bumper car bugfixing until it actually works as a flake 1 year ago			`default = "static";`
			`type = types.str;`
you know it's good when you keep rewriting it 1 year ago			`description = mdDoc ''`
Key providers and other changes I forgot (sorry git historians) 1 year ago			`Configurer to use. Builtin values can be`
add networkd 1 year ago			`"static" or "networkd". Or, you can put`
			`your own configurer that you registered in`
			`additionalConfigurers` here.
you know it's good when you keep rewriting it 1 year ago			`'';`
			`};`
Key providers and other changes I forgot (sorry git historians) 1 year ago			`keyProviders = mkOption {`
Bumper car bugfixing until it actually works as a flake 1 year ago			`default = ["acl"];`
			`type = with types; listOf str;`
you know it's good when you keep rewriting it 1 year ago			`description = mdDoc ''`
Key providers and other changes I forgot (sorry git historians) 1 year ago			`List of key providers. Key providers will be queried in order.`
			Builtin providers are `wirenix.lib.defaultKeyProviders.acl`
			and `wirenix.lib.defaultKeyProviders.agenix-rekey`. The latter
			`requires the agenix-rekey flake.`
you know it's good when you keep rewriting it 1 year ago			`'';`
			`};`
Bumper car bugfixing until it actually works as a flake 1 year ago			`additionalKeyProviders = mkOption {`
			`default = {};`
			`type = with types; attrsOf (functionTo attrs);`
			`description = mdDoc ''`
			`Additional key providers to load, with their names being used to select them in the`
			`keyProviders` option
			`'';`
			`};`
you know it's good when you keep rewriting it 1 year ago			`additionalParsers = mkOption {`
Bumper car bugfixing until it actually works as a flake 1 year ago			`default = {};`
			`type = with types; attrsOf (functionTo attrs);`
you know it's good when you keep rewriting it 1 year ago			`description = mdDoc ''`
			`Additional parsers to load, with their names being used to compare to the acl's`
Key providers and other changes I forgot (sorry git historians) 1 year ago			`"version" field.`
you know it's good when you keep rewriting it 1 year ago			`'';`
			`};`
Bumper car bugfixing until it actually works as a flake 1 year ago			`additionalConfigurers = mkOption {`
Made helper functions to remap data in more config-friendly ways 1 year ago			`default = {};`
Bumper car bugfixing until it actually works as a flake 1 year ago			`type = with types; attrsOf (functionTo attrs);`
			`description = mdDoc ''`
			`Additional configurers to load, with their names being used to select them in the`
			`configurer` option.
			`'';`
			`};`
			`aclConfig = mkOption {`
			`type = types.attrs;`
Made helper functions to remap data in more config-friendly ways 1 year ago			`description = ''`
			`Shared configuration file that describes all clients`
			`'';`
			`};`
Key providers and other changes I forgot (sorry git historians) 1 year ago			`secretsDir = mkOption {`
Bumper car bugfixing until it actually works as a flake 1 year ago			`default = null;`
			`type = with types; nullOr path;`
Key providers and other changes I forgot (sorry git historians) 1 year ago			`description = mdDoc ''`
Bumper car bugfixing until it actually works as a flake 1 year ago			`If using a secrets manager, where you have wirenix secrets stored. Must be`
			`the same on all peers that need to connect to eachother`
Key providers and other changes I forgot (sorry git historians) 1 year ago			`'';`
			`};`
Made helper functions to remap data in more config-friendly ways 1 year ago			`};`
			`};`

			`# --------------------------------------------------------------- #`
Bumper car bugfixing until it actually works as a flake 1 year ago			`# Due to merge weirdness, I have to define what configuration keys`
			`# we're touching upfront, and make sure they exist`
add mailing list, fix disable not doing anything, make "null test" test disable 1 year ago			`config = mkIf cfg.enable (safetyMerge ["networking" "sops" "age" "systemd" "services" "environment"]`
Bumper car bugfixing until it actually works as a flake 1 year ago			`[`
			`(configurer keyProviders (parser acl) cfg.peerName)`
			`]`
			`);`
Made helper functions to remap data in more config-friendly ways 1 year ago			`}`