release
Matthew Salerno 1 year ago
parent 610449680d
commit 0a3ebc78df

@ -1,12 +1,10 @@
{config, lib, ...}: intermediateConfig: {lib, ...}: intermediateConfig: peerName:
with lib.trivial; with lib.trivial;
with lib.attrsets; with lib.attrsets;
with lib.lists; with lib.lists;
with lib; with lib;
let let
# check whether or not agenix-rekey exists thisPeer = intermediateConfig.peers."${peerName}";
has-rekey = config ? rekey;
thisPeer = intermediateConfig.peers."${config.wirenix.peerName}";
# these aren't really important, I just wanted to reverse the argument order # these aren't really important, I just wanted to reverse the argument order
forEachAttr' = flip mapAttrs'; forEachAttr' = flip mapAttrs';
forEachAttrToList = flip mapAttrsToList; forEachAttrToList = flip mapAttrsToList;

@ -3,6 +3,7 @@
outputs = { self, ... }: outputs = { self, ... }:
{ {
nixosModules.myModule = import ./wire.nix; lib = import ./lib.nix;
nixosModules.myModule = import ./wire.nix;
}; };
} }

@ -10,13 +10,21 @@ rec {
*/ */
listOfSetsToSetByKey = key: list: listOfSetsToSetByKey = key: list:
listToAttrs ( listToAttrs (
forEach list (elem: { map (item: {
name = elem."${key}"; name = item."${key}";
value = removeAttrs elem [ key ]; value = removeAttrs item [ key ];
}) }) list
); );
/** */ /** */
mapListOfSetsToSetByKey = function: list: mapAttrs (name: value: function value) (listOfSetsToSetByKey list); mapListOfSetsToSetByKey = key: function: list:
mapAttrs (name: value: removeAttrs (function value) [key]) (
listToAttrs (
map (item: {
name = item."${key}";
value = item;
}) list
)
);
/** adds colons to a string every 4 characters for IPv6 shenanigans */ /** adds colons to a string every 4 characters for IPv6 shenanigans */
addColonsToIPv6 = string: addColonsToIPv6 = string:
if ((stringLength string) > 4) if ((stringLength string) > 4)

@ -7,7 +7,7 @@ with builtins;
let let
/** parsePeer :: acl_peer -> ic_peer */ /** parsePeer :: acl_peer -> ic_peer */
parsePeer = acl_peer: { parsePeer = acl_peer: {
subnetConnections = listOfSetsToSetByKey "name" (pipeMap [subnetFromName (getSubnetConnectionAndName acl_peer)] acl_peer.subnets); subnetConnections = listOfSetsToSetByKey "name" (pipeMap [subnetFromName (getSubnetConnectionAndName acl_peer)] (attrNames acl_peer.subnets));
publicKey = acl_peer.publicKey; publicKey = acl_peer.publicKey;
privateKeyFile = acl_peer.privateKeyFile; privateKeyFile = acl_peer.privateKeyFile;
} // } //
@ -20,12 +20,12 @@ let
/** parseGroup :: acl_group -> ic_group */ /** parseGroup :: acl_group -> ic_group */
parseGroup = acl_group: { parseGroup = acl_group: {
peers = mapListOfSetsToSetByKey parsePeer (selectPeers [{type="group"; rule="is"; value="${acl_group.name}";}]); peers = mapListOfSetsToSetByKey "name" parsePeer (selectPeers [{type="group"; rule="is"; value="${acl_group.name}";}]);
} // (if acl_group ? extraArgs then {extraArgs = acl_group.extraArgs;} else {}); } // (if acl_group ? extraArgs then {extraArgs = acl_group.extraArgs;} else {});
/** parseSubnet :: acl_subnet -> ic_subnet */ /** parseSubnet :: acl_subnet -> ic_subnet */
parseSubnet = acl_subnet: { parseSubnet = acl_subnet: {
peers = mapListOfSetsToSetByKey parsePeer (selectPeers [{type="subnet"; rule="is"; value="${acl_subnet.name}";}]); peers = mapListOfSetsToSetByKey "name" parsePeer (selectPeers [{type="subnet"; rule="is"; value="${acl_subnet.name}";}]);
} // (if acl_subnet ? extraArgs then {extraArgs = acl_subnet.extraArgs;} else {}); } // (if acl_subnet ? extraArgs then {extraArgs = acl_subnet.extraArgs;} else {});
/** getSubnetConnection :: acl_peer -> acl_subnet -> (subnetConnection // {name}) */ /** getSubnetConnection :: acl_peer -> acl_subnet -> (subnetConnection // {name}) */
@ -48,7 +48,7 @@ let
/** getPeerConnections :: acl_peer -> acl_subnet -> str -> peerConnection */ /** getPeerConnections :: acl_peer -> acl_subnet -> str -> peerConnection */
getPeerConnections = acl_peerFrom: acl_subnet: getPeerConnections = acl_peerFrom: acl_subnet:
let let
filterSubnets = connection: elem acl_subnet.name connection.subnets; filterSubnets = connection: !(connection ? subnets) || elem acl_subnet.name connection.subnets;
filterPeer = key: acl_peer: connection: elem acl_peer.name (catAttrs "name" (selectPeers connection."${key}")); filterPeer = key: acl_peer: connection: elem acl_peer.name (catAttrs "name" (selectPeers connection."${key}"));
getConnectionsX = key: filter (connection: all (x: x connection) [filterSubnets (filterPeer key acl_peerFrom)]) v1_acl.connections; getConnectionsX = key: filter (connection: all (x: x connection) [filterSubnets (filterPeer key acl_peerFrom)]) v1_acl.connections;
getConnectionsA = getConnectionsX "a"; getConnectionsA = getConnectionsX "a";
@ -63,20 +63,32 @@ let
foldl' mergeAttrs {} extraArgsList; foldl' mergeAttrs {} extraArgsList;
in in
listOfSetsToSetByKey "name" (map (acl_peerTo: listOfSetsToSetByKey "name" (map (acl_peerTo:
let
extraArgs = getExtraArgs acl_peerTo;
in
{ {
name = acl_peerTo.name; name = acl_peerTo.name;
peer = parsePeer acl_peerTo; peer = parsePeer acl_peerTo;
ipAddresses = getIpAddresses acl_peerTo acl_subnet; ipAddresses = getIpAddresses acl_peerTo acl_subnet;
endpoint = getEndpoint acl_peerFrom acl_peerTo; endpoint = getEndpoint acl_subnet acl_peerFrom acl_peerTo;
extraArgs = getExtraArgs acl_peerTo; } // (if extraArgs == {} then {} else {inherit extraArgs;})
}) allOtherPeers); ) allOtherPeers);
/** getEndpoint :: acl_peer -> acl_peer -> ic_endpoint */ /** getEndpoint :: acl_peer -> acl_peer -> ic_endpoint */
getEndpoint = acl_peerFrom: acl_peerTo: getEndpoint = acl_subnet: acl_peerFrom: acl_peerTo:
let let
getAllEndpointMatches = filter (endpoint: elem acl_peerFrom.name (catAttrs "name" (selectPeers (if endpoint ? match then endpoint.match else [])))) acl_peerTo.endpoints; peersForEndpoint = endpoint: catAttrs "name" (selectPeers (if endpoint ? match then endpoint.match else []));
allPeerEndpoints = if acl_peerTo ? endpoints then
(filter (endpoint: elem acl_peerFrom.name (peersForEndpoint endpoint)) acl_peerTo.endpoints)
else [];
allGroupEndpoints = concatMap (acl_group: acl_group.endpoints) (intersectLists
(if acl_peerTo ? groups then acl_peerTo.groups else [])
(if acl_peerFrom ? groups then acl_peerTo.groups else [])
);
allSubnetEndpoints = acl_subnet.endpoints;
allEndpointMatches = allSubnetEndpoints ++ allGroupEndpoints ++ allPeerEndpoints;
in in
removeAttrs (foldl' mergeAttrs {} getAllEndpointMatches) [ "match" ]; removeAttrs (foldl' mergeAttrs {} allEndpointMatches) [ "match" ];
/** selectPeers :: [acl_filters] -> str -> [acl_peer] /** selectPeers :: [acl_filters] -> str -> [acl_peer]
* (str -> ic_peer) means it returns an attrset of peers keyed by name, typescript syntax: * (str -> ic_peer) means it returns an attrset of peers keyed by name, typescript syntax:
@ -87,7 +99,7 @@ let
then then
v1_acl.peers v1_acl.peers
else else
foldl' intersectAttrs (selectPeersSingleFilter (head acl_filters)) (map selectPeersSingleFilter acl_filters); foldl' intersectLists (selectPeersSingleFilter (head acl_filters)) (map selectPeersSingleFilter acl_filters);
/** selectPeersSingleFilter :: acl_filter -> [acl_peer] */ /** selectPeersSingleFilter :: acl_filter -> [acl_peer] */
selectPeersSingleFilter = acl_filter: selectPeersSingleFilter = acl_filter:
@ -118,7 +130,7 @@ let
in in
{ {
peers = mapListOfSetsToSetByKey parsePeer v1_acl.peers; peers = mapListOfSetsToSetByKey "name" parsePeer v1_acl.peers;
subnets = mapListOfSetsToSetByKey parseSubnet v1_acl.subnets; subnets = mapListOfSetsToSetByKey "name" parseSubnet v1_acl.subnets;
groups = mapListOfSetsToSetByKey parseGroup v1_acl.groups; groups = mapListOfSetsToSetByKey "name" parseGroup v1_acl.groups;
} }
Loading…
Cancel
Save