diff --git a/flake-parts/hosts.nix b/flake-parts/hosts.nix index 042f2fd..a766ba7 100644 --- a/flake-parts/hosts.nix +++ b/flake-parts/hosts.nix @@ -1,14 +1,15 @@ { inputs, self, - lib, ... }: let + lib = inputs.nixpkgs.lib.extend (_: _: { custom = import ../lib inputs.nixpkgs.lib; }); + mkHost = hostName: inputs.nixpkgs.lib.nixosSystem { - specialArgs = { inherit inputs self; }; + specialArgs = { inherit inputs self lib; }; modules = [ { networking = { inherit hostName; }; } "${self}/hosts/common.nix" diff --git a/flake-parts/modules.nix b/flake-parts/modules.nix index 90b40b3..eab3356 100644 --- a/flake-parts/modules.nix +++ b/flake-parts/modules.nix @@ -1,10 +1,11 @@ { self, lib, ... }: let - modulesOf = dir: dir |> lib.filesystem.listFilesRecursive |> lib.filter (lib.hasSuffix ".nix"); + listNixFilesRecursive = + dir: dir |> lib.filesystem.listFilesRecursive |> lib.filter (lib.hasSuffix ".nix"); in { flake = { - nixosModules.default.imports = modulesOf "${self}/modules/system"; - homeManagerModules.default.imports = modulesOf "${self}/modules/home"; + nixosModules.default.imports = listNixFilesRecursive "${self}/modules/system"; + homeManagerModules.default.imports = listNixFilesRecursive "${self}/modules/home"; }; } diff --git a/lib/default.nix b/lib/default.nix new file mode 100644 index 0000000..71adfb7 --- /dev/null +++ b/lib/default.nix @@ -0,0 +1,3 @@ +lib: { + isTailscaleDomain = domain: domain |> lib.hasSuffix ".ts.net"; +} diff --git a/modules/system/services/caddy.nix b/modules/system/services/caddy.nix index c66f9fb..dacdb72 100644 --- a/modules/system/services/caddy.nix +++ b/modules/system/services/caddy.nix @@ -10,7 +10,7 @@ let virtualHosts = cfg.virtualHosts |> lib.attrValues |> lib.filter (value: value.enable); - isTailscaleDomain = domain: domain |> lib.hasSuffix config.custom.services.tailscale.domain; + isTailscaleDomain = domain: lib.custom.isTailscaleDomain domain; tailscaleHosts = virtualHosts |> lib.filter (value: isTailscaleDomain value.domain); nonTailscaleHosts = virtualHosts |> lib.filter (value: !isTailscaleDomain value.domain); diff --git a/modules/system/services/syncthing.nix b/modules/system/services/syncthing.nix index f85c1f9..ee9f8ca 100644 --- a/modules/system/services/syncthing.nix +++ b/modules/system/services/syncthing.nix @@ -6,7 +6,6 @@ }: let cfg = config.custom.services.syncthing; - tailscaleCfg = config.custom.services.tailscale; inherit (config.services.syncthing) dataDir; @@ -40,7 +39,7 @@ in config = lib.mkIf cfg.enable { assertions = [ { - assertion = tailscaleCfg.enable; + assertion = config.custom.services.tailscale.enable; message = "Syncthing requires tailscale."; } { @@ -52,7 +51,7 @@ in message = "Running syncthing on a server requires `gui.domain` to be set."; } { - assertion = (cfg.gui.domain != null) -> (cfg.gui.domain |> lib.hasSuffix tailscaleCfg.domain); + assertion = (cfg.gui.domain != null) -> (lib.custom.isTailscaleDomain cfg.gui.domain); message = "The syncthing gui should only be exposed on a private network as it isn't yet configured with access controll."; } ]; @@ -100,7 +99,7 @@ in |> lib.mapAttrs ( name: value: { id = value.config.custom.services.syncthing.deviceId; - addresses = [ "tcp://${name}.${tailscaleCfg.domain}:${toString cfg.syncPort}" ]; + addresses = [ "tcp://${name}.${config.custom.services.tailscale.domain}:${toString cfg.syncPort}" ]; } ); diff --git a/modules/system/web-services/filebrowser.nix b/modules/system/web-services/filebrowser.nix index 627de4c..e026410 100644 --- a/modules/system/web-services/filebrowser.nix +++ b/modules/system/web-services/filebrowser.nix @@ -29,7 +29,7 @@ in config = lib.mkIf cfg.enable { assertions = [ { - assertion = cfg.domain |> lib.hasSuffix config.custom.services.tailscale.domain; + assertion = lib.custom.isTailscaleDomain cfg.domain; message = "Filebrowser isn't yet configured with access controll."; } ];