sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity

Refactor

Browse Source
This commit is contained in:
soraefir
2026-06-03 19:24:29 +02:00
parent 1cb9e9b645
commit b82393272c
7 changed files with 134 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
modules/server/containers/apps/.template.nix
View File

@@ -17,33 +17,38 @@ let
}; };
}; };
in { in {
sops = false; requires = {
db = false; secrets = [ ];
paths = [{ databases = [ ];
path="${serverCfg.path.config}/example/"; };
mode = "0444";
}];
containers = { runtime = {
server = builder.mkContainer { paths = [{
subdomain = containerCfg.subdomain; path="${serverCfg.path.config}/example/";
# imageStream = image; mode = "0444";
image = "....:${version}"; }];
port = 8080;
secret = name; containers = {
extraEnv = { }; server = builder.mkContainer {
overrides = { subdomain = containerCfg.subdomain;
cmd = [ ]; # imageStream = image;
volumes = [ ]; image = "....:${version}";
}; port = 8080;
secret = name;
extraEnv = { };
overrides = {
cmd = [ ];
volumes = [ ];
};
};
};
setup = {
trigger = "server";
envFile = config.sops.secrets."EXAMPLE".path;
script = pkgs.writeShellScript "setup" ''
...
'';
}; };
}; };
setup = {
trigger = "server";
envFile = config.sops.secrets."EXAMPLE".path;
script = pkgs.writeShellScript "setup" ''
...
'';
};
} }

51
modules/server/containers/builder.nix
View File

@@ -69,6 +69,57 @@ let
in { in {
mkContainer = contBuilder; mkContainer = contBuilder;
mkVm = vmBuilder; mkVm = vmBuilder;
mkApp = name: app:
let
# Keep legacy app modules working while storing a stricter internal contract.
legacySetup =
if app ? setup then app.setup else null;
in {
inherit name;
requires = {
secrets =
if app ? requires && app.requires ? secrets then app.requires.secrets
else if app ? sops && app.sops then [ name ]
else [ ];
databases =
if app ? requires && app.requires ? databases then app.requires.databases
else if app ? db && app.db then [ name ]
else [ ];
};
exports = {
authentik = {
blueprints =
if app ? exports && app.exports ? authentik && app.exports.authentik ? blueprints
then app.exports.authentik.blueprints
else [ ];
};
};
runtime = {
paths =
if app ? runtime && app.runtime ? paths then app.runtime.paths
else if app ? paths then app.paths
else [ ];
containers =
if app ? runtime && app.runtime ? containers then app.runtime.containers
else if app ? containers then app.containers
else { };
vm =
if app ? runtime && app.runtime ? vm then app.runtime.vm
else if app ? vm then app.vm
else null;
cron =
if app ? runtime && app.runtime ? cron then app.runtime.cron
else if app ? cron then app.cron
else [ ];
setup =
if app ? runtime && app.runtime ? setup then app.runtime.setup
else ({
trigger = "";
script = null;
envFile = [ ];
} // (if legacySetup != null then legacySetup else { }));
};
};
mkData = { name, dir, vars?{} }: pkgs.runCommand name vars '' mkData = { name, dir, vars?{} }: pkgs.runCommand name vars ''
mkdir -p $out mkdir -p $out
cp -r ${./data + "/${dir}"}/. $out/ cp -r ${./data + "/${dir}"}/. $out/

18
modules/server/containers/default.nix
View File

@@ -6,22 +6,26 @@ let
in{ in{
config = lib.mkMerge [{ config = lib.mkMerge [{
syscfg.server.loadedContainers = lib.mapAttrs (name: containerCfg: syscfg.server.loadedContainers = lib.mapAttrs (name: containerCfg:
(import (./apps + "/${name}.nix")) { inherit config pkgs lib containerCfg builder name; } builder.mkApp name ((import (./apps + "/${name}.nix")) { inherit config pkgs lib containerCfg builder name; })
) config.syscfg.server.containers; ) config.syscfg.server.containers;
} (lib.mkIf ( serverCfg.containers != {} ) ( } (lib.mkIf ( serverCfg.containers != {} ) (
let let
appsList = builtins.attrValues config.syscfg.server.loadedContainers; appsList = builtins.attrValues config.syscfg.server.loadedContainers;
mergedContainers = lib.concatMapAttrs (appName: app: mergedContainers = lib.concatMapAttrs (appName: app:
lib.mapAttrs' (cName: cCfg: lib.nameValuePair "${appName}-${cName}" cCfg) app.containers lib.mapAttrs' (cName: cCfg: lib.nameValuePair "${appName}-${cName}" cCfg) app.runtime.containers
) config.syscfg.server.loadedContainers; ) config.syscfg.server.loadedContainers;
serverPathConfigs = map (path: { serverPathConfigs = map (path: {
inherit path; inherit path;
mode = "0755"; mode = "0755";
}) (lib.unique (builtins.attrValues serverCfg.path)); }) (lib.unique (builtins.attrValues serverCfg.path));
allPathConfigs = serverPathConfigs ++ lib.concatMap (app: app.paths) appsList; allPathConfigs = serverPathConfigs ++ lib.concatMap (app: app.runtime.paths) appsList;
allSetupConfigs = lib.concatMap (app: if app.setup?script then [({name = app.name; envFile="";} // app.setup)] else []) appsList; allSetupConfigs = lib.concatMap (app:
allCronsConfigs = lib.concatMap (app: app.cron) appsList; if app.runtime.setup ? script
allVMConfigs = builtins.filter (app: app.vm != null) appsList; then [ ({ name = app.name; envFile = ""; } // app.runtime.setup) ]
else [ ]
) appsList;
allCronsConfigs = lib.concatMap (app: app.runtime.cron) appsList;
allVMConfigs = builtins.filter (app: app.runtime.vm != null) appsList;
in{ in{
virtualisation.oci-containers = { virtualisation.oci-containers = {
backend = "podman"; backend = "podman";
@@ -73,7 +77,7 @@ in{
RestartSec = "10s"; RestartSec = "10s";
ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /media/data/kvm"; ExecStartPre = "${pkgs.coreutils}/bin/mkdir -p /media/data/kvm";
ExecStart = '' ExecStart = ''
${builder.mkVm { name = e.name; vm = e.vm; }}/bin/run-${e.name}-vm -nographic ${builder.mkVm { name = e.name; vm = e.runtime.vm; }}/bin/run-${e.name}-vm -nographic
''; '';
}; };
}; };

2
modules/server/database/default.nix
View File

@@ -3,7 +3,7 @@
let let
listNames = config.syscfg.server.db; listNames = config.syscfg.server.db;
containerNames = builtins.attrNames (lib.filterAttrs (appName: app: app.db) config.syscfg.server.loadedContainers); containerNames = lib.concatMap (app: app.requires.databases) (builtins.attrValues config.syscfg.server.loadedContainers);
allApps = lib.unique (listNames ++ containerNames); allApps = lib.unique (listNames ++ containerNames);
in { in {
config = lib.mkIf ( builtins.length allApps > 0) { config = lib.mkIf ( builtins.length allApps > 0) {

2
modules/server/sops/default.nix
View File

@@ -1,7 +1,7 @@
{ config, lib, pkgs, ... }: { config, lib, pkgs, ... }:
let let
listNames = config.syscfg.server.db; listNames = config.syscfg.server.db;
containerNames = builtins.attrNames (lib.filterAttrs (appName: app: app.sops) config.syscfg.server.loadedContainers); containerNames = lib.concatMap (app: app.requires.secrets) (builtins.attrValues config.syscfg.server.loadedContainers);
allApps = lib.unique (listNames ++ containerNames); allApps = lib.unique (listNames ++ containerNames);
in{ in{
sops.secrets = { sops.secrets = {

46
modules/shared/syscfg/server.nix
View File

@@ -40,18 +40,44 @@ in with lib; {
type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: { type = lib.types.attrsOf (lib.types.submodule ({ name, ... }: {
options = { options = {
name = lib.mkOption {type = lib.types.str; default = name;}; name = lib.mkOption {type = lib.types.str; default = name;};
sops = lib.mkOption {type = lib.types.bool; default = false;}; requires = {
db = lib.mkOption {type = lib.types.bool; default = false;}; secrets = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
databases = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
};
};
paths = lib.mkOption {type = lib.types.listOf lib.types.attrs; default = [ ];}; exports = {
containers = lib.mkOption {type = lib.types.attrsOf lib.types.attrs; default = { };}; authentik = {
vm = lib.mkOption {type = lib.types.nullOr lib.types.attrs; default = null;}; blueprints = lib.mkOption {
cron = lib.mkOption {type = lib.types.listOf lib.types.str; default = [ ];}; type = lib.types.listOf lib.types.str;
default = [ ];
};
};
};
setup = { runtime = {
trigger = lib.mkOption {type = lib.types.str; default = "";}; paths = lib.mkOption {type = lib.types.listOf lib.types.attrs; default = [ ];};
script = lib.mkOption {type = lib.types.nullOr lib.types.package; default = null;}; containers = lib.mkOption {type = lib.types.attrsOf lib.types.attrs; default = { };};
envFile = lib.mkOption {type = with lib.types; coercedTo str (x: [x]) (listOf str); default = [];}; vm = lib.mkOption {type = lib.types.nullOr lib.types.attrs; default = null;};
cron = lib.mkOption {type = lib.types.listOf lib.types.str; default = [ ];};
setup = lib.mkOption {
type = lib.types.submodule {
options = {
trigger = lib.mkOption {type = lib.types.str; default = "";};
script = lib.mkOption {type = lib.types.nullOr lib.types.package; default = null;};
envFile = lib.mkOption {
type = with lib.types; coercedTo str (x: [x]) (listOf str);
default = [ ];
};
};
};
default = { };
};
}; };
}; };
})); }));

2
systems/sandbox/cfg.nix
View File

@@ -27,8 +27,6 @@
# user = ... # user = ...
# ... # ...
# }; # };
mailDomain = "test@helcel";
mailServer = "infomaniak.ch";
containers = { containers = {
# ===== BASE ===== # ===== BASE =====