format

2024-05-01 10:40:26 +02:00 · 2024-05-01 10:40:26 +02:00 · 0e56405038
commit 0e56405038
parent a7589ad4fe
8 changed files with 257 additions and 69 deletions
--- a/common.nix
+++ b/common.nix
@ -1,4 +1,10 @@
-{ lib, pkgs, config, self, ... }:
+{
+  lib,
+  pkgs,
+  config,
+  self,
+  ...
+}:
 {
  networking = {
    wireless = {
--- a/flake.nix
+++ b/flake.nix
@ -46,9 +46,12 @@
    inputs@{ self, nixpkgs, ... }:
    {
      nixosConfigurations = import ./systems.nix { inherit self inputs nixpkgs; };
-      packages = nixpkgs.lib.attrsets.genAttrs nixpkgs.lib.systems.flakeExposed (system: import ./mikrotik.nix {
-        inherit system inputs;
-        pkgs = nixpkgs.legacyPackages.${system};
-      });
+      packages = nixpkgs.lib.attrsets.genAttrs nixpkgs.lib.systems.flakeExposed (
+        system:
+        import ./mikrotik.nix {
+          inherit system inputs;
+          pkgs = nixpkgs.legacyPackages.${system};
+        }
+      );
    };
 }
--- a/mikrotik.nix
+++ b/mikrotik.nix
@ -1,4 +1,9 @@
-{ mikrotik-config ? ./router.nix, pkgs, inputs, system}:
+{
+  mikrotik-config ? ./router.nix,
+  pkgs,
+  inputs,
+  system,
+}:
 with pkgs;
 with lib;
 with builtins;
@ -6,14 +11,15 @@ with builtins;
 let
  rtr = (import mikrotik-config);

-  formatValue = key: value:
+  formatValue =
+    key: value:
    if key == "comment" then
      ''${key}="${value}"''
    else if key == "no_label" then
      formatValue null value
-      #''${key}="${value}"''
+    #''${key}="${value}"''
    else if isAttrs value && key != null then
-      concatStringsSep " " (["${key}"] ++ (mapAttrsToList (k: v: formatValue k v) value))
+      concatStringsSep " " ([ "${key}" ] ++ (mapAttrsToList (k: v: formatValue k v) value))

    else if isAttrs value then
      concatStringsSep " " (mapAttrsToList (k: v: formatValue k v) value)
@ -21,19 +27,24 @@ let
    else
      "${key}=${value}";

-  formatSection = name: opts:
-    [ "${name}" ] ++ (if isAttrs opts then
-      (mapAttrsToList (k: v: "set ${formatValue k v}") opts)
-    else
-      (map (x: "add ${formatValue null x}") opts));
-
-in rec {
+  formatSection =
+    name: opts:
+    [ "${name}" ]
+    ++ (
+      if isAttrs opts then
+        (mapAttrsToList (k: v: "set ${formatValue k v}") opts)
+      else
+        (map (x: "add ${formatValue null x}") opts)
+    );
+in
+rec {
  mikrotik-router = stdenv.mkDerivation rec {
    version = "0.0.1";
    name = "mikrotik-router-${version}";

-    src = builtins.toFile "router-config.rsc" (concatStringsSep "\n"
-      (flatten (mapAttrsToList (key: values: formatSection key values) rtr)));
+    src = builtins.toFile "router-config.rsc" (
+      concatStringsSep "\n" (flatten (mapAttrsToList (key: values: formatSection key values) rtr))
+    );

    builder = builtins.toFile "builder.sh" ''
      source $stdenv/setup
--- a/router.nix
+++ b/router.nix
@ -7,59 +7,215 @@
    }
  ];
  "/interface list" = [
-    { comment = "defconf"; name = "WAN"; }
-    { comment = "defconf"; name = "LAN"; }
+    {
+      comment = "defconf";
+      name = "WAN";
+    }
+    {
+      comment = "defconf";
+      name = "LAN";
+    }
+  ];
+  "/interface wireless security-profiles" = [
+    {
+      find.default = "yes";
+      supplicant-identity = "MikroTik";
+    }
  ];
-  "/interface wireless security-profiles" = [{ find.default = "yes"; supplicant-identity = "MikroTik"; }];
  "/ip pool" = [
-    { name = "default-dhcp"; ranges = "192.168.88.10-192.168.88.254"; }
+    {
+      name = "default-dhcp";
+      ranges = "192.168.88.10-192.168.88.254";
+    }
  ];
  "/ip dhcp-server" = [
-    { address-pool = "default-dhcp"; disabled = "no"; interface = "bridge"; name = "defconf"; }
+    {
+      address-pool = "default-dhcp";
+      disabled = "no";
+      interface = "bridge";
+      name = "defconf";
+    }
  ];
  "/interface bridge port" = [
-    { bridge = "bridge"; comment = "defconf"; interface = "ether2"; }
-    { bridge = "bridge"; comment = "defconf"; interface = "ether3"; }
-    { bridge = "bridge"; comment = "defconf"; interface = "ether4"; }
-    { bridge = "bridge"; comment = "defconf"; interface = "ether5"; }
+    {
+      bridge = "bridge";
+      comment = "defconf";
+      interface = "ether2";
+    }
+    {
+      bridge = "bridge";
+      comment = "defconf";
+      interface = "ether3";
+    }
+    {
+      bridge = "bridge";
+      comment = "defconf";
+      interface = "ether4";
+    }
+    {
+      bridge = "bridge";
+      comment = "defconf";
+      interface = "ether5";
+    }
  ];
-  "/ip neighbor discovery-settings" = { discover-interface-list = "LAN"; };
+  "/ip neighbor discovery-settings" = {
+    discover-interface-list = "LAN";
+  };
  "/interface ethernet switch vlan" = [
-    { "independent-learning" = "no"; ports = "ether2,ether3"; switch = "switch1"; "vlan-id" = "20"; }
-    { "independent-learning" = "no"; ports = "ether4"; switch = "switch1"; "vlan-id" = "30"; }
-    { "independent-learning" = "no"; ports = "ether5"; switch = "switch1"; "vlan-id" = "40"; }
+    {
+      "independent-learning" = "no";
+      ports = "ether2,ether3";
+      switch = "switch1";
+      "vlan-id" = "20";
+    }
+    {
+      "independent-learning" = "no";
+      ports = "ether4";
+      switch = "switch1";
+      "vlan-id" = "30";
+    }
+    {
+      "independent-learning" = "no";
+      ports = "ether5";
+      switch = "switch1";
+      "vlan-id" = "40";
+    }
  ];
  "/interface list member" = [
-    { comment = "defconf"; interface = "bridge"; list = "LAN"; }
-    { comment = "defconf"; interface = "ether1"; list = "WAN"; }
+    {
+      comment = "defconf";
+      interface = "bridge";
+      list = "LAN";
+    }
+    {
+      comment = "defconf";
+      interface = "ether1";
+      list = "WAN";
+    }
  ];
  "/ip address" = [
-    { address = "192.168.88.1/24"; comment = "defconf"; interface = "bridge"; network = "192.168.88.0"; }
+    {
+      address = "192.168.88.1/24";
+      comment = "defconf";
+      interface = "bridge";
+      network = "192.168.88.0";
+    }
  ];
  "/ip dhcp-client" = [
-    { comment = "defconf"; "dhcp-options" = "hostname,clientid"; disabled = "no"; interface = "ether1"; }
+    {
+      comment = "defconf";
+      "dhcp-options" = "hostname,clientid";
+      disabled = "no";
+      interface = "ether1";
+    }
+  ];
+  "/ip dhcp-server lease" = [
+    {
+      address = "192.168.88.253";
+      "allow-dual-stack-queue" = "no";
+      "mac-address" = "D8:3A:DD:28:1D:3B";
+    }
+  ];
+  "/ip dhcp-server network" = [
+    {
+      address = "192.168.88.0/24";
+      comment = "defconf";
+      gateway = "192.168.88.1";
+    }
+  ];
+  "/ip dns" = {
+    "allow-remote-requests" = "yes";
+    servers = "192.168.88.253";
+  };
+  "/ip dns static" = [
+    {
+      address = "192.168.88.1";
+      name = "router.lan";
+    }
  ];
-  "/ip dhcp-server lease" = [{ address = "192.168.88.253"; "allow-dual-stack-queue" = "no"; "mac-address" = "D8:3A:DD:28:1D:3B"; }];
-  "/ip dhcp-server network" = [{ address = "192.168.88.0/24"; comment = "defconf"; gateway = "192.168.88.1"; }];
-  "/ip dns" = { "allow-remote-requests" = "yes"; servers = "192.168.88.253"; };
-  "/ip dns static" = [{ address = "192.168.88.1"; name = "router.lan"; }];
  "/ip firewall filter" = [
-    { action = "accept"; chain = "input"; comment = "defconf: accept established,related,untracked"; "connection-state" = "established,related,untracked"; }
-    { action = "drop"; chain = "input"; comment = "defconf: drop invalid"; "connection-state" = "invalid"; }
-    { action = "accept"; chain = "input"; comment = "defconf: accept ICMP"; protocol = "icmp"; }
-    { action = "drop"; chain = "input"; comment = "defconf: drop all not coming from LAN"; "in-interface-list" = "!LAN"; }
-    { action = "accept"; chain = "forward"; comment = "defconf: accept in ipsec policy"; "ipsec-policy" = "in,ipsec"; }
-    { action = "accept"; chain = "forward"; comment = "defconf: accept out ipsec policy"; "ipsec-policy" = "out,ipsec"; }
-    { action = "fasttrack-connection"; chain = "forward"; comment = "defconf: fasttrack"; "connection-state" = "established,related"; }
-    { action = "accept"; chain = "forward"; comment = "defconf: accept established,related, untracked"; "connection-state" = "established,related,untracked"; }
-    { action = "drop"; chain = "forward"; comment = "defconf: drop invalid"; "connection-state" = "invalid"; }
-    { action = "drop"; chain = "forward"; comment = "defconf:  drop all from WAN not DSTNATed"; "connection-nat-state" = "!dstnat"; "connection-state" = "new"; "in-interface-list" = "WAN"; }
+    {
+      action = "accept";
+      chain = "input";
+      comment = "defconf: accept established,related,untracked";
+      "connection-state" = "established,related,untracked";
+    }
+    {
+      action = "drop";
+      chain = "input";
+      comment = "defconf: drop invalid";
+      "connection-state" = "invalid";
+    }
+    {
+      action = "accept";
+      chain = "input";
+      comment = "defconf: accept ICMP";
+      protocol = "icmp";
+    }
+    {
+      action = "drop";
+      chain = "input";
+      comment = "defconf: drop all not coming from LAN";
+      "in-interface-list" = "!LAN";
+    }
+    {
+      action = "accept";
+      chain = "forward";
+      comment = "defconf: accept in ipsec policy";
+      "ipsec-policy" = "in,ipsec";
+    }
+    {
+      action = "accept";
+      chain = "forward";
+      comment = "defconf: accept out ipsec policy";
+      "ipsec-policy" = "out,ipsec";
+    }
+    {
+      action = "fasttrack-connection";
+      chain = "forward";
+      comment = "defconf: fasttrack";
+      "connection-state" = "established,related";
+    }
+    {
+      action = "accept";
+      chain = "forward";
+      comment = "defconf: accept established,related, untracked";
+      "connection-state" = "established,related,untracked";
+    }
+    {
+      action = "drop";
+      chain = "forward";
+      comment = "defconf: drop invalid";
+      "connection-state" = "invalid";
+    }
+    {
+      action = "drop";
+      chain = "forward";
+      comment = "defconf:  drop all from WAN not DSTNATed";
+      "connection-nat-state" = "!dstnat";
+      "connection-state" = "new";
+      "in-interface-list" = "WAN";
+    }
  ];
  "/ip firewall nat" = [
-    { action = "masquerade"; chain = "srcnat"; comment = "defconf: masquerade"; "ipsec-policy" = "out,none"; "out-interface-list" = "WAN"; }
+    {
+      action = "masquerade";
+      chain = "srcnat";
+      comment = "defconf: masquerade";
+      "ipsec-policy" = "out,none";
+      "out-interface-list" = "WAN";
+    }
  ];
-  "/system clock" = { "time-zone-name" = "Europe/Berlin"; };
-  "/system routerboard settings" = { "silent-boot" = "no"; };
-  "/tool mac-server" = { "allowed-interface-list" = "LAN"; };
-  "/tool mac-server mac-winbox" = { "allowed-interface-list" = "LAN"; };
+  "/system clock" = {
+    "time-zone-name" = "Europe/Berlin";
+  };
+  "/system routerboard settings" = {
+    "silent-boot" = "no";
+  };
+  "/tool mac-server" = {
+    "allowed-interface-list" = "LAN";
+  };
+  "/tool mac-server mac-winbox" = {
+    "allowed-interface-list" = "LAN";
+  };
 }
--- a/systems/club-mate/default.nix
+++ b/systems/club-mate/default.nix
@ -65,8 +65,14 @@
      source-han-serif-japanese
    ];
    fontconfig.defaultFonts = {
-      serif = [ "Noto Serif" "Source Han Serif" ];
-      sansSerif = [ "Noto Sans" "Source Han Sans" ];
+      serif = [
+        "Noto Serif"
+        "Source Han Serif"
+      ];
+      sansSerif = [
+        "Noto Sans"
+        "Source Han Sans"
+      ];
    };
  };

@ -115,7 +121,9 @@
    };
  };

-  environment.variables = { LOG_ICONS = "true"; };
+  environment.variables = {
+    LOG_ICONS = "true";
+  };
  services = {
    xserver = {
      xkb.layout = "de";
--- a/systems/fritz-mate/default.nix
+++ b/systems/fritz-mate/default.nix
@ -7,9 +7,7 @@
 }:

 {
-  imports = [
-    (modulesPath + "/installer/scan/not-detected.nix")
-  ];
+  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];

  boot = {
    loader = {
@ -19,12 +17,14 @@
    kernelPackages = self.inputs.rpi_5.legacyPackages.aarch64-linux.linuxPackages_rpi5;
    kernelModules = [ ];
    initrd = {
-      availableKernelModules = [ "usbhid" "usb_storage" ];
+      availableKernelModules = [
+        "usbhid"
+        "usb_storage"
+      ];
      kernelModules = [ ];
    };
  };

-
  networking = {
    useDHCP = lib.mkDefault true;
    wireless.iwd = {
--- a/systems/mio-mio-mate/default.nix
+++ b/systems/mio-mio-mate/default.nix
@ -35,8 +35,16 @@

  networking.firewall = {
    enable = true;
-    allowedTCPPorts = [ 80 443 53 ];
-    allowedUDPPorts = [ 80 443 53 ];
+    allowedTCPPorts = [
+      80
+      443
+      53
+    ];
+    allowedUDPPorts = [
+      80
+      443
+      53
+    ];
  };

  services.nginx = {
--- a/users/default.nix
+++ b/users/default.nix
@ -1,8 +1,4 @@
-{
-  pkgs,
-  config,
-  ...
-}:
+{ pkgs, config, ... }:
 {
  home = {