summaryrefslogtreecommitdiff
path: root/sys/net
diff options
context:
space:
mode:
authorAlejandro Soto <alejandro@34project.org>2025-08-24 18:55:06 -0600
committerAlejandro Soto <alejandro@34project.org>2025-08-24 18:55:06 -0600
commitd7ac88762db111a7962c4e14b5f4e37ab85ccac7 (patch)
tree0c2c8c4383bef74215e3b7c48a2f6b0117f084bc /sys/net
parent504589d1035f27b766bd33040b415b2725ece4ca (diff)
tree-wide: reformat using alejandra after enabling trivionomicon
Diffstat (limited to '')
-rw-r--r--sys/net/fail2ban.nix10
-rw-r--r--sys/net/interfaces.nix10
-rw-r--r--sys/net/options.nix170
-rw-r--r--sys/net/vsock.nix88
4 files changed, 151 insertions, 127 deletions
diff --git a/sys/net/fail2ban.nix b/sys/net/fail2ban.nix
index 8d3aa3d..32197b6 100644
--- a/sys/net/fail2ban.nix
+++ b/sys/net/fail2ban.nix
@@ -1,9 +1,13 @@
-{ lib, config, pkgs, ... }:
+{
+ lib,
+ config,
+ pkgs,
+ ...
+}:
with lib; let
cfg = config.local.net.fail2ban;
inherit (config.local) nets;
-in
-{
+in {
options.local.net.fail2ban = {
enable = mkEnableOption "fail2ban";
};
diff --git a/sys/net/interfaces.nix b/sys/net/interfaces.nix
index 281f5ca..3b0abcd 100644
--- a/sys/net/interfaces.nix
+++ b/sys/net/interfaces.nix
@@ -1,8 +1,12 @@
-{ lib, config, pkgs, ... }:
+{
+ lib,
+ config,
+ pkgs,
+ ...
+}:
with lib; let
cfg = config.local.net;
-in
-{
+in {
options.local.net = with lib.types; {
enable = mkEnableOption "networking stack";
diff --git a/sys/net/options.nix b/sys/net/options.nix
index 11b913c..0608fb9 100644
--- a/sys/net/options.nix
+++ b/sys/net/options.nix
@@ -1,65 +1,71 @@
-{ config, lib, ... }:
+{
+ config,
+ lib,
+ ...
+}:
with lib; let
v4PtrHierarchy = address: bits: reverseList (sublist 0 (bits / 8) (splitString "." address));
- v6PtrHierarchy = address: bits:
- let
- separator = lists.findFirstIndex (hextet: hextet == "") null colonSplit;
- colonSplit = splitString ":" address;
+ v6PtrHierarchy = address: bits: let
+ separator = lists.findFirstIndex (hextet: hextet == "") null colonSplit;
+ colonSplit = splitString ":" address;
- zeroFill = replicate (8 - length colonSplit + 1) "0000";
- leftSplit = sublist 0 separator colonSplit;
- rightSplit = sublist (separator + 1) (length colonSplit - separator - 1) colonSplit;
+ zeroFill = replicate (8 - length colonSplit + 1) "0000";
+ leftSplit = sublist 0 separator colonSplit;
+ rightSplit = sublist (separator + 1) (length colonSplit - separator - 1) colonSplit;
- fullSplit =
- if separator != null
- then leftSplit ++ zeroFill ++ rightSplit
- else colonSplit;
+ fullSplit =
+ if separator != null
+ then leftSplit ++ zeroFill ++ rightSplit
+ else colonSplit;
- padded = map (hextet: strings.replicate (4 - stringLength hextet) "0" + hextet) fullSplit;
- in
+ padded = map (hextet: strings.replicate (4 - stringLength hextet) "0" + hextet) fullSplit;
+ in
reverseList (sublist 0 (bits / 4) (flatten (map stringToCharacters padded)));
- matchPtrRecordName = { splitter, netAddress, netBits, targetAddress, targetBits }:
- let
- netSplit = splitter netAddress netBits;
- targetSplit = splitter targetAddress targetBits;
-
- netLength = length netSplit;
- lengthDelta = length targetSplit - netLength;
-
- withinNet = lengthDelta >= 0 && sublist lengthDelta netLength targetSplit == netSplit;
- throwMessage = "${targetAddress}/${toString targetBits} is not a subset of ${netAddress}/${toString netBits}";
-
- recordHierarchy = sublist 0 lengthDelta targetSplit;
-
- recordName =
- if recordHierarchy != [ ]
- then concatStringsSep "." recordHierarchy
- else "@";
- in
+ matchPtrRecordName = {
+ splitter,
+ netAddress,
+ netBits,
+ targetAddress,
+ targetBits,
+ }: let
+ netSplit = splitter netAddress netBits;
+ targetSplit = splitter targetAddress targetBits;
+
+ netLength = length netSplit;
+ lengthDelta = length targetSplit - netLength;
+
+ withinNet = lengthDelta >= 0 && sublist lengthDelta netLength targetSplit == netSplit;
+ throwMessage = "${targetAddress}/${toString targetBits} is not a subset of ${netAddress}/${toString netBits}";
+
+ recordHierarchy = sublist 0 lengthDelta targetSplit;
+
+ recordName =
+ if recordHierarchy != []
+ then concatStringsSep "." recordHierarchy
+ else "@";
+ in
throwIfNot withinNet throwMessage recordName;
-in
-{
- options.local.nets = with lib.types; mkOption {
- readOnly = true;
+in {
+ options.local.nets = with lib.types;
+ mkOption {
+ readOnly = true;
- type = attrsOf (submodule ({ config, ... }: {
- options =
- let
+ type = attrsOf (submodule ({config, ...}: {
+ options = let
v4config = config.v4;
v6config = config.v6;
- in
- {
+ in {
hosts = mkOption {
- default = { };
+ default = {};
type = attrsOf (submodule {
options = {
v4 = mkOption {
default = null;
- type = nullOr (submodule ({ config, ... }: {
+ type = nullOr (submodule ({config, ...}: {
options = {
suffix = mkOption {
type = str;
@@ -98,7 +104,7 @@ in
v6 = mkOption {
default = null;
- type = nullOr (submodule ({ config, ... }: {
+ type = nullOr (submodule ({config, ...}: {
options = {
suffix = mkOption {
type = str;
@@ -121,19 +127,21 @@ in
};
config = {
- address =
- let
- hextets = fragment: length (splitString ":" fragment);
- separator = if doubleColon then "::" else ":";
- doubleColon = hextets v6config.prefix + hextets config.suffix < 8;
-
- joined =
- if v6config.bits == 128
- then v6config.prefix
- else if v6config.bits == 0
- then config.suffix
- else "${v6config.prefix}${separator}${config.suffix}";
- in
+ address = let
+ hextets = fragment: length (splitString ":" fragment);
+ separator =
+ if doubleColon
+ then "::"
+ else ":";
+ doubleColon = hextets v6config.prefix + hextets config.suffix < 8;
+
+ joined =
+ if v6config.bits == 128
+ then v6config.prefix
+ else if v6config.bits == 0
+ then config.suffix
+ else "${v6config.prefix}${separator}${config.suffix}";
+ in
joined;
cidr = "${config.address}/${toString v6config.bits}";
@@ -148,10 +156,10 @@ in
v4 = mkOption {
default = null;
- type = nullOr (submodule ({ config, ... }: {
+ type = nullOr (submodule ({config, ...}: {
options = {
bits = mkOption {
- type = enum [ 0 8 16 24 32 ];
+ type = enum [0 8 16 24 32];
};
prefix = mkOption {
@@ -189,15 +197,16 @@ in
ptrDomain = concatStrings (map (x: x + ".") (v4PtrHierarchy config.subnet config.bits)) + "in-addr.arpa";
- ptrRecordName = address: bits: matchPtrRecordName {
- splitter = v4PtrHierarchy;
+ ptrRecordName = address: bits:
+ matchPtrRecordName {
+ splitter = v4PtrHierarchy;
- netBits = config.bits;
- netAddress = config.subnet;
+ netBits = config.bits;
+ netAddress = config.subnet;
- targetBits = bits;
- targetAddress = address;
- };
+ targetBits = bits;
+ targetAddress = address;
+ };
};
}));
};
@@ -205,12 +214,14 @@ in
v6 = mkOption {
default = null;
- type = nullOr (submodule ({ config, ... }: {
+ type = nullOr (submodule ({config, ...}: {
options = {
bits = mkOption {
- type = addCheck (ints.between 0 128) (b: mod b 4 == 0) // {
- description = "IPv6 subnet bits at nibble boundary";
- };
+ type =
+ addCheck (ints.between 0 128) (b: mod b 4 == 0)
+ // {
+ description = "IPv6 subnet bits at nibble boundary";
+ };
};
prefix = mkOption {
@@ -248,19 +259,20 @@ in
ptrDomain = concatStrings (map (x: x + ".") (v6PtrHierarchy config.subnet config.bits)) + "ip6.arpa";
- ptrRecordName = address: bits: matchPtrRecordName {
- splitter = v6PtrHierarchy;
+ ptrRecordName = address: bits:
+ matchPtrRecordName {
+ splitter = v6PtrHierarchy;
- netBits = config.bits;
- netAddress = config.subnet;
+ netBits = config.bits;
+ netAddress = config.subnet;
- targetBits = bits;
- targetAddress = address;
- };
+ targetBits = bits;
+ targetAddress = address;
+ };
};
}));
};
};
- }));
- };
+ }));
+ };
}
diff --git a/sys/net/vsock.nix b/sys/net/vsock.nix
index d1bd250..c6b0ad6 100644
--- a/sys/net/vsock.nix
+++ b/sys/net/vsock.nix
@@ -1,59 +1,63 @@
-{ lib, config, pkgs, ... }:
+{
+ lib,
+ config,
+ pkgs,
+ ...
+}:
with lib; let
cfg = config.local.net.vsock;
-in
-{
+in {
options.local.net.vsock = {
connect = mkOption {
- default = { };
- type = with lib.types; attrsOf (submodule ({ name, ... }: {
- options = {
- enable = mkEnableOption "vsock connect '${name}'";
+ default = {};
+ type = with lib.types;
+ attrsOf (submodule ({name, ...}: {
+ options = {
+ enable = mkEnableOption "vsock connect '${name}'";
- cid = mkOption {
- type = ints.u32;
- default = 2;
- };
+ cid = mkOption {
+ type = ints.u32;
+ default = 2;
+ };
- localPort = mkOption {
- type = port;
- };
+ localPort = mkOption {
+ type = port;
+ };
- vsockPort = mkOption {
- type = port;
+ vsockPort = mkOption {
+ type = port;
+ };
};
- };
- }));
+ }));
};
};
config = {
- systemd =
- let
- connects = mapAttrs
- (_: connect: {
- service.serviceConfig = {
- Type = "simple";
- ExecStart = "${getExe pkgs.socat} - VSOCK:${toString connect.cid}:${toString connect.vsockPort}";
- StandardInput = "socket";
- };
-
- socket = {
- wantedBy = [ "sockets.target" ];
+ systemd = let
+ connects =
+ mapAttrs
+ (_: connect: {
+ service.serviceConfig = {
+ Type = "simple";
+ ExecStart = "${getExe pkgs.socat} - VSOCK:${toString connect.cid}:${toString connect.vsockPort}";
+ StandardInput = "socket";
+ };
- socketConfig = {
- Accept = true;
- ListenStream = "[::1]:${toString connect.localPort}";
- };
+ socket = {
+ wantedBy = ["sockets.target"];
- unitConfig.ConditionVirtualization = "kvm";
+ socketConfig = {
+ Accept = true;
+ ListenStream = "[::1]:${toString connect.localPort}";
};
- })
- cfg.connect;
- in
- {
- sockets = mapAttrs' (name: connect: nameValuePair "vsock-${name}" connect.socket) connects;
- services = mapAttrs' (name: connect: nameValuePair "vsock-${name}@" connect.service) connects;
- };
+
+ unitConfig.ConditionVirtualization = "kvm";
+ };
+ })
+ cfg.connect;
+ in {
+ sockets = mapAttrs' (name: connect: nameValuePair "vsock-${name}" connect.socket) connects;
+ services = mapAttrs' (name: connect: nameValuePair "vsock-${name}@" connect.service) connects;
+ };
};
}
generated by cgit v1.2.3 (git 2.25.1) at 2026-06-10 16:17:57 +0000