From d7ac88762db111a7962c4e14b5f4e37ab85ccac7 Mon Sep 17 00:00:00 2001 From: Alejandro Soto Date: Sun, 24 Aug 2025 18:55:06 -0600 Subject: tree-wide: reformat using alejandra after enabling trivionomicon --- sys/net/fail2ban.nix | 10 ++- sys/net/interfaces.nix | 10 ++- sys/net/options.nix | 170 ++++++++++++++++++++++++++----------------------- sys/net/vsock.nix | 88 +++++++++++++------------ 4 files changed, 151 insertions(+), 127 deletions(-) (limited to 'sys/net') diff --git a/sys/net/fail2ban.nix b/sys/net/fail2ban.nix index 8d3aa3d..32197b6 100644 --- a/sys/net/fail2ban.nix +++ b/sys/net/fail2ban.nix @@ -1,9 +1,13 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: with lib; let cfg = config.local.net.fail2ban; inherit (config.local) nets; -in -{ +in { options.local.net.fail2ban = { enable = mkEnableOption "fail2ban"; }; diff --git a/sys/net/interfaces.nix b/sys/net/interfaces.nix index 281f5ca..3b0abcd 100644 --- a/sys/net/interfaces.nix +++ b/sys/net/interfaces.nix @@ -1,8 +1,12 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: with lib; let cfg = config.local.net; -in -{ +in { options.local.net = with lib.types; { enable = mkEnableOption "networking stack"; diff --git a/sys/net/options.nix b/sys/net/options.nix index 11b913c..0608fb9 100644 --- a/sys/net/options.nix +++ b/sys/net/options.nix @@ -1,65 +1,71 @@ -{ config, lib, ... }: +{ + config, + lib, + ... +}: with lib; let v4PtrHierarchy = address: bits: reverseList (sublist 0 (bits / 8) (splitString "." address)); - v6PtrHierarchy = address: bits: - let - separator = lists.findFirstIndex (hextet: hextet == "") null colonSplit; - colonSplit = splitString ":" address; + v6PtrHierarchy = address: bits: let + separator = lists.findFirstIndex (hextet: hextet == "") null colonSplit; + colonSplit = splitString ":" address; - zeroFill = replicate (8 - length colonSplit + 1) "0000"; - leftSplit = sublist 0 separator colonSplit; - rightSplit = sublist (separator + 1) (length colonSplit - separator - 1) colonSplit; + zeroFill = replicate (8 - length colonSplit + 1) "0000"; + leftSplit = sublist 0 separator colonSplit; + rightSplit = sublist (separator + 1) (length colonSplit - separator - 1) colonSplit; - fullSplit = - if separator != null - then leftSplit ++ zeroFill ++ rightSplit - else colonSplit; + fullSplit = + if separator != null + then leftSplit ++ zeroFill ++ rightSplit + else colonSplit; - padded = map (hextet: strings.replicate (4 - stringLength hextet) "0" + hextet) fullSplit; - in + padded = map (hextet: strings.replicate (4 - stringLength hextet) "0" + hextet) fullSplit; + in reverseList (sublist 0 (bits / 4) (flatten (map stringToCharacters padded))); - matchPtrRecordName = { splitter, netAddress, netBits, targetAddress, targetBits }: - let - netSplit = splitter netAddress netBits; - targetSplit = splitter targetAddress targetBits; - - netLength = length netSplit; - lengthDelta = length targetSplit - netLength; - - withinNet = lengthDelta >= 0 && sublist lengthDelta netLength targetSplit == netSplit; - throwMessage = "${targetAddress}/${toString targetBits} is not a subset of ${netAddress}/${toString netBits}"; - - recordHierarchy = sublist 0 lengthDelta targetSplit; - - recordName = - if recordHierarchy != [ ] - then concatStringsSep "." recordHierarchy - else "@"; - in + matchPtrRecordName = { + splitter, + netAddress, + netBits, + targetAddress, + targetBits, + }: let + netSplit = splitter netAddress netBits; + targetSplit = splitter targetAddress targetBits; + + netLength = length netSplit; + lengthDelta = length targetSplit - netLength; + + withinNet = lengthDelta >= 0 && sublist lengthDelta netLength targetSplit == netSplit; + throwMessage = "${targetAddress}/${toString targetBits} is not a subset of ${netAddress}/${toString netBits}"; + + recordHierarchy = sublist 0 lengthDelta targetSplit; + + recordName = + if recordHierarchy != [] + then concatStringsSep "." recordHierarchy + else "@"; + in throwIfNot withinNet throwMessage recordName; -in -{ - options.local.nets = with lib.types; mkOption { - readOnly = true; +in { + options.local.nets = with lib.types; + mkOption { + readOnly = true; - type = attrsOf (submodule ({ config, ... }: { - options = - let + type = attrsOf (submodule ({config, ...}: { + options = let v4config = config.v4; v6config = config.v6; - in - { + in { hosts = mkOption { - default = { }; + default = {}; type = attrsOf (submodule { options = { v4 = mkOption { default = null; - type = nullOr (submodule ({ config, ... }: { + type = nullOr (submodule ({config, ...}: { options = { suffix = mkOption { type = str; @@ -98,7 +104,7 @@ in v6 = mkOption { default = null; - type = nullOr (submodule ({ config, ... }: { + type = nullOr (submodule ({config, ...}: { options = { suffix = mkOption { type = str; @@ -121,19 +127,21 @@ in }; config = { - address = - let - hextets = fragment: length (splitString ":" fragment); - separator = if doubleColon then "::" else ":"; - doubleColon = hextets v6config.prefix + hextets config.suffix < 8; - - joined = - if v6config.bits == 128 - then v6config.prefix - else if v6config.bits == 0 - then config.suffix - else "${v6config.prefix}${separator}${config.suffix}"; - in + address = let + hextets = fragment: length (splitString ":" fragment); + separator = + if doubleColon + then "::" + else ":"; + doubleColon = hextets v6config.prefix + hextets config.suffix < 8; + + joined = + if v6config.bits == 128 + then v6config.prefix + else if v6config.bits == 0 + then config.suffix + else "${v6config.prefix}${separator}${config.suffix}"; + in joined; cidr = "${config.address}/${toString v6config.bits}"; @@ -148,10 +156,10 @@ in v4 = mkOption { default = null; - type = nullOr (submodule ({ config, ... }: { + type = nullOr (submodule ({config, ...}: { options = { bits = mkOption { - type = enum [ 0 8 16 24 32 ]; + type = enum [0 8 16 24 32]; }; prefix = mkOption { @@ -189,15 +197,16 @@ in ptrDomain = concatStrings (map (x: x + ".") (v4PtrHierarchy config.subnet config.bits)) + "in-addr.arpa"; - ptrRecordName = address: bits: matchPtrRecordName { - splitter = v4PtrHierarchy; + ptrRecordName = address: bits: + matchPtrRecordName { + splitter = v4PtrHierarchy; - netBits = config.bits; - netAddress = config.subnet; + netBits = config.bits; + netAddress = config.subnet; - targetBits = bits; - targetAddress = address; - }; + targetBits = bits; + targetAddress = address; + }; }; })); }; @@ -205,12 +214,14 @@ in v6 = mkOption { default = null; - type = nullOr (submodule ({ config, ... }: { + type = nullOr (submodule ({config, ...}: { options = { bits = mkOption { - type = addCheck (ints.between 0 128) (b: mod b 4 == 0) // { - description = "IPv6 subnet bits at nibble boundary"; - }; + type = + addCheck (ints.between 0 128) (b: mod b 4 == 0) + // { + description = "IPv6 subnet bits at nibble boundary"; + }; }; prefix = mkOption { @@ -248,19 +259,20 @@ in ptrDomain = concatStrings (map (x: x + ".") (v6PtrHierarchy config.subnet config.bits)) + "ip6.arpa"; - ptrRecordName = address: bits: matchPtrRecordName { - splitter = v6PtrHierarchy; + ptrRecordName = address: bits: + matchPtrRecordName { + splitter = v6PtrHierarchy; - netBits = config.bits; - netAddress = config.subnet; + netBits = config.bits; + netAddress = config.subnet; - targetBits = bits; - targetAddress = address; - }; + targetBits = bits; + targetAddress = address; + }; }; })); }; }; - })); - }; + })); + }; } diff --git a/sys/net/vsock.nix b/sys/net/vsock.nix index d1bd250..c6b0ad6 100644 --- a/sys/net/vsock.nix +++ b/sys/net/vsock.nix @@ -1,59 +1,63 @@ -{ lib, config, pkgs, ... }: +{ + lib, + config, + pkgs, + ... +}: with lib; let cfg = config.local.net.vsock; -in -{ +in { options.local.net.vsock = { connect = mkOption { - default = { }; - type = with lib.types; attrsOf (submodule ({ name, ... }: { - options = { - enable = mkEnableOption "vsock connect '${name}'"; + default = {}; + type = with lib.types; + attrsOf (submodule ({name, ...}: { + options = { + enable = mkEnableOption "vsock connect '${name}'"; - cid = mkOption { - type = ints.u32; - default = 2; - }; + cid = mkOption { + type = ints.u32; + default = 2; + }; - localPort = mkOption { - type = port; - }; + localPort = mkOption { + type = port; + }; - vsockPort = mkOption { - type = port; + vsockPort = mkOption { + type = port; + }; }; - }; - })); + })); }; }; config = { - systemd = - let - connects = mapAttrs - (_: connect: { - service.serviceConfig = { - Type = "simple"; - ExecStart = "${getExe pkgs.socat} - VSOCK:${toString connect.cid}:${toString connect.vsockPort}"; - StandardInput = "socket"; - }; - - socket = { - wantedBy = [ "sockets.target" ]; + systemd = let + connects = + mapAttrs + (_: connect: { + service.serviceConfig = { + Type = "simple"; + ExecStart = "${getExe pkgs.socat} - VSOCK:${toString connect.cid}:${toString connect.vsockPort}"; + StandardInput = "socket"; + }; - socketConfig = { - Accept = true; - ListenStream = "[::1]:${toString connect.localPort}"; - }; + socket = { + wantedBy = ["sockets.target"]; - unitConfig.ConditionVirtualization = "kvm"; + socketConfig = { + Accept = true; + ListenStream = "[::1]:${toString connect.localPort}"; }; - }) - cfg.connect; - in - { - sockets = mapAttrs' (name: connect: nameValuePair "vsock-${name}" connect.socket) connects; - services = mapAttrs' (name: connect: nameValuePair "vsock-${name}@" connect.service) connects; - }; + + unitConfig.ConditionVirtualization = "kvm"; + }; + }) + cfg.connect; + in { + sockets = mapAttrs' (name: connect: nameValuePair "vsock-${name}" connect.socket) connects; + services = mapAttrs' (name: connect: nameValuePair "vsock-${name}@" connect.service) connects; + }; }; } -- cgit v1.2.3