clan/dvt-lite
10
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
dvt-lite/flake.nix
T
brianmcgee 3e5a6799fe
buildbot/nix-eval Build done.
Details
buildbot/nix-build gitea:clan/dvt-lite#checks.x86_64-linux.basic Build done.
Details
buildbot/nix-build Build done.
Details
dvt: gate dirk voluntary-exit signing on admin wireguard IPs 
Dirk's standard rules service only approves a generic `OnSign` request for a
voluntary exit when the request's source IP is listed in
`server.rules.admin-ips`. We add the `wg0` address for each machine with the
admin role.

Dirk reads the peer address off the socket via Go's `net.IP.String()` and
matches `admin-ips` with exact string equality so we use `wg.canonAddrOf` to
produce the same RFC 5952 form using Nix.
2026-06-05 13:18:01 +01:00

119 lines
2.8 KiB
Nix
Raw Permalink Blame History

{
description = "dvt-lite";
inputs = {
clan-core.url = "git+https://git.clan.lol/clan/clan-core";
flake-parts.follows = "clan-core/flake-parts";
nixpkgs.follows = "clan-core/nixpkgs";
treefmt-nix.follows = "clan-core/treefmt-nix";
nix-unit = {
url = "github:nix-community/nix-unit";
inputs.nixpkgs.follows = "nixpkgs";
inputs.treefmt-nix.follows = "treefmt-nix";
};
ethereum-nix = {
url = "github:nix-community/ethereum.nix";
inputs.nixpkgs.follows = "clan-core/nixpkgs";
inputs.treefmt-nix.follows = "clan-core/treefmt-nix";
};
nvim = {
url = "github:brianmcgee/neovim.nix";
inputs.nixpkgs.follows = "nixpkgs";
inputs.treefmt-nix.follows = "treefmt-nix";
};
};
outputs =
inputs@{
clan-core,
flake-parts,
...
}:
flake-parts.lib.mkFlake
{
inherit inputs;
}
{
systems = [
"x86_64-linux"
];
imports = [
# Import clan's flake-parts modules
clan-core.flakeModules.clan
clan-core.flakeModules.testModule
# exposes the nix-unit suites as `checks.<system>.nix-unit`
inputs.nix-unit.modules.flake.default
inputs.treefmt-nix.flakeModule
./clanServices/flake-module.nix
./nixosModules/flake-module.nix
./packages/flake-module.nix
];
perSystem =
{
pkgs,
system,
...
}:
{
nix-unit = {
inputs = {
inherit (inputs)
nixpkgs
flake-parts
nix-unit
clan-core
ethereum-nix
;
};
allowNetwork = true;
};
devShells.default = pkgs.mkShell {
packages = [
(inputs.nvim.lib.mkNvim {
base = inputs.nvim.packages.${system}.default;
grammars = [
"json"
"toml"
"yaml"
];
})
];
};
treefmt = {
projectRootFile = ".git/config";
programs = {
nixfmt.enable = true;
deadnix.enable = true;
statix.enable = true;
prettier.enable = true;
};
settings.formatter = {
deadnix.priority = 1;
statix.priority = 2;
nixfmt.priority = 3;
prettier = {
options = [
"--tab-width"
"4"
];
includes = [ "*.{md}" ];
};
};
};
};
};
}
Reference in New Issue View Git Blame Copy Permalink