diff --git a/flake.nix b/flake.nix index 55e835a..90c404a 100644 --- a/flake.nix +++ b/flake.nix @@ -10,128 +10,120 @@ website-builder.inputs.nixpkgs.follows = "nixpkgs"; }; - outputs = - { - nixpkgs, - vpnconfinement, - website-builder, - self, - ... - }@inputs: - let - # Systems supported - supportedSystems = [ - "x86_64-linux" # 64-bit Intel/AMD Linux - "aarch64-linux" # 64-bit ARM Linux - "x86_64-darwin" # 64-bit Intel macOS - "aarch64-darwin" # 64-bit ARM macOS - ]; + outputs = { + nixpkgs, + vpnconfinement, + website-builder, + self, + ... + } @ inputs: let + # Systems supported + supportedSystems = [ + "x86_64-linux" # 64-bit Intel/AMD Linux + "aarch64-linux" # 64-bit ARM Linux + "x86_64-darwin" # 64-bit Intel macOS + "aarch64-darwin" # 64-bit ARM macOS + ]; - # Helper to provide system-specific attributes - forAllSystems = - f: - nixpkgs.lib.genAttrs supportedSystems ( - system: + # Helper to provide system-specific attributes + forAllSystems = f: + nixpkgs.lib.genAttrs supportedSystems ( + system: f { pkgs = import nixpkgs { inherit system; config.allowUnfree = true; }; } - ); - in - { - nixosModules.default.imports = [ - ./nixarr - vpnconfinement.nixosModules.default - ]; - - # Add tests attribute to the flake outputs - # To run interactively run: - # > nix build .#checks.x86_64-linux.monitoring-test.driver -L - checks = forAllSystems ( - { pkgs }: - { - permissions-test = pkgs.callPackage ./tests/permissions-test.nix { - inherit (self) nixosModules; - }; - simple-test = pkgs.callPackage ./tests/simple-test.nix { - inherit (self) nixosModules; - }; - # vpn-confinement-test = pkgs.callPackage ./tests/vpn-confinement-test.nix { - # inherit (self) nixosModules; - # }; - } ); + in { + nixosModules.default.imports = [ + ./nixarr + vpnconfinement.nixosModules.default + ]; - devShells = forAllSystems ( - { pkgs }: - { - default = pkgs.mkShell { - packages = with pkgs; [ - alejandra - nixd - ]; + # Add tests attribute to the flake outputs + # To run interactively run: + # > nix build .#checks.x86_64-linux.monitoring-test.driver -L + checks = forAllSystems ( + {pkgs}: { + permissions-test = pkgs.callPackage ./tests/permissions-test.nix { + inherit (self) nixosModules; + }; + simple-test = pkgs.callPackage ./tests/simple-test.nix { + inherit (self) nixosModules; + }; + # vpn-confinement-test = pkgs.callPackage ./tests/vpn-confinement-test.nix { + # inherit (self) nixosModules; + # }; + } + ); + + devShells = forAllSystems ( + {pkgs}: { + default = pkgs.mkShell { + packages = with pkgs; [ + alejandra + nixd + ]; + }; + } + ); + + packages = forAllSystems ( + {pkgs}: let + website = website-builder.lib { + pkgs = pkgs; + src = "${self}"; + timestamp = self.lastModified; + headerTitle = "Nixarr"; + standalonePages = [ + { + title = "Nixarr - Media Server Nixos Module"; + inputFile = ./README.md; + outputFile = "index.html"; + } + ]; + includedDirs = ["docs"]; + articleDirs = ["docs/wiki"]; + navbar = [ + { + title = "Home"; + location = "/"; + } + { + title = "Options"; + location = "/nixos-options"; + } + { + title = "Wiki"; + location = "/wiki"; + } + { + title = "Github"; + location = "https://github.com/rasmus-kirk/nixarr"; + } + ]; + favicons = { + # For all browsers + "16x16" = "/docs/img/favicons/16x16.png"; + "32x32" = "/docs/img/favicons/32x32.png"; + # For Google and Android + "48x48" = "/docs/img/favicons/48x48.png"; + "192x192" = "/docs/img/favicons/192x192.png"; + # For iPad + "167x167" = "/docs/img/favicons/167x167.png"; + # For iPhone + "180x180" = "/docs/img/favicons/180x180.png"; }; - } - ); + nixosModules = ./nixarr; + }; + in { + default = website.package; + debug = website.loop; + } + ); - packages = forAllSystems ( - { pkgs }: - let - website = website-builder.lib { - pkgs = pkgs; - src = "${self}"; - timestamp = self.lastModified; - headerTitle = "Nixarr"; - standalonePages = [ - { - title = "Nixarr - Media Server Nixos Module"; - inputFile = ./README.md; - outputFile = "index.html"; - } - ]; - includedDirs = [ "docs" ]; - articleDirs = [ "docs/wiki" ]; - navbar = [ - { - title = "Home"; - location = "/"; - } - { - title = "Options"; - location = "/nixos-options"; - } - { - title = "Wiki"; - location = "/wiki"; - } - { - title = "Github"; - location = "https://github.com/rasmus-kirk/nixarr"; - } - ]; - favicons = { - # For all browsers - "16x16" = "/docs/img/favicons/16x16.png"; - "32x32" = "/docs/img/favicons/32x32.png"; - # For Google and Android - "48x48" = "/docs/img/favicons/48x48.png"; - "192x192" = "/docs/img/favicons/192x192.png"; - # For iPad - "167x167" = "/docs/img/favicons/167x167.png"; - # For iPhone - "180x180" = "/docs/img/favicons/180x180.png"; - }; - nixosModules = ./nixarr; - }; - in - { - default = website.package; - debug = website.loop; - } - ); - - formatter = forAllSystems ({ pkgs }: pkgs.alejandra); - }; + formatter = forAllSystems ({pkgs}: pkgs.alejandra); + }; } diff --git a/tests/permissions-test.nix b/tests/permissions-test.nix index e5667e3..98a4e77 100644 --- a/tests/permissions-test.nix +++ b/tests/permissions-test.nix @@ -4,7 +4,7 @@ nixosModules, lib ? pkgs.lib, }: -pkgs.nixosTest { +pkgs.testers.nixosTest { name = "nixarr-permissions-test"; nodes.machine = { diff --git a/tests/simple-test.nix b/tests/simple-test.nix index 6dd7f73..b147fd8 100644 --- a/tests/simple-test.nix +++ b/tests/simple-test.nix @@ -3,7 +3,7 @@ nixosModules, lib ? pkgs.lib, }: -pkgs.nixosTest { +pkgs.testers.nixosTest { name = "simple-test"; nodes.machine = { diff --git a/tests/vpn-confinement-test.nix b/tests/vpn-confinement-test.nix index 3a3b7f6..32924c9 100644 --- a/tests/vpn-confinement-test.nix +++ b/tests/vpn-confinement-test.nix @@ -43,19 +43,27 @@ The test ensures that: wgGatewayPort = 51820; # Generate real WireGuard keys - wgGatewayPrivateKey = pkgs.runCommand "wg-gateway-private" {buildInputs = [pkgs.wireguard-tools];} '' - wg genkey > $out - ''; - wgGatewayPublicKey = pkgs.runCommand "wg-gateway-public" {buildInputs = [pkgs.wireguard-tools];} '' - cat ${wgGatewayPrivateKey} | wg pubkey > $out - ''; + wgGatewayPrivateKey = + pkgs.runCommand "wg-gateway-private" {buildInputs = [pkgs.wireguard-tools];} + '' + wg genkey > $out + ''; + wgGatewayPublicKey = + pkgs.runCommand "wg-gateway-public" {buildInputs = [pkgs.wireguard-tools];} + '' + cat ${wgGatewayPrivateKey} | wg pubkey > $out + ''; - wgClientPrivateKey = pkgs.runCommand "wg-client-private" {buildInputs = [pkgs.wireguard-tools];} '' - wg genkey > $out - ''; - wgClientPublicKey = pkgs.runCommand "wg-client-public" {buildInputs = [pkgs.wireguard-tools];} '' - cat ${wgClientPrivateKey} | wg pubkey > $out - ''; + wgClientPrivateKey = + pkgs.runCommand "wg-client-private" {buildInputs = [pkgs.wireguard-tools];} + '' + wg genkey > $out + ''; + wgClientPublicKey = + pkgs.runCommand "wg-client-public" {buildInputs = [pkgs.wireguard-tools];} + '' + cat ${wgClientPrivateKey} | wg pubkey > $out + ''; # Network configuration wgGatewayAddr = "10.100.0.1"; @@ -92,7 +100,7 @@ The test ensures that: PersistentKeepalive = 25 ''; in - pkgs.nixosTest { + pkgs.testers.nixosTest { name = "nixarr-vpn-confinement-test"; # Disable interactive mode to avoid hanging @@ -128,7 +136,10 @@ in "${internetClientIP}/24" "${internetClientIPv6}/64" ]; - gateway = ["${internetGatewayIP}" "${internetGatewayIPv6}"]; + gateway = [ + "${internetGatewayIP}" + "${internetGatewayIPv6}" + ]; routes = [ { Destination = "${wgSubnet}"; @@ -189,7 +200,10 @@ in pkgs, ... }: { - virtualisation.vlans = [1 2]; # VLAN 1 for LAN, VLAN 2 for Internet + virtualisation.vlans = [ + 1 + 2 + ]; # VLAN 1 for LAN, VLAN 2 for Internet networking = { interfaces.eth1 = { @@ -224,19 +238,28 @@ in firewall = { enable = true; - allowedUDPPorts = [wgGatewayPort 51413]; + allowedUDPPorts = [ + wgGatewayPort + 51413 + ]; allowedTCPPorts = [51413]; }; wireguard.interfaces.wg0 = { - ips = ["${wgGatewayAddr}/24" "${wgGatewayAddrV6}/64"]; + ips = [ + "${wgGatewayAddr}/24" + "${wgGatewayAddrV6}/64" + ]; listenPort = wgGatewayPort; privateKeyFile = "${wgGatewayPrivateKey}"; peers = [ { publicKey = builtins.readFile wgClientPublicKey; - allowedIPs = ["${wgClientAddr}/32" "${wgClientAddrV6}/128"]; + allowedIPs = [ + "${wgClientAddr}/32" + "${wgClientAddrV6}/128" + ]; } ]; };