diff options
| -rw-r--r-- | lib/default.nix | 6 | ||||
| -rw-r--r-- | lib/xml.nix | 88 | ||||
| -rw-r--r-- | tv/3modules/iptables.nix | 59 | ||||
| -rw-r--r-- | tv/5pkgs/simple/bash-fzf-history.nix | 5 |
4 files changed, 142 insertions, 16 deletions
diff --git a/lib/default.nix b/lib/default.nix index 347830e8c..8ba55b571 100644 --- a/lib/default.nix +++ b/lib/default.nix @@ -9,6 +9,7 @@ let krops = import ../submodules/krops/lib; shell = import ./shell.nix { inherit lib; }; types = nixpkgs-lib.types // import ./types.nix { inherit lib; }; + xml = import ./xml.nix { inherit lib; }; eq = x: y: x == y; ne = x: y: x != y; @@ -145,6 +146,11 @@ let in filter (x: x != []) ([acc.chunk] ++ acc.chunks); + warnOldVersion = oldName: newName: + if compareVersions oldName newName != -1 then + trace "Upstream `${oldName}' gets overridden by `${newName}'." newName + else + newName; }; in diff --git a/lib/xml.nix b/lib/xml.nix new file mode 100644 index 000000000..16052445b --- /dev/null +++ b/lib/xml.nix @@ -0,0 +1,88 @@ +{ lib }: +with lib; +with builtins; +rec { + + # Use `term` to construct XML. + # + # Examples: + # + # (term "bool" null null) + # (term "cool" null []) + # (term "fool" { hurr = "durr"; } null) + # (term "hool" null [ + # (term "tool" null null) + # ]) + # + # See `render` for how these get transformed into actuall XML documents. + # + term = name: attrs: content: { + inherit name attrs content; + }; + + empty = term null null null; + + # Ref http://www.w3.org/TR/xml/#syntax + # + # Example: + # + # (quote "<cheez!>") #===> <cheez!> + # + quote = let + sub = { + "&" = "&"; + "<" = "<"; + ">" = ">"; + "'" = "'"; + "\"" = """; + }; + in + stringAsChars (c: sub.${c} or c); + + # Turn an XML element to an XML document string. + doc = t: + "<?xml version='1.0' encoding='UTF-8'?>${render t}"; + + # Render an XML element to a string. + # + # Rendering `empty` yields the empty string. + # + # Examples: + # + # (term "bool" null null) #===> <bool/> + # (term "cool" null []) #===> <cool></cool> + # (term "fool" { hurr = "durr"; } null) #===> <fool hurr="durr"/> + # (term "hool" null [ + # (term "tool" null null) + # ]) #===> <hool><tool/></hool> + # + render = let + render-attrs = attrs: + getAttr (typeOf attrs) { + null = ""; + set = concatStrings (mapAttrsToList (n: v: " ${n}=\"${v}\"") attrs); + }; + + render-content = content: + getAttr (typeOf content) { + bool = toJSON content; + int = toJSON content; + list = concatMapStrings render content; + string = quote content; + }; + in + { name, attrs, content }: + # XXX we're currently encoding too much information with `null`.. + if name == null + then + if content == null + then "" + else content + else let + attrs' = render-attrs attrs; + content' = render-content content; + in + if content == null + then "<${name}${attrs'}/>" + else "<${name}${attrs'}>${content'}</${name}>"; +} diff --git a/tv/3modules/iptables.nix b/tv/3modules/iptables.nix index 56861dc74..3974760d5 100644 --- a/tv/3modules/iptables.nix +++ b/tv/3modules/iptables.nix @@ -9,6 +9,37 @@ let { config = lib.mkIf cfg.enable imp; }; + extraTypes = { + rules = types.submodule { + options = { + nat.OUTPUT = mkOption { + type = with types; listOf str; + default = []; + }; + nat.PREROUTING = mkOption { + type = with types; listOf str; + default = []; + }; + nat.POSTROUTING = mkOption { + type = with types; listOf str; + default = []; + }; + filter.FORWARD = mkOption { + type = with types; listOf str; + default = []; + }; + filter.INPUT = mkOption { + type = with types; listOf str; + default = []; + }; + filter.Retiolum = mkOption { + type = with types; listOf str; + default = []; + }; + }; + }; + }; + api = { enable = mkEnableOption "tv.iptables"; @@ -37,19 +68,19 @@ let { default = []; }; - extra = { - nat.POSTROUTING = mkOption { - type = with types; listOf str; - default = []; - }; - filter.FORWARD = mkOption { - type = with types; listOf str; - default = []; - }; - filter.INPUT = mkOption { - type = with types; listOf str; - default = []; - }; + extra = mkOption { + default = {}; + type = extraTypes.rules; + }; + + extra4 = mkOption { + default = {}; + type = extraTypes.rules; + }; + + extra6 = mkOption { + default = {}; + type = extraTypes.rules; }; }; @@ -112,6 +143,7 @@ let { "-o lo -p tcp -m tcp --dport 11423 -j REDIRECT --to-ports 22" ]} ${formatTable cfg.extra.nat} + ${formatTable cfg."extra${toString iptables-version}".nat} COMMIT *filter :INPUT DROP [0:0] @@ -129,6 +161,7 @@ let { ++ ["-i retiolum -j Retiolum"] )} ${formatTable cfg.extra.filter} + ${formatTable cfg."extra${toString iptables-version}".filter} ${concatMapStringsSep "\n" (rule: "-A Retiolum ${rule}") ([] ++ optional (cfg.accept-echo-request == "retiolum") accept-echo-request ++ map accept-tcp (unique (map toString cfg.input-retiolum-accept-tcp)) diff --git a/tv/5pkgs/simple/bash-fzf-history.nix b/tv/5pkgs/simple/bash-fzf-history.nix index b603dedd9..88a8e9e4a 100644 --- a/tv/5pkgs/simple/bash-fzf-history.nix +++ b/tv/5pkgs/simple/bash-fzf-history.nix @@ -97,7 +97,6 @@ with import <stockholm/lib>; bind -s | ${pkgs.gnugrep}/bin/grep __fzf_ >&2 ''; in - script // - rec { + script.overrideAttrs (old: rec { bind = /* sh */ ''bind -x '"${load-keyseq}": . ${script}' ''; - } + }) |