inline excessive lets

examples/rotuer.nix

@@ -20,6 +20,7 @@ let
     writeText
     writeFennelScript
     serviceFns;
+  svc = config.system.service;
 in rec {
   boot = {
     tftp = {
@@ -36,16 +37,12 @@ in rec {
     ../modules/dnsmasq
     ../modules/firewall
     ../modules/hostapd
+    ../modules/bridge
   ];
   rootfsType = "jffs2";
   hostname = "rotuer";
-  kernel = {
-    config = {
-      BRIDGE = "y";
-    };
-  };
 
-  services.hostap = config.system.service.hostapd {
+  services.hostap = svc.hostapd {
     interface = config.hardware.networkInterfaces.wlan_24;
     params = {
       ssid = "liminix";
@@ -63,7 +60,7 @@ in rec {
     };
   };
 
-  services.hostap5 = config.system.service.hostapd {
+  services.hostap5 = svc.hostapd {
     interface = config.hardware.networkInterfaces.wlan_5;
     params = rec {
       ssid = "liminix_5";
@@ -86,29 +83,17 @@ in rec {
   };
 
   services.int =
-    let iface = interface {
+    let iface = svc.bridge.primary { ifname = "int"; };
-          type = "bridge";
-          device = "int";
-        };
     in address iface {
       family = "inet4"; address ="10.8.0.1"; prefixLength = 16;
     };
 
-  services.bridge =
+  services.bridge = svc.bridge.members {
-    let
+    primary = services.int;
-      primary = services.int;
+    members = with config.hardware.networkInterfaces;  [
-      addif = dev: oneshot {
+      wlan_24 lan wlan_5
-        name = "add-${dev.device}-to-bridge";
+    ];
-        up = "${ifwait}/bin/ifwait -v ${dev.device} running && ip link set dev ${dev.device} master ${primary.device}";
+  };
-        down = "ip link set dev ${dev} nomaster";
-        dependencies = [ primary dev ];
-      };
-    in bundle {
-      name = "bridge-members";
-      contents = with config.hardware.networkInterfaces; map addif [
-        wlan_24 lan wlan_5
-      ];
-    };
 
   services.ntp =
     let config = writeText "chrony.conf" ''
@@ -145,7 +130,7 @@ in rec {
 
   services.dns =
     let interface = services.int;
-    in config.system.service.dnsmasq {
+    in svc.dnsmasq {
       resolvconf = services.resolvconf;
       inherit interface;
       ranges = [
@@ -155,16 +140,14 @@ in rec {
       domain = "fake.liminix.org";
     };
 
-  services.wan =
+  services.wan = svc.pppoe {
-    let iface = config.hardware.networkInterfaces.wan;
+    interface = config.hardware.networkInterfaces.wan;
-    in config.system.service.pppoe {
+    ppp-options = [
-      interface = iface;
+      "debug" "+ipv6" "noauth"
-      ppp-options = [
+      "name" secrets.l2tp.name
-        "debug" "+ipv6" "noauth"
+      "password" secrets.l2tp.password
-        "name" secrets.l2tp.name
+    ];
-        "password" secrets.l2tp.password
+  };
-      ];
-    };
 
   services.resolvconf = oneshot rec {
     dependencies = [ services.wan ];
@@ -196,7 +179,7 @@ in rec {
     dependencies = [ services.wan ];
   };
 
-  services.firewall = config.system.service.firewall {
+  services.firewall = svc.firewall {
     ruleset = import ./rotuer-firewall.nix;
   };
 

modules/bridge/default.nix

@@ -0,0 +1,22 @@
+{ lib, pkgs, config, ...}:
+let
+  inherit (lib) mkOption types;
+  inherit (pkgs.liminix.services) oneshot;
+in
+{
+  options = {
+    system.service.bridge = {
+      primary = mkOption {
+        type = types.functionTo pkgs.liminix.lib.types.service;
+      };
+      members = mkOption {
+        type = types.functionTo pkgs.liminix.lib.types.service;
+      };
+    };
+  };
+  config = {
+    system.service.bridge.primary = pkgs.callPackage ./primary.nix {};
+    system.service.bridge.members = pkgs.callPackage ./members.nix {};
+    kernel.config.BRIDGE = "y";
+  };
+}

modules/bridge/members.nix

@@ -0,0 +1,35 @@
+{
+  liminix
+, ifwait
+, lib
+}:
+let
+  inherit (liminix.networking) interface;
+  inherit (liminix.services) bundle oneshot;
+  inherit (liminix.lib) typeChecked;
+  inherit (lib) mkOption types;
+  t = {
+    members = mkOption {
+      type = types.listOf liminix.lib.types.service;
+      description = "interfaces to add to the bridge";
+    };
+    primary = mkOption {
+      type = liminix.lib.types.service;
+      description = "bridge interface to add them to";
+    };
+  };
+in
+params:
+let
+  inherit (typeChecked "bridge-members" t params) members primary;
+  addif = member :
+    oneshot {
+      name = "add-${member.device}-to-br-${primary.device}";
+      up = "${ifwait}/bin/ifwait ${member.device} running && ip link set dev ${member.device} master ${primary.device}";
+      down = "ip link set dev ${member.device} nomaster";
+      dependencies = [ primary member ];
+    };
+in bundle {
+  name = "bridge-${primary.device}-members";
+  contents = map addif members;
+}

modules/bridge/primary.nix

@@ -0,0 +1,22 @@
+{
+  liminix
+, lib
+}:
+let
+  inherit (liminix.networking) interface;
+  inherit (liminix.lib) typeChecked;
+  inherit (lib) mkOption types;
+  t = {
+    ifname = mkOption {
+      type = types.str;
+      description = "interface name for the bridge device";
+    };
+  };
+in
+params:
+let
+  inherit (typeChecked "bridge" t params) ifname;
+in interface {
+  device = ifname;
+  type = "bridge";
+}