2022-01-15 18:30:20 +01:00
|
|
|
# This module defines options for use by all C3D2 machines.
|
|
|
|
|
|
|
|
{ config, lib, ... }:
|
|
|
|
|
|
|
|
let cfg = config.c3d2;
|
2022-01-16 00:09:17 +01:00
|
|
|
in
|
|
|
|
{
|
2022-01-15 18:30:20 +01:00
|
|
|
options.c3d2 = with lib;
|
|
|
|
with lib.types; {
|
|
|
|
|
2022-01-16 00:09:17 +01:00
|
|
|
allUsersCanSshRoot = lib.mkOption {
|
|
|
|
type = lib.types.bool;
|
|
|
|
default = false;
|
|
|
|
description = ''
|
|
|
|
Let all people in <literal>c3d2.users</literal>
|
|
|
|
login as root for deployment via SSH.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
2022-01-15 18:30:20 +01:00
|
|
|
isInHq = mkEnableOption "HQ presence (TODO: what is this? association to VLAN 5?)";
|
|
|
|
|
|
|
|
enableMotd = mkOption {
|
|
|
|
type = bool;
|
|
|
|
default = cfg.isInHq;
|
|
|
|
defaultText = literalExample "config.c3d2.isInHq";
|
|
|
|
};
|
|
|
|
|
|
|
|
mapPublicHosts = mkOption {
|
|
|
|
type = bool;
|
|
|
|
default = false;
|
|
|
|
description = ''
|
|
|
|
Whether to add all external HQ host mappings to /etc/hosts.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
mapHqHosts = mkOption {
|
|
|
|
type = bool;
|
|
|
|
default = cfg.isInHq;
|
|
|
|
description = ''
|
|
|
|
Whether to add all internal HQ host mappings to /etc/hosts.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
acmeEmail = mkOption {
|
|
|
|
type = str;
|
|
|
|
default = "mail@c3d2.de";
|
|
|
|
description = ''
|
|
|
|
Admin email address to use for Letsencrypt
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
hq = {
|
|
|
|
|
|
|
|
interface = mkOption {
|
|
|
|
type = nullOr str;
|
|
|
|
default = null;
|
|
|
|
example = "eth0";
|
|
|
|
description = ''
|
|
|
|
Configure the given interface name with an internal IP address.
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
|
|
|
|
enableBinaryCache = mkOption {
|
|
|
|
type = bool;
|
|
|
|
default = cfg.isInHq;
|
|
|
|
defaultText = literalExample "config.c3d2.isInHq";
|
|
|
|
description = "Whether to enable the local Nix binary cache";
|
|
|
|
};
|
|
|
|
|
|
|
|
enableMpdProxy = mkOption {
|
|
|
|
type = bool;
|
|
|
|
default = false;
|
|
|
|
description = "Whether to proxy the local MPD database";
|
|
|
|
};
|
|
|
|
|
|
|
|
};
|
|
|
|
|
2022-01-16 00:09:17 +01:00
|
|
|
users =
|
|
|
|
mkOption {
|
|
|
|
type = attrsOf (submodule {
|
|
|
|
options = {
|
|
|
|
sshKeys = mkOption {
|
|
|
|
type = listOf types.str;
|
|
|
|
default = [ ];
|
|
|
|
};
|
|
|
|
};
|
|
|
|
});
|
|
|
|
};
|
|
|
|
|
2022-01-15 18:30:20 +01:00
|
|
|
};
|
2022-01-16 00:09:17 +01:00
|
|
|
config = {
|
|
|
|
|
|
|
|
users.motd = lib.mkIf cfg.enableMotd (builtins.readFile ./motd);
|
|
|
|
|
|
|
|
users.users.root.openssh.authorizedKeys.keys = lib.mkIf cfg.allUsersCanSshRoot
|
|
|
|
(with builtins; lib.lists.flatten (
|
|
|
|
map
|
|
|
|
(getAttr "sshKeys")
|
|
|
|
(attrValues cfg.users)
|
|
|
|
));
|
|
|
|
|
|
|
|
};
|
2022-01-15 18:30:20 +01:00
|
|
|
}
|