nix-config/modules/c3d2.nix

# This module defines options for use by all C3D2 machines.

{ config, lib, ... }:

let cfg = config.c3d2;
in
{
  options.c3d2 = with lib;
    with lib.types; {

      allUsersCanSshRoot = lib.mkOption {
        type = lib.types.bool;
        default = false;
        description = ''
          Let all people in <literal>c3d2.users</literal>
          login as root for deployment via SSH.
        '';
      };

      isInHq = mkEnableOption "HQ presence (TODO: what is this? association to VLAN 5?)";

      enableMotd = mkOption {
        type = bool;
        default = cfg.isInHq;
        defaultText = literalExample "config.c3d2.isInHq";
      };

      mapPublicHosts = mkOption {
        type = bool;
        default = false;
        description = ''
          Whether to add all external HQ host mappings to /etc/hosts.
        '';
      };

      mapHqHosts = mkOption {
        type = bool;
        default = cfg.isInHq;
        description = ''
          Whether to add all internal HQ host mappings to /etc/hosts.
        '';
      };

      acmeEmail = mkOption {
        type = str;
        default = "mail@c3d2.de";
        description = ''
          Admin email address to use for Letsencrypt
        '';
      };

      hq = {

        interface = mkOption {
          type = nullOr str;
          default = null;
          example = "eth0";
          description = ''
            Configure the given interface name with an internal IP address.
          '';
        };

        enableBinaryCache = mkOption {
          type = bool;
          default = cfg.isInHq;
          defaultText = literalExample "config.c3d2.isInHq";
          description = "Whether to enable the local Nix binary cache";
        };

        enableMpdProxy = mkOption {
          type = bool;
          default = false;
          description = "Whether to proxy the local MPD database";
        };

      };

      users =
        mkOption {
          type = attrsOf (submodule {
            options = {
              sshKeys = mkOption {
                type = listOf types.str;
                default = [ ];
              };
            };
          });
        };

    };
  config = {

    users.motd = lib.mkIf cfg.enableMotd (builtins.readFile ./motd);

    users.users.root.openssh.authorizedKeys.keys = lib.mkIf cfg.allUsersCanSshRoot
      (with builtins; lib.lists.flatten (
        map
          (getAttr "sshKeys")
          (attrValues cfg.users)
      ));

  };
}
Split "lib" into "config" and "modules" Separate modules that add options from modules that change configuration. 2022-01-15 18:30:20 +01:00			`# This module defines options for use by all C3D2 machines.`

			`{ config, lib, ... }:`

			`let cfg = config.c3d2;`
Reduce users to attrset of ssh keys 2022-01-16 00:09:17 +01:00			`in`
			`{`
Split "lib" into "config" and "modules" Separate modules that add options from modules that change configuration. 2022-01-15 18:30:20 +01:00			`options.c3d2 = with lib;`
			`with lib.types; {`

Reduce users to attrset of ssh keys 2022-01-16 00:09:17 +01:00			`allUsersCanSshRoot = lib.mkOption {`
			`type = lib.types.bool;`
			`default = false;`
			`description = ''`
			`Let all people in <literal>c3d2.users</literal>`
			`login as root for deployment via SSH.`
			`'';`
			`};`

Split "lib" into "config" and "modules" Separate modules that add options from modules that change configuration. 2022-01-15 18:30:20 +01:00			`isInHq = mkEnableOption "HQ presence (TODO: what is this? association to VLAN 5?)";`

			`enableMotd = mkOption {`
			`type = bool;`
			`default = cfg.isInHq;`
			`defaultText = literalExample "config.c3d2.isInHq";`
			`};`

			`mapPublicHosts = mkOption {`
			`type = bool;`
			`default = false;`
			`description = ''`
			`Whether to add all external HQ host mappings to /etc/hosts.`
			`'';`
			`};`

			`mapHqHosts = mkOption {`
			`type = bool;`
			`default = cfg.isInHq;`
			`description = ''`
			`Whether to add all internal HQ host mappings to /etc/hosts.`
			`'';`
			`};`

			`acmeEmail = mkOption {`
			`type = str;`
			`default = "mail@c3d2.de";`
			`description = ''`
			`Admin email address to use for Letsencrypt`
			`'';`
			`};`

			`hq = {`

			`interface = mkOption {`
			`type = nullOr str;`
			`default = null;`
			`example = "eth0";`
			`description = ''`
			`Configure the given interface name with an internal IP address.`
			`'';`
			`};`

			`enableBinaryCache = mkOption {`
			`type = bool;`
			`default = cfg.isInHq;`
			`defaultText = literalExample "config.c3d2.isInHq";`
			`description = "Whether to enable the local Nix binary cache";`
			`};`

			`enableMpdProxy = mkOption {`
			`type = bool;`
			`default = false;`
			`description = "Whether to proxy the local MPD database";`
			`};`

			`};`

Reduce users to attrset of ssh keys 2022-01-16 00:09:17 +01:00			`users =`
			`mkOption {`
			`type = attrsOf (submodule {`
			`options = {`
			`sshKeys = mkOption {`
			`type = listOf types.str;`
			`default = [ ];`
			`};`
			`};`
			`});`
			`};`

Split "lib" into "config" and "modules" Separate modules that add options from modules that change configuration. 2022-01-15 18:30:20 +01:00			`};`
Reduce users to attrset of ssh keys 2022-01-16 00:09:17 +01:00			`config = {`

			`users.motd = lib.mkIf cfg.enableMotd (builtins.readFile ./motd);`

			`users.users.root.openssh.authorizedKeys.keys = lib.mkIf cfg.allUsersCanSshRoot`
			`(with builtins; lib.lists.flatten (`
			`map`
			`(getAttr "sshKeys")`
			`(attrValues cfg.users)`
			`));`

			`};`
Split "lib" into "config" and "modules" Separate modules that add options from modules that change configuration. 2022-01-15 18:30:20 +01:00			`}`