# This module defines options for use by all C3D2 machines. { config, lib, ... }: let cfg = config.c3d2; in { options.c3d2 = with lib; with lib.types; { allUsersCanSshRoot = lib.mkOption { type = lib.types.bool; default = false; description = '' Let all people in c3d2.users login as root for deployment via SSH. ''; }; isInHq = mkEnableOption "HQ presence (TODO: what is this? association to VLAN 5?)"; enableMotd = mkOption { type = bool; default = cfg.isInHq; defaultText = literalExample "config.c3d2.isInHq"; }; mapPublicHosts = mkOption { type = bool; default = false; description = '' Whether to add all external HQ host mappings to /etc/hosts. ''; }; mapHqHosts = mkOption { type = bool; default = cfg.isInHq; description = '' Whether to add all internal HQ host mappings to /etc/hosts. ''; }; acmeEmail = mkOption { type = str; default = "mail@c3d2.de"; description = '' Admin email address to use for Letsencrypt ''; }; hq = { interface = mkOption { type = nullOr str; default = null; example = "eth0"; description = '' Configure the given interface name with an internal IP address. ''; }; enableBinaryCache = mkOption { type = bool; default = cfg.isInHq; defaultText = literalExample "config.c3d2.isInHq"; description = "Whether to enable the local Nix binary cache"; }; enableMpdProxy = mkOption { type = bool; default = false; description = "Whether to proxy the local MPD database"; }; }; users = mkOption { type = attrsOf (submodule { options = { sshKeys = mkOption { type = listOf types.str; default = [ ]; }; }; }); }; }; config = { users.motd = lib.mkIf cfg.enableMotd (builtins.readFile ./motd); users.users.root.openssh.authorizedKeys.keys = lib.mkIf cfg.allUsersCanSshRoot (with builtins; lib.lists.flatten ( map (getAttr "sshKeys") (attrValues cfg.users) )); }; }