nix-config/modules/c3d2.nix

148 lines
3.7 KiB
Nix

# This module defines options for use by all C3D2 machines.
{ config, lib, pkgs, ... }:
let cfg = config.c3d2;
in
{
options.c3d2 = with lib;
with lib.types; {
allUsersCanSshRoot = lib.mkOption {
type = lib.types.bool;
default = false;
description = ''
Let all people in <literal>c3d2.users</literal>
login as root for deployment via SSH.
'';
};
isInHq = mkEnableOption "HQ presence (TODO: what is this? association to VLAN 5?)";
enableMotd = mkOption {
type = bool;
default = cfg.isInHq;
defaultText = literalExample "config.c3d2.isInHq";
};
mapPublicHosts = mkOption {
type = bool;
default = false;
description = ''
Whether to add all external HQ host mappings to /etc/hosts.
'';
};
mapHqHosts = mkOption {
type = bool;
default = cfg.isInHq;
description = ''
Whether to add all internal HQ host mappings to /etc/hosts.
'';
};
acmeEmail = mkOption {
type = str;
default = "mail@c3d2.de";
description = ''
Admin email address to use for Letsencrypt
'';
};
k-ot.enable = mkEnableOption ''
Add k-ot user to this machine. Anyone with an SSH key listed in
<literal>c3d2.users</literal> can log in as this user.
'';
hq = {
interface = mkOption {
type = nullOr str;
default = null;
example = "eth0";
description = ''
Configure the given interface name with an internal IP address.
'';
};
enableBinaryCache = mkOption {
type = bool;
default = cfg.isInHq;
defaultText = literalExample "config.c3d2.isInHq";
description = "Whether to enable the local Nix binary cache";
};
enableMpdProxy = mkOption {
type = bool;
default = false;
description = "Whether to proxy the local MPD database";
};
};
hosts =
mkOption {
type = attrsOf (submodule {
options = {
ether = mkOption {
type = with types; nullOr str;
default = null;
};
ip4 = mkOption {
type = with types; nullOr str;
default = null;
};
ip6 = mkOption {
type = with types; nullOr str;
default = null;
};
publicKey = mkOption {
type = with types; nullOr str;
default = null;
};
wol = mkOption {
type = types.bool;
default = false;
};
};
});
};
users =
mkOption {
type = attrsOf (submodule {
options = {
sshKeys = mkOption {
type = listOf types.str;
default = [ ];
};
};
});
};
};
config =
let
adminKeys = (with builtins; lib.lists.flatten (
map
(getAttr "sshKeys")
(attrValues cfg.users)
));
in
{
users.motd = lib.mkIf cfg.enableMotd (builtins.readFile ./motd);
users.users.k-ot = lib.mkIf cfg.k-ot.enable {
packages = with pkgs; [ screen tmux ];
createHome = true;
isNormalUser = true;
uid = 1000;
extraGroups = [ "audio" "video" "wheel" ];
password = "k-otk-ot";
openssh.authorizedKeys.keys = adminKeys;
};
users.users.root.openssh.authorizedKeys.keys = lib.mkIf cfg.allUsersCanSshRoot adminKeys;
};
}