From 807ee39110c3ad4226ca04c03e8d57c6c4b277bf Mon Sep 17 00:00:00 2001
From: Emery Hemingway <ehmry@posteo.net>
Date: Thu, 23 Jun 2022 12:50:55 -0500
Subject: [PATCH] Add UCI batch and Dropbear options

---
 example.nix              |  4 ++++
 lib/modules/dropbear.nix | 16 ++++++++++++++++
 lib/modules/uci.nix      | 20 ++++++++++++++++++++
 lib/openwrt-system.nix   |  9 ++++++---
 lib/uci.nix              | 18 ++++++++++++++++++
 5 files changed, 64 insertions(+), 3 deletions(-)
 create mode 100644 lib/modules/dropbear.nix
 create mode 100644 lib/modules/uci.nix
 create mode 100644 lib/uci.nix

diff --git a/example.nix b/example.nix
index 3dc70ae..a79e784 100644
--- a/example.nix
+++ b/example.nix
@@ -5,6 +5,10 @@
 
   packages.include = [ "tcpdump" "vxlan" "kmod-vxlan" ];
 
+  dropbear.settings = {
+    PasswordAuth = false;
+  };
+
   files = pkgs.runCommandNoCC "image-files" { } ''
        mkdir -p $out/etc/uci-defaults
        cat > $out/etc/uci-defaults/99-custom <<EOF
diff --git a/lib/modules/dropbear.nix b/lib/modules/dropbear.nix
new file mode 100644
index 0000000..53910d4
--- /dev/null
+++ b/lib/modules/dropbear.nix
@@ -0,0 +1,16 @@
+{ config, lib, ... }:
+let cfg = config.dropbear;
+in {
+  options.dropbear.settings = with lib;
+    mkOption {
+      default = { };
+      type = types.uciSection;
+      description = ''
+        See <link xlink:href="https://openwrt.org/docs/guide-user/base-system/dropbear"/>'';
+    };
+
+  config.uci.batch = lib.toUciBatch {
+    config = "dropbear";
+    type = "dropbear";
+  } cfg.settings;
+}
diff --git a/lib/modules/uci.nix b/lib/modules/uci.nix
new file mode 100644
index 0000000..5c5163b
--- /dev/null
+++ b/lib/modules/uci.nix
@@ -0,0 +1,20 @@
+{ config, lib, ... }:
+with lib;
+let cfg = config.uci;
+in {
+  options.uci.batch = mkOption {
+    type = types.lines;
+    description = "UCI script to execute on first boot.";
+    example = ''
+      set system.@system[0].hostname='testap'
+      set dropbear.@dropbear[0].RootPasswordAuth='off'
+    '';
+  };
+  config.extraFiles."/etc/uci-defaults/99-config.uci.batch".text =
+    mkIf (cfg.batch != "") ''
+      uci -q batch << NIX_EOI
+      ${cfg.batch}
+      uci commit
+      NIX_EOI
+    '';
+}
diff --git a/lib/openwrt-system.nix b/lib/openwrt-system.nix
index 94e73b0..61e2e4d 100644
--- a/lib/openwrt-system.nix
+++ b/lib/openwrt-system.nix
@@ -1,7 +1,8 @@
 { pkgs ? import <nixpkgs> { }, modules }:
 
 let
-  result = pkgs.lib.evalModules {
+  lib' = pkgs.lib.extend (import ./uci.nix);
+  result = lib'.evalModules {
     modules = [
       ({ config, ... }: {
         config._module.args = {
@@ -12,11 +13,13 @@ let
           };
         };
       })
-      ./modules/system.nix
+      ./modules/build.nix
+      ./modules/dropbear.nix
       ./modules/files.nix
       ./modules/packages.nix
       ./modules/services.nix
-      ./modules/build.nix
+      ./modules/system.nix
+      ./modules/uci.nix
     ] ++ modules;
   };
 in { inherit (result) config options; }
diff --git a/lib/uci.nix b/lib/uci.nix
new file mode 100644
index 0000000..2af335c
--- /dev/null
+++ b/lib/uci.nix
@@ -0,0 +1,18 @@
+final: prev:
+let lib = prev;
+in {
+
+  types = lib.types
+    // (with lib.types; { uciSection = attrsOf (oneOf [ bool int str ]); });
+
+  toUciBatch = with builtins;
+    let toAtom = v: if isBool v then (if v then "0" else "1") else (toString v);
+    in { config, type, section ? "@${type}[0]" }:
+    attrs:
+    let
+      cmds = [ "set ${config}.${section}=${type}" ]
+        ++ (lib.attrsets.mapAttrsToList (option: value:
+          "set ${config}.${section}.${option}='${toAtom value}'") attrs);
+
+    in lib.strings.concatStringsSep "\n" cmds;
+}