1
0
Fork 0
forked from pub-solar/infra

Merge pull request 'style: avoid usage of top-level "with lib;"' (#195) from style-avoid-top-level-lib into main

Reviewed-on: pub-solar/infra#195
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
This commit is contained in:
teutat3s 2024-05-27 10:03:43 +00:00
commit 1235a4f878
Signed by: pub.solar gitea
GPG key ID: F0332B04B7054873
4 changed files with 69 additions and 57 deletions

View file

@ -13,25 +13,29 @@
./users.nix
];
options.pub-solar-os = with lib; {
adminEmail = mkOption {
description = "Email address to use for administrative stuff like ACME";
type = types.str;
default = "admins@pub.solar";
};
options.pub-solar-os =
let
inherit (lib) mkOption types;
in
{
adminEmail = mkOption {
description = "Email address to use for administrative stuff like ACME";
type = types.str;
default = "admins@pub.solar";
};
privacyPolicyUrl = mkOption {
description = "URL of the privacy policy. Used to link there from applications";
type = types.str;
default = "https://pub.solar/privacy";
};
privacyPolicyUrl = mkOption {
description = "URL of the privacy policy. Used to link there from applications";
type = types.str;
default = "https://pub.solar/privacy";
};
imprintUrl = mkOption {
description = "URL of the imprint. Used to link there from applications";
type = types.str;
default = "https://pub.solar/about";
imprintUrl = mkOption {
description = "URL of the imprint. Used to link there from applications";
type = types.str;
default = "https://pub.solar/about";
};
};
};
config = {
environment = {

View file

@ -5,18 +5,22 @@
...
}:
{
options.pub-solar-os.networking = with lib; {
domain = mkOption {
description = "domain on which all services should run. This defaults to pub.solar";
type = types.str;
default = "pub.solar";
};
options.pub-solar-os.networking =
let
inherit (lib) mkOption types;
in
{
domain = mkOption {
description = "domain on which all services should run. This defaults to pub.solar";
type = types.str;
default = "pub.solar";
};
defaultInterface = mkOption {
description = "Network interface which should be used as the default internet-connected one";
type = types.nullOr types.str;
defaultInterface = mkOption {
description = "Network interface which should be used as the default internet-connected one";
type = types.nullOr types.str;
};
};
};
config = {
@ -41,7 +45,7 @@
# This breaks compatibilty with clients that do not offer these MACs. For
# compatibility reasons, we add back the old defaults.
# See: https://github.com/NixOS/nixpkgs/pull/231165
#
#
# https://blog.stribik.technology/2015/01/04/secure-secure-shell.html
# https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67
Macs = [

View file

@ -6,37 +6,41 @@
...
}:
{
options.pub-solar-os.authentication = with lib; {
username = mkOption {
description = "Username for the adminstrative user";
type = types.str;
default = flake.self.username;
};
options.pub-solar-os.authentication =
let
inherit (lib) mkOption types;
in
{
username = mkOption {
description = "Username for the adminstrative user";
type = types.str;
default = flake.self.username;
};
sshPubKeys = mkOption {
description = "SSH Keys that should have administrative root access";
type = types.listOf types.str;
default = flake.self.logins.admins.sshPubKeys;
};
sshPubKeys = mkOption {
description = "SSH Keys that should have administrative root access";
type = types.listOf types.str;
default = flake.self.logins.admins.sshPubKeys;
};
root.initialHashedPassword = mkOption {
description = "Hashed password of the root account";
type = types.str;
default = "$y$j9T$bIN6GjQkmPMllOcQsq52K0$q0Z5B5.KW/uxXK9fItB8H6HO79RYAcI/ZZdB0Djke32";
};
root.initialHashedPassword = mkOption {
description = "Hashed password of the root account";
type = types.str;
default = "$y$j9T$bIN6GjQkmPMllOcQsq52K0$q0Z5B5.KW/uxXK9fItB8H6HO79RYAcI/ZZdB0Djke32";
};
robot.username = mkOption {
description = "username for the robot user";
type = types.str;
default = "hakkonaut";
};
robot.username = mkOption {
description = "username for the robot user";
type = types.str;
default = "hakkonaut";
};
robot.sshPubKeys = mkOption {
description = "SSH Keys to use for the robot user";
type = types.listOf types.str;
default = flake.self.logins.robots.sshPubKeys;
robot.sshPubKeys = mkOption {
description = "SSH Keys to use for the robot user";
type = types.listOf types.str;
default = flake.self.logins.robots.sshPubKeys;
};
};
};
config = {
users.users.${config.pub-solar-os.authentication.username} = {

View file

@ -6,12 +6,12 @@
...
}:
{
options.pub-solar-os.auth = with lib; {
enable = mkEnableOption "Enable keycloak to run on the node";
options.pub-solar-os.auth = {
enable = lib.mkEnableOption "Enable keycloak to run on the node";
realm = mkOption {
realm = lib.mkOption {
description = "Name of the realm";
type = types.str;
type = lib.types.str;
default = config.pub-solar-os.networking.domain;
};
};