diff --git a/modules/core/default.nix b/modules/core/default.nix index 37b048a6..64d4c765 100644 --- a/modules/core/default.nix +++ b/modules/core/default.nix @@ -13,25 +13,29 @@ ./users.nix ]; - options.pub-solar-os = with lib; { - adminEmail = mkOption { - description = "Email address to use for administrative stuff like ACME"; - type = types.str; - default = "admins@pub.solar"; - }; + options.pub-solar-os = + let + inherit (lib) mkOption types; + in + { + adminEmail = mkOption { + description = "Email address to use for administrative stuff like ACME"; + type = types.str; + default = "admins@pub.solar"; + }; - privacyPolicyUrl = mkOption { - description = "URL of the privacy policy. Used to link there from applications"; - type = types.str; - default = "https://pub.solar/privacy"; - }; + privacyPolicyUrl = mkOption { + description = "URL of the privacy policy. Used to link there from applications"; + type = types.str; + default = "https://pub.solar/privacy"; + }; - imprintUrl = mkOption { - description = "URL of the imprint. Used to link there from applications"; - type = types.str; - default = "https://pub.solar/about"; + imprintUrl = mkOption { + description = "URL of the imprint. Used to link there from applications"; + type = types.str; + default = "https://pub.solar/about"; + }; }; - }; config = { environment = { diff --git a/modules/core/networking.nix b/modules/core/networking.nix index 5351c303..765fdd43 100644 --- a/modules/core/networking.nix +++ b/modules/core/networking.nix @@ -5,18 +5,22 @@ ... }: { - options.pub-solar-os.networking = with lib; { - domain = mkOption { - description = "domain on which all services should run. This defaults to pub.solar"; - type = types.str; - default = "pub.solar"; - }; + options.pub-solar-os.networking = + let + inherit (lib) mkOption types; + in + { + domain = mkOption { + description = "domain on which all services should run. This defaults to pub.solar"; + type = types.str; + default = "pub.solar"; + }; - defaultInterface = mkOption { - description = "Network interface which should be used as the default internet-connected one"; - type = types.nullOr types.str; + defaultInterface = mkOption { + description = "Network interface which should be used as the default internet-connected one"; + type = types.nullOr types.str; + }; }; - }; config = { @@ -41,7 +45,7 @@ # This breaks compatibilty with clients that do not offer these MACs. For # compatibility reasons, we add back the old defaults. # See: https://github.com/NixOS/nixpkgs/pull/231165 - # + # # https://blog.stribik.technology/2015/01/04/secure-secure-shell.html # https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67 Macs = [ diff --git a/modules/core/users.nix b/modules/core/users.nix index 1ade4ebe..5ff79454 100644 --- a/modules/core/users.nix +++ b/modules/core/users.nix @@ -6,37 +6,41 @@ ... }: { - options.pub-solar-os.authentication = with lib; { - username = mkOption { - description = "Username for the adminstrative user"; - type = types.str; - default = flake.self.username; - }; + options.pub-solar-os.authentication = + let + inherit (lib) mkOption types; + in + { + username = mkOption { + description = "Username for the adminstrative user"; + type = types.str; + default = flake.self.username; + }; - sshPubKeys = mkOption { - description = "SSH Keys that should have administrative root access"; - type = types.listOf types.str; - default = flake.self.logins.admins.sshPubKeys; - }; + sshPubKeys = mkOption { + description = "SSH Keys that should have administrative root access"; + type = types.listOf types.str; + default = flake.self.logins.admins.sshPubKeys; + }; - root.initialHashedPassword = mkOption { - description = "Hashed password of the root account"; - type = types.str; - default = "$y$j9T$bIN6GjQkmPMllOcQsq52K0$q0Z5B5.KW/uxXK9fItB8H6HO79RYAcI/ZZdB0Djke32"; - }; + root.initialHashedPassword = mkOption { + description = "Hashed password of the root account"; + type = types.str; + default = "$y$j9T$bIN6GjQkmPMllOcQsq52K0$q0Z5B5.KW/uxXK9fItB8H6HO79RYAcI/ZZdB0Djke32"; + }; - robot.username = mkOption { - description = "username for the robot user"; - type = types.str; - default = "hakkonaut"; - }; + robot.username = mkOption { + description = "username for the robot user"; + type = types.str; + default = "hakkonaut"; + }; - robot.sshPubKeys = mkOption { - description = "SSH Keys to use for the robot user"; - type = types.listOf types.str; - default = flake.self.logins.robots.sshPubKeys; + robot.sshPubKeys = mkOption { + description = "SSH Keys to use for the robot user"; + type = types.listOf types.str; + default = flake.self.logins.robots.sshPubKeys; + }; }; - }; config = { users.users.${config.pub-solar-os.authentication.username} = { diff --git a/modules/keycloak/default.nix b/modules/keycloak/default.nix index bae4a913..d3a5f1e7 100644 --- a/modules/keycloak/default.nix +++ b/modules/keycloak/default.nix @@ -6,12 +6,12 @@ ... }: { - options.pub-solar-os.auth = with lib; { - enable = mkEnableOption "Enable keycloak to run on the node"; + options.pub-solar-os.auth = { + enable = lib.mkEnableOption "Enable keycloak to run on the node"; - realm = mkOption { + realm = lib.mkOption { description = "Name of the realm"; - type = types.str; + type = lib.types.str; default = config.pub-solar-os.networking.domain; }; };