Merge pull request 'style: avoid usage of top-level "with lib;"' (#195) from style-avoid-top-level-lib into main

Reviewed-on: pub-solar/infra#195
Reviewed-by: Hendrik Sokolowski <hensoko@noreply.git.pub.solar>
This commit is contained in:
teutat3s 2024-05-27 10:03:43 +00:00
commit 1235a4f878
Signed by: pub.solar gitea
GPG key ID: F0332B04B7054873
4 changed files with 69 additions and 57 deletions

View file

@ -13,25 +13,29 @@
./users.nix ./users.nix
]; ];
options.pub-solar-os = with lib; { options.pub-solar-os =
adminEmail = mkOption { let
description = "Email address to use for administrative stuff like ACME"; inherit (lib) mkOption types;
type = types.str; in
default = "admins@pub.solar"; {
}; adminEmail = mkOption {
description = "Email address to use for administrative stuff like ACME";
type = types.str;
default = "admins@pub.solar";
};
privacyPolicyUrl = mkOption { privacyPolicyUrl = mkOption {
description = "URL of the privacy policy. Used to link there from applications"; description = "URL of the privacy policy. Used to link there from applications";
type = types.str; type = types.str;
default = "https://pub.solar/privacy"; default = "https://pub.solar/privacy";
}; };
imprintUrl = mkOption { imprintUrl = mkOption {
description = "URL of the imprint. Used to link there from applications"; description = "URL of the imprint. Used to link there from applications";
type = types.str; type = types.str;
default = "https://pub.solar/about"; default = "https://pub.solar/about";
};
}; };
};
config = { config = {
environment = { environment = {

View file

@ -5,18 +5,22 @@
... ...
}: }:
{ {
options.pub-solar-os.networking = with lib; { options.pub-solar-os.networking =
domain = mkOption { let
description = "domain on which all services should run. This defaults to pub.solar"; inherit (lib) mkOption types;
type = types.str; in
default = "pub.solar"; {
}; domain = mkOption {
description = "domain on which all services should run. This defaults to pub.solar";
type = types.str;
default = "pub.solar";
};
defaultInterface = mkOption { defaultInterface = mkOption {
description = "Network interface which should be used as the default internet-connected one"; description = "Network interface which should be used as the default internet-connected one";
type = types.nullOr types.str; type = types.nullOr types.str;
};
}; };
};
config = { config = {
@ -41,7 +45,7 @@
# This breaks compatibilty with clients that do not offer these MACs. For # This breaks compatibilty with clients that do not offer these MACs. For
# compatibility reasons, we add back the old defaults. # compatibility reasons, we add back the old defaults.
# See: https://github.com/NixOS/nixpkgs/pull/231165 # See: https://github.com/NixOS/nixpkgs/pull/231165
# #
# https://blog.stribik.technology/2015/01/04/secure-secure-shell.html # https://blog.stribik.technology/2015/01/04/secure-secure-shell.html
# https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67 # https://infosec.mozilla.org/guidelines/openssh#modern-openssh-67
Macs = [ Macs = [

View file

@ -6,37 +6,41 @@
... ...
}: }:
{ {
options.pub-solar-os.authentication = with lib; { options.pub-solar-os.authentication =
username = mkOption { let
description = "Username for the adminstrative user"; inherit (lib) mkOption types;
type = types.str; in
default = flake.self.username; {
}; username = mkOption {
description = "Username for the adminstrative user";
type = types.str;
default = flake.self.username;
};
sshPubKeys = mkOption { sshPubKeys = mkOption {
description = "SSH Keys that should have administrative root access"; description = "SSH Keys that should have administrative root access";
type = types.listOf types.str; type = types.listOf types.str;
default = flake.self.logins.admins.sshPubKeys; default = flake.self.logins.admins.sshPubKeys;
}; };
root.initialHashedPassword = mkOption { root.initialHashedPassword = mkOption {
description = "Hashed password of the root account"; description = "Hashed password of the root account";
type = types.str; type = types.str;
default = "$y$j9T$bIN6GjQkmPMllOcQsq52K0$q0Z5B5.KW/uxXK9fItB8H6HO79RYAcI/ZZdB0Djke32"; default = "$y$j9T$bIN6GjQkmPMllOcQsq52K0$q0Z5B5.KW/uxXK9fItB8H6HO79RYAcI/ZZdB0Djke32";
}; };
robot.username = mkOption { robot.username = mkOption {
description = "username for the robot user"; description = "username for the robot user";
type = types.str; type = types.str;
default = "hakkonaut"; default = "hakkonaut";
}; };
robot.sshPubKeys = mkOption { robot.sshPubKeys = mkOption {
description = "SSH Keys to use for the robot user"; description = "SSH Keys to use for the robot user";
type = types.listOf types.str; type = types.listOf types.str;
default = flake.self.logins.robots.sshPubKeys; default = flake.self.logins.robots.sshPubKeys;
};
}; };
};
config = { config = {
users.users.${config.pub-solar-os.authentication.username} = { users.users.${config.pub-solar-os.authentication.username} = {

View file

@ -6,12 +6,12 @@
... ...
}: }:
{ {
options.pub-solar-os.auth = with lib; { options.pub-solar-os.auth = {
enable = mkEnableOption "Enable keycloak to run on the node"; enable = lib.mkEnableOption "Enable keycloak to run on the node";
realm = mkOption { realm = lib.mkOption {
description = "Name of the realm"; description = "Name of the realm";
type = types.str; type = lib.types.str;
default = config.pub-solar-os.networking.domain; default = config.pub-solar-os.networking.domain;
}; };
}; };