dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity
7537cf4205
nixfiles/nixos/modules/deploy-rs.nix

67 lines
2.0 KiB
Nix
Raw Normal View History

Functioning installation
2022-02-19 22:55:53 +00:00
{ lib, extendModules, pkgs, options, config, baseModules, ... }:
let
inherit (builtins) head;
inherit (lib) mkOption mkMerge mkIf mkDefault;
inherit (lib.my) mkOpt' mkBoolOpt';
cfg = config.my.deploy;
in
{
options.my.deploy = with lib.types; rec {
authorizedKeys = {
keys = mkOpt' (listOf singleLineStr) [ ] "SSH public keys to add to the default deployment user.";
keyFiles = mkOpt' (listOf str) [ ] "SSH public key files to add to the default deployment user.";
};
enable = mkBoolOpt' true "Whether to expose deploy-rs configuration for this system.";
node = mkOpt' lib.my.deploy-rs.node { } "deploy-rs node configuration.";
generate = {
system.enable = mkBoolOpt' true "Whether to generate a deploy-rs profile for this system's config.";
};
rendered = mkOption {
type = nullOr (attrsOf anything);
default = null;
internal = true;
description = "Rendered deploy-rs node configuration.";
};
};
config = mkMerge [
{
my.deploy = {
enable = mkIf config.my.build.isDevVM false;
node = {
hostname = mkDefault config.networking.fqdn;
profiles = {
system = mkIf cfg.generate.system.enable {
path = pkgs.deploy-rs.lib.activate.nixos { inherit config; };
user = "root";
};
};
sshUser = "deploy";
user = mkDefault "root";
sudo = mkDefault (if config.security.doas.enable then "doas -u" else "sudo -u");
sshOpts = mkDefault [ "-p" (toString (head config.services.openssh.ports)) ];
};
rendered = mkIf cfg.enable (lib.my.deploy-rs.filterOpts cfg.node);
};
}
(mkIf cfg.enable {
users = {
users."${cfg.node.sshUser}" = {
isSystemUser = true;
group = cfg.node.sshUser;
extraGroups = mkDefault [ "wheel" ];
shell = pkgs.bash;
openssh.authorizedKeys = cfg.authorizedKeys;
};
groups."${cfg.node.sshUser}" = {};
};
})
];
}
Reference in New Issue Copy Permalink