Updates over time

2022-07-10 20:46:30 -07:00 · 2022-07-10 20:46:30 -07:00 · 070a5e1831
commit 070a5e1831
parent df53c13bb7
4 changed files with 339 additions and 325 deletions
--- a/lib/fudo/client/dns.nix
+++ b/lib/fudo/client/dns.nix
@ -80,11 +80,7 @@ in {
        };
      };

-      groups = {
-        "${cfg.user}" = {
-          members = [ cfg.user ];
-        };
-      };
+      groups = { "${cfg.user}" = { members = [ cfg.user ]; }; };
    };

    systemd = {
@ -104,7 +100,7 @@ in {

      services.backplane-dns-client-pw-file = {
        enable = true;
-        requiredBy = [ "backplane-dns-client.services" ];
+        requiredBy = [ "backplane-dns-client.service" ];
        reloadIfChanged = true;
        serviceConfig = { Type = "oneshot"; };
        script = ''
--- a/lib/fudo/prometheus.nix
+++ b/lib/fudo/prometheus.nix
@ -8,6 +8,13 @@ in {
  options.fudo.metrics.prometheus = with types; {
    enable = mkEnableOption "Fudo Prometheus Data-Gathering Server";

+    package = mkOption {
+      type = package;
+      default = pkgs.prometheus;
+      defaultText = literalExpression "pkgs.prometheus";
+      description = "The prometheus package that should be used.";
+    };
+
    service-discovery-dns = mkOption {
      type = attrsOf (listOf str);
      description = ''
@ -119,9 +126,10 @@ in {
    services.prometheus = {

      enable = true;
-
      webExternalUrl = "https://${cfg.hostname}";

+      package = cfg.package;
+
      listenAddress = "127.0.0.1";
      port = 9090;

@ -131,14 +139,14 @@ in {
          honor_labels = false;
          scheme = if cfg.private-network then "http" else "https";
          metrics_path = "/metrics/${type}";
-          dns_sd_configs = if (hasAttr type cfg.service-discovery-dns) then [{
-            names = cfg.service-discovery-dns.${type};
-          }] else
-            [ ];
          static_configs = if (hasAttr type cfg.static-targets) then [{
            targets = cfg.static-targets.${type};
          }] else
            [ ];
+          dns_sd_configs = if (hasAttr type cfg.service-discovery-dns) then [{
+            names = cfg.service-discovery-dns.${type};
+          }] else
+            [ ];
        };
      in map make-job [ "docker" "node" "dovecot" "postfix" "rspamd" ];

--- a/lib/fudo/system.nix
+++ b/lib/fudo/system.nix
@ -431,11 +431,11 @@ in {
        SecureBits = mkIf ((length opts.requiredCapabilities) > 0) "keep-caps";

        DynamicUser = mkIf (opts.user == null) opts.dynamicUser;
+
        Restart = opts.restartWhen;
        WorkingDirectory =
          mkIf (opts.workingDirectory != null) opts.workingDirectory;
-        RestrictAddressFamilies =
-          optionals (opts.addressFamilies != null)
+        RestrictAddressFamilies = optionals (opts.addressFamilies != null)
          (restrict-address-families opts.addressFamilies);
        RestrictNamespaces = opts.restrictNamespaces;
        User = mkIf (opts.user != null) opts.user;
--- a/lib/types/host.nix
+++ b/lib/types/host.nix
@ -1,11 +1,11 @@
 { lib, ... }:

 with lib;
-let
-  passwd = import ../passwd.nix { inherit lib; };
+let passwd = import ../passwd.nix { inherit lib; };

 in rec {
-  encryptedFSOpts = { ... }: let
+  encryptedFSOpts = { ... }:
+    let
      mountpoint = { mp, ... }: {
        options = with types; {
          mountpoint = mkOption {
@ -16,7 +16,8 @@ in rec {

          options = mkOption {
            type = listOf str;
-          description = "List of filesystem options specific to this mountpoint (eg: subvol).";
+            description =
+              "List of filesystem options specific to this mountpoint (eg: subvol).";
          };

          group = mkOption {
@ -70,8 +71,9 @@ in rec {

        mountpoints = mkOption {
          type = attrsOf (submodule mountpoint);
-        description = "A map of mountpoints for this filesystem to fs options. Multiple to support btrfs.";
-        default = {};
+          description =
+            "A map of mountpoints for this filesystem to fs options. Multiple to support btrfs.";
+          default = { };
        };
      };
    };
@ -80,23 +82,26 @@ in rec {
    options = with types; {
      key-path = mkOption {
        type = str;
-        description = "Path of the host master key file, used to decrypt secrets.";
+        description =
+          "Path of the host master key file, used to decrypt secrets.";
      };

      public-key = mkOption {
        type = str;
-        description = "Public key used during deployment to decrypt secrets for the host.";
+        description =
+          "Public key used during deployment to decrypt secrets for the host.";
      };
    };
  };

-  hostOpts = { name, ... }: let
-    hostname = name;
+  hostOpts = { name, ... }:
+    let hostname = name;
    in {
      options = with types; {
        master-key = mkOption {
          type = nullOr (submodule masterKeyOpts);
-        description = "Public key for the host master key, used by the host to decrypt secrets.";
+          description =
+            "Public key for the host master key, used by the host to decrypt secrets.";
        };

        domain = mkOption {
@ -133,7 +138,7 @@ in rec {
        };

        profile = mkOption {
-        type = listOf (enum ["desktop" "server" "laptop"]);
+          type = listOf (enum [ "desktop" "server" "laptop" ]);
          description =
            "The profile to be applied to the host, determining what software is included.";
        };
@ -204,9 +209,8 @@ in rec {

        ssh-pubkeys = mkOption {
          type = listOf path;
-        description =
-          "SSH key files of the host.";
-        default = [];
+          description = "SSH key files of the host.";
+          default = [ ];
        };

        build-pubkeys = mkOption {
@ -254,7 +258,8 @@ in rec {

        encrypted-filesystems = mkOption {
          type = attrsOf (submodule encryptedFSOpts);
-        description = "List of encrypted filesystems to mount on the local host when the key is available.";
+          description =
+            "List of encrypted filesystems to mount on the local host when the key is available.";
          default = { };
        };

@ -269,7 +274,8 @@ in rec {
            options = {
              ip = mkOption {
                type = nullOr str;
-              description = "IP address assigned to this host in the WireGuard network.";
+                description =
+                  "IP address assigned to this host in the WireGuard network.";
              };

              bound = mkOption {
@ -322,7 +328,8 @@ in rec {
            options = {
              ip = mkOption {
                type = str;
-              description = "IP to assign to the initrd image, allowing access to host during bootup.";
+                description =
+                  "IP to assign to the initrd image, allowing access to host during bootup.";
              };
              keypair = mkOption {
                type = (submodule keypair-type);
@ -330,20 +337,23 @@ in rec {
              };
              interface = mkOption {
                type = str;
-              description = "Name of interface on which to listen for connections.";
+                description =
+                  "Name of interface on which to listen for connections.";
              };
            };
          };

        in mkOption {
          type = nullOr (submodule initrd-network-config);
-        description = "Configuration parameters to set up initrd SSH network.";
+          description =
+            "Configuration parameters to set up initrd SSH network.";
          default = null;
        };

        backplane-password-file = mkOption {
-        options = path;
-        description = "File containing the password used by this host to connect to the backplane.";
+          type = path;
+          description =
+            "File containing the password used by this host to connect to the backplane.";
        };
      };
    };