134 lines
3.6 KiB
Nix
134 lines
3.6 KiB
Nix
{ config, lib, pkgs, ... }:
|
|
|
|
with lib;
|
|
let
|
|
hostOpts = { hostname, ... }: {
|
|
options = with types; {
|
|
hostname = mkOption {
|
|
type = types.str;
|
|
description = "Hostname (without domain name).";
|
|
default = hostname;
|
|
};
|
|
|
|
domain = mkOption {
|
|
type = types.str;
|
|
description =
|
|
"Domain to which the host belongs, in the form of a domain name.";
|
|
default = "fudo.org";
|
|
};
|
|
|
|
site = mkOption {
|
|
type = types.str;
|
|
description = "Site at which the host is located.";
|
|
};
|
|
|
|
local-networks = mkOption {
|
|
type = listof str;
|
|
description =
|
|
"A list of networks to be considered trusted by this host.";
|
|
default = [ "127.0.0.0/8" ];
|
|
};
|
|
|
|
profile = mkOption {
|
|
# FIXME: get this list from profiles directly
|
|
type = listof (enum "desktop" "laptop" "server");
|
|
description =
|
|
"The profile to be applied to the host, determining what software is included.";
|
|
};
|
|
|
|
admin-email = mkOption {
|
|
type = nullOr str;
|
|
description = "Email for the administrator of this host.";
|
|
default = null;
|
|
};
|
|
|
|
local-users = mkOption {
|
|
type = listOf str;
|
|
description =
|
|
"List of users who should have local (i.e. login) access to the host.";
|
|
default = [ ];
|
|
};
|
|
|
|
description = mkOption {
|
|
type = types.str;
|
|
description = "Description of this host.";
|
|
default = "Another Fudo Host.";
|
|
};
|
|
|
|
local-admins = mkOption {
|
|
type = listOf str;
|
|
description =
|
|
"A list of users who should have admin access to this host.";
|
|
default = [ ];
|
|
};
|
|
|
|
local-groups = mkOption {
|
|
type = listOf str;
|
|
description = "List of groups which should exist on this host.";
|
|
default = [ ];
|
|
};
|
|
|
|
ssh-fingerprints = mkOption {
|
|
type = listOf str;
|
|
description = ''
|
|
A list of DNS SSHFP records for this host.
|
|
'';
|
|
default = [ ];
|
|
};
|
|
|
|
rp = mkOption {
|
|
type = nullOr str;
|
|
description = "Responsible person.";
|
|
default = null;
|
|
};
|
|
|
|
enable-gui = mkEnableOption "Install desktop GUI software.";
|
|
|
|
docker-server = mkEnableOption "Enable Docker on the current host.";
|
|
};
|
|
};
|
|
|
|
in {
|
|
options.fudo.hosts = with types;
|
|
mkOption {
|
|
type = attrsOf (submodule hostOpts);
|
|
description = "Host configurations for all hosts known to the system.";
|
|
default = { };
|
|
};
|
|
|
|
config = let
|
|
hostname = config.instance.hostname;
|
|
host-cfg = config.fudo.hosts.${hostname};
|
|
site-name = host-cfg.site;
|
|
site = config.fudo.sites.${site-name};
|
|
domain-name = host-cfg.domain;
|
|
domain = config.fudo.domain.${domain-name};
|
|
|
|
in {
|
|
networking = {
|
|
hostName = config.instance.hostname;
|
|
nameservers = site.nameservers;
|
|
# This will cause a loop on the gateway itself
|
|
#defaultGateway = site.gateway-v4;
|
|
#defaultGateway6 = site.gateway-v6;
|
|
|
|
# Necessary to ensure that Kerberos and Avahi both work. Kerberos needs
|
|
# the fqdn of the host, whereas Avahi wants just the simple hostname.`
|
|
hosts = { "127.0.0.1" = [ "${hostname}.${domain-name}" "${hostname}" ]; };
|
|
};
|
|
|
|
krb5.libdefaults.default_realm = domain.gssapi-realm;
|
|
|
|
services.cron.mailto = domain.admin-email;
|
|
|
|
environment.systemPackages = with pkgs;
|
|
mkIf (host-cfg.docker-server) [ docker nix-prefetch-docker ];
|
|
|
|
virtualisation.docker = mkIf (host-cfg.docker-server) {
|
|
enable = true;
|
|
enableOnBoot = true;
|
|
autoPrune.enable = true;
|
|
};
|
|
};
|
|
}
|