Cleanup
Addressed some things nixd complained about
This commit is contained in:
parent
7d8c009c64
commit
b9b996bd66
|
@ -1,14 +1,14 @@
|
|||
{
|
||||
options,
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
}: let
|
||||
inherit (lib) mkEnableOption mkIf;
|
||||
|
||||
cfg = config.aa.apps.yubikey;
|
||||
in {
|
||||
options.aa.apps.yubikey = with types; {
|
||||
options.aa.apps.yubikey = {
|
||||
enable = mkEnableOption "yubikey";
|
||||
};
|
||||
|
||||
|
@ -25,7 +25,6 @@ in {
|
|||
|
||||
security.pam.yubico = {
|
||||
enable = true;
|
||||
#debug = true;
|
||||
mode = "challenge-response";
|
||||
# Uncomment below for 2FA
|
||||
#control = "required";
|
||||
|
|
|
@ -1,14 +1,13 @@
|
|||
{
|
||||
options,
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
}: let
|
||||
inherit (lib) mkIf mkEnableOption;
|
||||
|
||||
cfg = config.aa.archetypes.workstation;
|
||||
in {
|
||||
options.aa.archetypes.workstation = with types; {
|
||||
options.aa.archetypes.workstation = {
|
||||
enable = mkEnableOption "workstation archetype";
|
||||
};
|
||||
|
||||
|
|
|
@ -1,14 +1,14 @@
|
|||
{
|
||||
options,
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
}: let
|
||||
inherit (lib) mkEnableOption mkIf;
|
||||
|
||||
cfg = config.aa.hardware.audio;
|
||||
in {
|
||||
options.aa.hardware.audio = with types; {
|
||||
options.aa.hardware.audio = {
|
||||
enable = mkEnableOption "audio";
|
||||
};
|
||||
|
||||
|
|
|
@ -1,14 +1,13 @@
|
|||
{
|
||||
options,
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
}: let
|
||||
inherit (lib) mkIf mkEnableOption;
|
||||
|
||||
cfg = config.aa.hardware.bluetooth;
|
||||
in {
|
||||
options.aa.hardware.bluetooth = with types; {
|
||||
options.aa.hardware.bluetooth = {
|
||||
enable = mkEnableOption "bluetooth";
|
||||
};
|
||||
|
||||
|
@ -17,4 +16,3 @@ in {
|
|||
services.blueman.enable = true;
|
||||
};
|
||||
}
|
||||
|
||||
|
|
|
@ -1,14 +1,13 @@
|
|||
{
|
||||
options,
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
}: let
|
||||
inherit (lib) mkEnableOption mkIf;
|
||||
|
||||
cfg = config.aa.hardware.tlp;
|
||||
in {
|
||||
options.aa.hardware.tlp = with types; {
|
||||
options.aa.hardware.tlp = {
|
||||
enable = mkEnableOption "tlp";
|
||||
};
|
||||
|
||||
|
|
|
@ -1,18 +1,18 @@
|
|||
{
|
||||
options,
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
}: let
|
||||
inherit (lib) mkIf mkEnableOption mkOption types;
|
||||
|
||||
cfg = config.aa.nix;
|
||||
selfHostedCacheHost = "https://cache.kilonull.com/";
|
||||
in {
|
||||
options.aa.nix = with types; {
|
||||
options.aa.nix = {
|
||||
enable = mkEnableOption "manage nix configuration.";
|
||||
package = mkOption {
|
||||
type = package;
|
||||
type = types.package;
|
||||
default = pkgs.nixVersions.git;
|
||||
description = "Which nix package to use.";
|
||||
};
|
||||
|
@ -46,9 +46,8 @@ in {
|
|||
]
|
||||
else [];
|
||||
trusted-public-keys =
|
||||
if cfg.useSelfhostedCache
|
||||
then ["gospelCache:9cbn8Wm54BbwpPS0TXw+15wrYZBpfOJt4Fzfbfcq/pc="]
|
||||
else [];
|
||||
mkIf cfg.useSelfhostedCache
|
||||
["gospelCache:9cbn8Wm54BbwpPS0TXw+15wrYZBpfOJt4Fzfbfcq/pc="];
|
||||
};
|
||||
|
||||
# TODO: Configure distributedBuilds and buildMachines?
|
||||
|
@ -58,12 +57,6 @@ in {
|
|||
dates = "weekly";
|
||||
options = "--delete-older-than 30d";
|
||||
};
|
||||
|
||||
# TODO: Not sure if I want this
|
||||
# flake-utils-plus
|
||||
# generateRegistryFromInputs = true;
|
||||
# generateNixPathFromInputs = true;
|
||||
# linkInputs = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
@ -1,18 +1,17 @@
|
|||
{
|
||||
options,
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
format,
|
||||
namespace,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
}: let
|
||||
inherit (lib) mkOption mkEnableOption mkIf types;
|
||||
|
||||
cfg = config.aa.security.acme;
|
||||
in {
|
||||
options.aa.security.acme = with types; {
|
||||
options.aa.security.acme = {
|
||||
enable = mkEnableOption "Automatic Certificate Management Environment (ACME)";
|
||||
useStaging = mkOption {
|
||||
type = bool;
|
||||
type = types.bool;
|
||||
description = ''
|
||||
Use the staging environment (use when configuring for the first time to
|
||||
avoid being locked out).
|
||||
|
@ -20,16 +19,16 @@ in {
|
|||
default = false;
|
||||
};
|
||||
domainName = mkOption {
|
||||
type = str;
|
||||
type = types.str;
|
||||
description = "The domain to request a wildcard cert for.";
|
||||
};
|
||||
isWildcard = mkOption {
|
||||
type = bool;
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Whether or not to request a wildcard cert.";
|
||||
};
|
||||
dnsCredentialsFile = mkOption {
|
||||
type = path;
|
||||
type = types.path;
|
||||
description = "The path to the credentials file for the DNS provider.";
|
||||
};
|
||||
};
|
||||
|
|
|
@ -1,18 +1,17 @@
|
|||
{
|
||||
options,
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
format,
|
||||
namespace,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
cfg = config.aa.services.adguardhome;
|
||||
}: let
|
||||
inherit (lib) mkIf mkEnableOption mkOption types;
|
||||
|
||||
cfg = config.${namespace}.services.adguardhome;
|
||||
in {
|
||||
options.aa.services.adguardhome = with types; {
|
||||
options.${namespace}.services.adguardhome = {
|
||||
enable = mkEnableOption "adguardhome";
|
||||
acmeCertName = mkOption {
|
||||
type = str;
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
If set to a non-empty string, forces SSL with the supplied acme
|
||||
|
|
|
@ -1,19 +1,18 @@
|
|||
{
|
||||
options,
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
format,
|
||||
namespace,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
cfg = config.aa.services.gitea;
|
||||
}: let
|
||||
inherit (lib) mkIf mkEnableOption mkOption types;
|
||||
|
||||
cfg = config.${namespace}.services.gitea;
|
||||
gitea_cfg = config.services.gitea;
|
||||
in {
|
||||
options.aa.services.gitea = with types; {
|
||||
options.${namespace}.services.gitea = {
|
||||
enable = mkEnableOption "gitea";
|
||||
acmeCertName = mkOption {
|
||||
type = str;
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
If set to a non-empty string, forces SSL with the supplied acme
|
||||
|
|
|
@ -1,18 +1,20 @@
|
|||
{
|
||||
options,
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
namespace,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
cfg = config.aa.services.grafana;
|
||||
}: let
|
||||
inherit (lib) mkIf mkEnableOption mkOption types;
|
||||
|
||||
cfg = config.${namespace}.services.grafana;
|
||||
server_settings = config.services.grafana.settings.server;
|
||||
grafana_dashboards = pkgs.${namespace}.teslamate-grafana-dashboards;
|
||||
in {
|
||||
options.aa.services.grafana = with types; {
|
||||
options.${namespace}.services.grafana = {
|
||||
enable = mkEnableOption "grafana";
|
||||
acmeCertName = mkOption {
|
||||
type = str;
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
If set to a non-empty string, forces SSL with the supplied acme
|
||||
|
@ -84,7 +86,7 @@ in {
|
|||
disableDeletion = false;
|
||||
editable = true;
|
||||
updateIntervalSeconds = 86400;
|
||||
options.path = "${pkgs.aa.teslamate-grafana-dashboards}/dashboards";
|
||||
options.path = "${grafana_dashboards}/dashboards";
|
||||
}
|
||||
{
|
||||
name = "teslamate_internal";
|
||||
|
@ -95,7 +97,7 @@ in {
|
|||
disableDeletion = false;
|
||||
editable = true;
|
||||
updateIntervalSeconds = 86400;
|
||||
options.path = "${pkgs.aa.teslamate-grafana-dashboards}/dashboards/internal";
|
||||
options.path = "${grafana_dashboards}/dashboards/internal";
|
||||
}
|
||||
];
|
||||
};
|
||||
|
|
|
@ -1,19 +1,19 @@
|
|||
{
|
||||
options,
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
format,
|
||||
namespace,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
cfg = config.aa.services.homeassistant;
|
||||
}: let
|
||||
inherit (lib) mkIf mkEnableOption mkOption types;
|
||||
|
||||
cfg = config.${namespace}.services.homeassistant;
|
||||
hass_cfg = config.services.home-assistant;
|
||||
in {
|
||||
options.aa.services.homeassistant = with types; {
|
||||
options.${namespace}.services.homeassistant = {
|
||||
enable = mkEnableOption "home assistant";
|
||||
acmeCertName = mkOption {
|
||||
type = str;
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
If set to a non-empty string, forces SSL with the supplied acme
|
||||
|
|
|
@ -1,11 +1,12 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
namespace,
|
||||
...
|
||||
}: let
|
||||
cfg = config.aa.services.hydra;
|
||||
cfg = config.${namespace}.services.hydra;
|
||||
in {
|
||||
options.aa.services.hydra = with lib; {
|
||||
options.${namespace}.services.hydra = with lib; {
|
||||
enable = mkEnableOption "hydra";
|
||||
hostname = mkOption {
|
||||
type = types.str;
|
||||
|
|
|
@ -1,17 +1,17 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
namespace,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
cfg = config.aa.services.loki;
|
||||
}: let
|
||||
cfg = config.${namespace}.services.loki;
|
||||
loki = config.services.loki;
|
||||
in {
|
||||
options.aa.services.loki = with types; {
|
||||
options.${namespace}.services.loki = with lib; {
|
||||
enable = mkEnableOption "loki";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.loki = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
|
|
|
@ -1,18 +1,15 @@
|
|||
{
|
||||
options,
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
namespace,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
cfg = config.aa.services.minio;
|
||||
minio_cfg = config.services.minio;
|
||||
}: let
|
||||
cfg = config.${namespace}.services.minio;
|
||||
in {
|
||||
options.aa.services.minio = with types; {
|
||||
options.${namespace}.services.minio = with lib; {
|
||||
enable = mkEnableOption "minio";
|
||||
acmeCertName = mkOption {
|
||||
type = str;
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
If set to a non-empty string, forces SSL with the supplied acme
|
||||
|
@ -21,7 +18,7 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.minio = {
|
||||
enable = true;
|
||||
};
|
||||
|
|
|
@ -1,19 +1,14 @@
|
|||
{
|
||||
options,
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
format,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
}: let
|
||||
cfg = config.aa.services.mosquitto;
|
||||
mosquitto_cfg = config.services.mosquitto;
|
||||
in {
|
||||
options.aa.services.mosquitto = with types; {
|
||||
options.aa.services.mosquitto = with lib; {
|
||||
enable = mkEnableOption "home assistant";
|
||||
};
|
||||
config = mkIf cfg.enable {
|
||||
config = lib.mkIf cfg.enable {
|
||||
age.secrets = {
|
||||
hass_mqtt.file = ../../../../secrets/hass_mqtt.age;
|
||||
theengs_ble_mqtt.file = ../../../../secrets/theengs_ble_mqtt.age;
|
||||
|
|
|
@ -3,14 +3,13 @@
|
|||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
}: let
|
||||
cfg = config.aa.services.nextcloud;
|
||||
in {
|
||||
options.aa.services.nextcloud = with types; {
|
||||
options.aa.services.nextcloud = with lib; {
|
||||
enable = mkEnableOption "nextcloud";
|
||||
acmeCertName = mkOption {
|
||||
type = str;
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
If set to a non-empty string, forces SSL with the supplied acme
|
||||
|
@ -19,7 +18,7 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
config = lib.mkIf cfg.enable {
|
||||
age.secrets.nextcloud_admin = {
|
||||
file = ../../../../secrets/nextcloud_admin.age;
|
||||
owner = "nextcloud";
|
||||
|
@ -53,7 +52,7 @@ in {
|
|||
};
|
||||
|
||||
# nextcloud module configures nginx, just need to specify SSL stuffs here
|
||||
services.nginx.virtualHosts.${config.services.nextcloud.hostName} = mkIf (cfg.acmeCertName != "") {
|
||||
services.nginx.virtualHosts.${config.services.nextcloud.hostName} = lib.mkIf (cfg.acmeCertName != "") {
|
||||
forceSSL = true;
|
||||
useACMEHost = cfg.acmeCertName;
|
||||
};
|
||||
|
|
|
@ -1,26 +1,23 @@
|
|||
{
|
||||
options,
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
format,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
}: let
|
||||
cfg = config.aa.services.nix-serve;
|
||||
in {
|
||||
options.aa.services.nix-serve = with types; {
|
||||
options.aa.services.nix-serve = with lib; {
|
||||
enable = mkEnableOption "nix-serve";
|
||||
domain_name = mkOption {
|
||||
type = str;
|
||||
type = types.str;
|
||||
description = "The domain to use.";
|
||||
};
|
||||
subdomain_name = mkOption {
|
||||
type = str;
|
||||
type = types.str;
|
||||
description = "The subdomain to use.";
|
||||
};
|
||||
acmeCertName = mkOption {
|
||||
type = str;
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
If set to a non-empty string, forces SSL with the supplied acme
|
||||
|
@ -29,7 +26,7 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
config = lib.mkIf cfg.enable {
|
||||
nix.settings = {
|
||||
allowed-users = ["nix-serve"];
|
||||
trusted-users = ["nix-serve"];
|
||||
|
|
|
@ -1,17 +1,14 @@
|
|||
{
|
||||
options,
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
}: let
|
||||
cfg = config.aa.services.octoprint;
|
||||
in {
|
||||
options.aa.services.octoprint = with types; {
|
||||
options.aa.services.octoprint = with lib; {
|
||||
enable = mkEnableOption "octoprint";
|
||||
acmeCertName = mkOption {
|
||||
type = str;
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
If set to a non-empty string, foces SSL with the supplied acme
|
||||
|
@ -20,7 +17,7 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.octoprint.enable = true;
|
||||
|
||||
services.nginx = {
|
||||
|
|
|
@ -1,23 +1,18 @@
|
|||
{
|
||||
options,
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
format,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
}: let
|
||||
inherit (lib) mkIf mkEnableOption mkOption mkDefault types;
|
||||
|
||||
cfg = config.aa.services.openssh;
|
||||
|
||||
user = config.users.users.${config.aa.user.name};
|
||||
user-id = builtins.toString user.uid;
|
||||
|
||||
default-key = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEmPdQcM0KCQ3YunF1gwN+B+i1Q8KrIfiUvNtgFQjTy2";
|
||||
in {
|
||||
options.aa.services.openssh = with types; {
|
||||
options.aa.services.openssh = {
|
||||
enable = mkEnableOption "ssh";
|
||||
authorizedKeys = mkOption {
|
||||
type = listOf str;
|
||||
type = types.listOf types.str;
|
||||
default = [default-key];
|
||||
description = "The public keys to authorize";
|
||||
};
|
||||
|
|
|
@ -1,18 +1,15 @@
|
|||
{
|
||||
options,
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
}: let
|
||||
cfg = config.aa.apps.steam;
|
||||
in {
|
||||
options.aa.services.printing = with types; {
|
||||
options.aa.services.printing = with lib; {
|
||||
enable = mkEnableOption "printing";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
config = lib.mkIf cfg.enable {
|
||||
# Setup printing over the network
|
||||
services.printing.enable = true;
|
||||
services.avahi = {
|
||||
|
|
|
@ -1,23 +1,22 @@
|
|||
{
|
||||
options,
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
}: let
|
||||
inherit (lib) mkIf;
|
||||
|
||||
cfg = config.aa.services.prometheus;
|
||||
exporters = config.services.prometheus.exporters;
|
||||
in {
|
||||
options.aa.services.prometheus = with types; {
|
||||
options.aa.services.prometheus = with lib; {
|
||||
enable = mkEnableOption "prometheus";
|
||||
enableServer = mkOption {
|
||||
type = bool;
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = "Whether or not to enable the prometheus server";
|
||||
};
|
||||
enableNodeExporter = mkOption {
|
||||
type = bool;
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Whether or not to enable the node exporter";
|
||||
};
|
||||
|
|
|
@ -1,19 +1,15 @@
|
|||
{
|
||||
options,
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
}: let
|
||||
cfg = config.aa.services.promtail;
|
||||
loki = config.services.loki;
|
||||
in {
|
||||
options.aa.services.promtail = with types; {
|
||||
options.aa.services.promtail = with lib; {
|
||||
enable = mkEnableOption "promtail";
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
config = lib.mkIf cfg.enable {
|
||||
services.promtail = {
|
||||
enable = true;
|
||||
configuration = {
|
||||
|
|
|
@ -4,29 +4,30 @@
|
|||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
}: let
|
||||
inherit (lib) mkIf;
|
||||
|
||||
cfg = config.aa.services.syncoid;
|
||||
in {
|
||||
options.aa.services.syncoid = with types; {
|
||||
options.aa.services.syncoid = with lib; {
|
||||
enable = mkEnableOption "syncoid (ZFS snap replication)";
|
||||
commands = mkOption {
|
||||
type = attrs;
|
||||
type = types.attrs;
|
||||
default = {};
|
||||
description = "Commands to pass directly to syncoid, see `services.syncoid.commands`";
|
||||
};
|
||||
remoteTargetUser = mkOption {
|
||||
type = str;
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = "The user to use on the target machine.";
|
||||
};
|
||||
remoteTargetDatasets = mkOption {
|
||||
type = listOf str;
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = "Datasets to be used as a remote target (e.g. a NAS's backups dataset)";
|
||||
};
|
||||
remoteTargetPublicKeys = mkOption {
|
||||
type = listOf str;
|
||||
type = types.listOf types.str;
|
||||
default = [];
|
||||
description = "SSH public keys that the syncoid service's user should trust";
|
||||
};
|
||||
|
@ -45,7 +46,7 @@ in {
|
|||
++ [
|
||||
"destroy"
|
||||
];
|
||||
commands = mkAliasDefinitions options.aa.services.syncoid.commands;
|
||||
commands = lib.mkAliasDefinitions options.aa.services.syncoid.commands;
|
||||
};
|
||||
|
||||
environment.systemPackages = mkIf (cfg.remoteTargetUser != "") (with pkgs; [
|
||||
|
|
|
@ -1,17 +1,17 @@
|
|||
{
|
||||
options,
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
}: let
|
||||
inherit (lib) mkIf;
|
||||
|
||||
cfg = config.aa.services.tailscale;
|
||||
in {
|
||||
options.aa.services.tailscale = with types; {
|
||||
options.aa.services.tailscale = with lib; {
|
||||
enable = mkEnableOption "tailscale";
|
||||
configureClientRouting = mkOption {
|
||||
type = bool;
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = mdDoc ''
|
||||
Configures tailscale as a client.
|
||||
|
@ -20,7 +20,7 @@ in {
|
|||
'';
|
||||
};
|
||||
configureServerRouting = mkOption {
|
||||
type = bool;
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = mdDoc ''
|
||||
Configures tailscale as a server.
|
||||
|
|
|
@ -1,18 +1,15 @@
|
|||
{
|
||||
options,
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
...
|
||||
}:
|
||||
with lib; let
|
||||
}: let
|
||||
cfg = config.aa.services.teslamate;
|
||||
in {
|
||||
options.aa.services.teslamate = with types; {
|
||||
options.aa.services.teslamate = with lib; {
|
||||
enable = mkEnableOption "teslamate";
|
||||
|
||||
acmeCertName = mkOption {
|
||||
type = str;
|
||||
type = types.str;
|
||||
default = "";
|
||||
description = ''
|
||||
If set to a non-empty string, forces SSL with the supplied acme
|
||||
|
@ -21,7 +18,7 @@ in {
|
|||
};
|
||||
|
||||
user = mkOption {
|
||||
type = str;
|
||||
type = types.str;
|
||||
default = "teslamate";
|
||||
description = ''
|
||||
The user that should run teslamate
|
||||
|
@ -29,7 +26,7 @@ in {
|
|||
};
|
||||
|
||||
group = mkOption {
|
||||
type = str;
|
||||
type = types.str;
|
||||
default = "teslamate";
|
||||
description = ''
|
||||
The group that should be assigned to the user running teslamate
|
||||
|
@ -38,7 +35,7 @@ in {
|
|||
|
||||
database = {
|
||||
host = mkOption {
|
||||
type = str;
|
||||
type = types.str;
|
||||
default = "127.0.0.1";
|
||||
description = ''
|
||||
Database host address
|
||||
|
@ -46,7 +43,7 @@ in {
|
|||
};
|
||||
|
||||
name = mkOption {
|
||||
type = str;
|
||||
type = types.str;
|
||||
default = "teslamate";
|
||||
description = ''
|
||||
The database name
|
||||
|
@ -54,7 +51,7 @@ in {
|
|||
};
|
||||
|
||||
user = mkOption {
|
||||
type = str;
|
||||
type = types.str;
|
||||
default = "teslamate";
|
||||
description = ''
|
||||
The user that should have access to the database
|
||||
|
@ -62,15 +59,15 @@ in {
|
|||
};
|
||||
|
||||
passwordFile = mkOption {
|
||||
type = path;
|
||||
description = lib.mdDoc ''
|
||||
type = types.path;
|
||||
description = mdDoc ''
|
||||
A file containing the password corresponding to
|
||||
{option}`database.user`
|
||||
'';
|
||||
};
|
||||
|
||||
createDatabase = mkOption {
|
||||
type = bool;
|
||||
type = types.bool;
|
||||
default = false;
|
||||
description = ''
|
||||
Whether to create a local database automatically.
|
||||
|
@ -79,7 +76,7 @@ in {
|
|||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
config = lib.mkIf cfg.enable {
|
||||
age.secrets = {
|
||||
teslamate_encryption.file = ../../../../secrets/teslamate_encryption.age;
|
||||
teslamate_mqtt.file = ../../../../secrets/teslamate_mqtt.age;
|
||||
|
@ -131,8 +128,8 @@ in {
|
|||
};
|
||||
users.groups.${cfg.group} = {};
|
||||
|
||||
services.postgresql = optionalAttrs cfg.database.createDatabase {
|
||||
enable = mkDefault true;
|
||||
services.postgresql = lib.optionalAttrs cfg.database.createDatabase {
|
||||
enable = lib.mkDefault true;
|
||||
|
||||
ensureDatabases = [cfg.database.name];
|
||||
ensureUsers = [
|
||||
|
|
Loading…
Reference in a new issue