{ lib, ... }: let inherit (lib) types mkOption; ssh = with types; (submodule { host = mkOption { description = "the host to access by SSH"; type = str; }; username = mkOption { description = "the SSH user to use"; type = nullOr str; default = null; }; authentication = mkOption { desciption = "authentication method"; type = attrsOf (attrTag { private-key = mkOption { description = "path to the user's SSH private key"; type = str; example = "/root/.ssh/id_ed25519"; }; password = mkOption { description = "SSH password"; # TODO: mark as sensitive type = str; }; }); }; }); in { options = { infrastructure = mkOption { description = '' Infrastructure for Fediversity applications to run on. For adding new types, see [`nixos-generators`](https://github.com/nix-community/nixos-generators#supported-formats). ''; type = with types; attrsOf (attrTag { single-ssh-host = mkOption { description = "A single host to deploy to by SSH."; type = submodule (self: { deploy = mkOption { description = "deployment script"; type = str; readOnly = true; default = ''''; }; module = mkOption { description = "NixOS module"; type = deferredModule; default = { services.openssh.enable = true; # users.users.root.openssh.authorizedKeys.keys = [ # "" # ]; }; readOnly = true; }; ssh = mkOption { description = "SSH connection info"; type = ssh; }; }); }; vm = mkOption { description = "A VM to deploy to."; type = submodule (self: { deploy = mkOption { description = "deployment script"; type = str; readOnly = true; default = ''''; }; module = mkOption { description = "NixOS module"; type = deferredModule; default = { }; readOnly = true; }; }); }; single-nixos-machine-via-usb = mkOption { description = "A machine to install the deployment to by live USB."; type = submodule (self: { deploy = mkOption { description = "deployment script"; type = str; readOnly = true; default = ''''; }; # TODO: maybe steal some data structures from NixOS module = mkOption { description = "NixOS module"; type = deferredModule; default = { }; readOnly = true; }; hasNetwork = mkOption { type = types.bool; }; disks = mkOption { type = with types; attrsOf (submodule { options.size = mkOption { type = types.bytes; }; }); }; }); }; proxmox = mkOption { description = '' A ProxmoX-VE instance to deploy to. See: https://registry.terraform.io/providers/bpg/proxmox/latest/docs ''; type = submodule (self: { deploy = mkOption { description = "deployment script"; type = str; readOnly = true; default = ''''; }; module = mkOption { description = "NixOS module"; type = deferredModule; default = { }; readOnly = true; }; endpoint = mkOption { description = "API endpoint URL"; type = str; default = "https://localhost:8006/"; }; authentication = mkOption { description = '' ProxmoX authentication method. See: https://registry.terraform.io/providers/bpg/proxmox/latest/docs#authentication-methods-comparison ''; type = attrsOf (attrTag { api-token = mkOption { description = "API token"; # TODO: mark as sensitive type = str; }; ticket = submodule { auth-ticket = mkOption { description = "Auth ticket"; # TODO: mark as sensitive type = str; }; csrf-token = mkOption { description = "CSRF prevention token"; # TODO: mark as sensitive type = str; }; }; user = submodule { username = mkOption { description = "Username with realm"; type = str; example = "root@pam"; }; password = mkOption { description = "User password"; # TODO: mark as sensitive type = str; }; }; }); }; insecure = mkOption { description = "Skip TLS verification"; type = bool; default = false; }; ssh = mkOption { description = "Info to access a remote ProxmoX by SSH."; type = ssh; }; }); }; }); }; }; }