kiara/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity
Fediversity/infra/common/options.nix
Kiara Grouwstra d86086d53a
switch out infra to terraform, remove flakes 
account for 285
2025-08-07 13:29:20 +02:00

178 lines
4.8 KiB
Nix
Raw Blame History

{ lib, ... }:
let
inherit (lib) mkOption;
inherit (lib.types) types;
in
{
# `config` not set and imported from multiple places: no fixed module class
options.fediversityVm = {
##########################################################################
## Meta
name = mkOption {
description = ''
The name of the machine. Most of the time, this will look like `vm02XXX`
or `fediYYY`.
'';
};
isFediversityVm = mkOption {
type = types.bool;
description = ''
Whether the machine is a Fediversity VM or not. This is used to
determine whether the machine should be provisioned via Proxmox or not.
Machines that are _not_ Fediversity VM could be physical machines, or
VMs that live outside Fediversity, eg. on Procolix's Proxmox.
'';
};
vmId = mkOption {
# REVIEW: There is `types.ints.between` but maybe not `types.ints.above`?
type = types.nullOr (types.addCheck types.int (x: x >= 100));
description = ''
The id of the machine in the corresponding Proxmox. This is used for
provisioning only and should be set to `null` if the machine is not a
VM.
'';
};
description = mkOption {
description = ''
A human-readable description of the machine's purpose. It should be
constituted of a first line giving a very short description, followed
by a blank line, then followed by more details if necessary.
'';
default = "";
};
##########################################################################
## Virtualised hardware
sockets = mkOption {
type = types.int;
description = "The number of sockets of the VM.";
default = 1;
};
cores = mkOption {
type = types.int;
description = "The number of cores of the VM.";
default = 1;
};
memory = mkOption {
type = types.int;
description = "The amount of memory of the VM in MiB.";
default = 2048;
};
diskSize = mkOption {
type = types.int;
description = "The amount of disk of the VM in GiB.";
default = 32;
};
##########################################################################
## Networking
domain = mkOption {
description = ''
The domain hosting the machine. Most of the time, this will be either of
`procolix.com`, `fediversity.eu` or `abundos.eu`.
'';
default = "procolix.com";
};
ipv4 = {
enable = mkOption {
default = true;
};
interface = mkOption {
description = ''
The interface that carries the machine's IPv4 network.
'';
default = "eth0";
};
address = mkOption {
description = ''
The IP address of the machine, version 4. It will be injected as a
value in `networking.interfaces.eth0`, but it will also be used to
communicate with the machine.
'';
};
prefixLength = mkOption {
description = ''
The subnet mask of the interface, specified as the number of bits in
the prefix.
'';
default = 24;
};
gateway = mkOption {
description = ''
The IP address of the default gateway.
'';
default = "185.206.232.1"; # FIXME: compute default from `address` and `prefixLength`.
};
};
ipv6 = {
enable = mkOption {
default = true;
};
interface = mkOption {
description = ''
The interface that carries the machine's IPv6 network.
'';
default = "eth0";
};
address = mkOption {
description = ''
The IP address of the machine, version 6. It will be injected as a
value in `networking.interfaces.eth0`, but it will also be used to
communicate with the machine.
'';
};
prefixLength = mkOption {
description = ''
The subnet mask of the interface, specified as the number of bits in
the prefix.
'';
default = 64;
};
gateway = mkOption {
description = ''
The IP address of the default gateway.
'';
default = "2a00:51c0:12:1201::1"; # FIXME: compute default from `address` and `prefixLength`.
};
};
hostPublicKey = mkOption {
description = ''
The ed25519 host public key of the machine. It is used to filter Age
secrets and only keep the relevant ones, and to feed to TF.
'';
};
unsafeHostPrivateKey = mkOption {
default = null;
description = ''
The ed25519 host private key of the machine. It is used when
provisioning to have a predictable public key. Warning: only ever use
this for testing machines, as it is a security hole for so many reasons.
'';
};
};
}
View git blame Copy permalink