kiara/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity
Fediversity/deployment/runtime-environment.nix
Kiara Grouwstra d878e87d38
draft types
2025-06-23 18:57:25 +02:00

194 lines
6.1 KiB
Nix
Raw Blame History

{
lib,
...
}:
let
inherit (lib) types mkOption;
ssh =
with types;
(submodule {
host = mkOption {
description = "the host to access by SSH";
type = str;
};
username = mkOption {
description = "the SSH user to use";
type = nullOr str;
default = null;
};
authentication = mkOption {
desciption = "authentication method";
type = attrsOf (attrTag {
private-key = mkOption {
description = "path to the user's SSH private key";
type = str;
example = "/root/.ssh/id_ed25519";
};
password = mkOption {
description = "SSH password";
# TODO: mark as sensitive
type = str;
};
});
};
});
in
{
options = {
infrastructure = mkOption {
description = ''
Infrastructure for Fediversity applications to run on.
For adding new types, see [`nixos-generators`](https://github.com/nix-community/nixos-generators#supported-formats).
'';
type =
with types;
attrsOf (attrTag {
single-ssh-host = mkOption {
description = "A single host to deploy to by SSH.";
type = submodule (self: {
deploy = mkOption {
description = "deployment script";
type = str;
readOnly = true;
default = '''';
};
module = mkOption {
description = "NixOS module";
type = deferredModule;
default = {
services.openssh.enable = true;
# users.users.root.openssh.authorizedKeys.keys = [
# "<your SSH key here>"
# ];
};
readOnly = true;
};
ssh = mkOption {
description = "SSH connection info";
type = ssh;
};
});
};
vm = mkOption {
description = "A VM to deploy to.";
type = submodule (self: {
deploy = mkOption {
description = "deployment script";
type = str;
readOnly = true;
default = '''';
};
module = mkOption {
description = "NixOS module";
type = deferredModule;
default = { };
readOnly = true;
};
});
};
single-nixos-machine-via-usb = mkOption {
description = "A machine to install the deployment to by live USB.";
type = submodule (self: {
deploy = mkOption {
description = "deployment script";
type = str;
readOnly = true;
default = '''';
};
# TODO: maybe steal some data structures from NixOS
module = mkOption {
description = "NixOS module";
type = deferredModule;
default = { };
readOnly = true;
};
hasNetwork = mkOption {
type = types.bool;
};
disks = mkOption {
type =
with types;
attrsOf (submodule {
options.size = mkOption {
type = types.bytes;
};
});
};
});
};
proxmox = mkOption {
description = ''
A ProxmoX-VE instance to deploy to.
See: https://registry.terraform.io/providers/bpg/proxmox/latest/docs
'';
type = submodule (self: {
deploy = mkOption {
description = "deployment script";
type = str;
readOnly = true;
default = '''';
};
module = mkOption {
description = "NixOS module";
type = deferredModule;
default = { };
readOnly = true;
};
endpoint = mkOption {
description = "API endpoint URL";
type = str;
default = "https://localhost:8006/";
};
authentication = mkOption {
description = ''
ProxmoX authentication method.
See: https://registry.terraform.io/providers/bpg/proxmox/latest/docs#authentication-methods-comparison
'';
type = attrsOf (attrTag {
api-token = mkOption {
description = "API token";
# TODO: mark as sensitive
type = str;
};
ticket = submodule {
auth-ticket = mkOption {
description = "Auth ticket";
# TODO: mark as sensitive
type = str;
};
csrf-token = mkOption {
description = "CSRF prevention token";
# TODO: mark as sensitive
type = str;
};
};
user = submodule {
username = mkOption {
description = "Username with realm";
type = str;
example = "root@pam";
};
password = mkOption {
description = "User password";
# TODO: mark as sensitive
type = str;
};
};
});
};
insecure = mkOption {
description = "Skip TLS verification";
type = bool;
default = false;
};
ssh = mkOption {
description = "Info to access a remote ProxmoX by SSH.";
type = ssh;
};
});
};
});
};
};
}
View git blame Copy permalink