From 255ea374c0c6c984636b21f69933bb0b18a48403 Mon Sep 17 00:00:00 2001 From: Inex Code Date: Mon, 22 Nov 2021 19:53:43 +0300 Subject: [PATCH] API controlled timezone, autoupgrades and SSH keys --- configuration.nix | 4 +-- social/pleroma.nix | 6 ++--- userdata/schema.json | 17 +++++++++++++ users.nix | 2 ++ variables-module.nix | 59 +++++++++++++++++++++++++++++++++++++------- 5 files changed, 74 insertions(+), 14 deletions(-) diff --git a/configuration.nix b/configuration.nix index e33f4e8..1281ac4 100644 --- a/configuration.nix +++ b/configuration.nix @@ -59,8 +59,8 @@ in environment.variables = { DOMAIN = config.services.userdata.domain; }; - system.autoUpgrade.enable = true; - system.autoUpgrade.allowReboot = false; + system.autoUpgrade.enable = config.services.userdata.autoUpgrade.enable; + system.autoUpgrade.allowReboot = config.services.userdata.autoUpgrade.allowReboot; system.autoUpgrade.channel = https://nixos.org/channels/nixos-21.05-small; nix = { optimise.automatic = true; diff --git a/social/pleroma.nix b/social/pleroma.nix index ef4eeb9..8e918cf 100644 --- a/social/pleroma.nix +++ b/social/pleroma.nix @@ -15,9 +15,9 @@ in group = "pleroma"; configs = [ (builtins.replaceStrings - [ "$DOMAIN" "$LUSER" "$DB_PASSWORD" ] - [ cfg.domain cfg.username cfg.databasePassword ] - (builtins.readFile ./config.exs)) + [ "$DOMAIN" "$LUSER" "$DB_PASSWORD" ] + [ cfg.domain cfg.username cfg.databasePassword ] + (builtins.readFile ./config.exs)) ]; }; postgresql = { diff --git a/userdata/schema.json b/userdata/schema.json index b6548ff..5115459 100644 --- a/userdata/schema.json +++ b/userdata/schema.json @@ -3,6 +3,17 @@ "$id": "https://git.selfprivacy.org/inex/selfprivacy-nixos-config/raw/branch/master/userdata/schema.json", "type": "object", "properties": { + "autoUpgrade": { + "type": "object", + "properties": { + "enable": { + "type": "boolean" + }, + "allowReboot": { + "type": "boolean" + } + } + }, "hostname": { "type": "string" }, @@ -15,6 +26,12 @@ "hashedMasterPassword": { "type": "string" }, + "sshKeys": { + "type": "array", + "items": { + "type": "string" + } + }, "timezone": { "type": "string" }, diff --git a/users.nix b/users.nix index f1b825c..acc5636 100644 --- a/users.nix +++ b/users.nix @@ -9,6 +9,7 @@ in "${cfg.username}" = { isNormalUser = true; hashedPassword = cfg.hashedMasterPassword; + openssh.authorizedKeys.keys = cfg.sshKeys; }; } // builtins.listToAttrs (builtins.map (user: { @@ -16,6 +17,7 @@ in value = { isNormalUser = true; hashedPassword = user.hashedPassword; + openssh.authorizedKeys.keys = user.sshKeys; }; }) cfg.users); diff --git a/variables-module.nix b/variables-module.nix index ead690e..0f347a7 100644 --- a/variables-module.nix +++ b/variables-module.nix @@ -15,6 +15,7 @@ in default = true; type = types.nullOr types.bool; }; + # General server options hostname = mkOption { description = "The hostname of the server."; type = types.nullOr types.str; @@ -25,6 +26,28 @@ in ''; type = types.nullOr types.str; }; + timezone = mkOption { + description = '' + Timezone used by the server + ''; + type = types.nullOr types.str; + default = "Europe/Uzhgorod"; + }; + autoUpgrade = { + enable = mkOption { + description = "Enable auto-upgrade of the server."; + default = true; + type = types.nullOr types.bool; + }; + allowReboot = mkOption { + description = "Allow the server to reboot during the upgrade."; + default = false; + type = types.nullOr types.bool; + }; + }; + ######################## + # Server admin options # + ######################## username = mkOption { description = '' Username that was defined at the initial setup process @@ -37,6 +60,16 @@ in ''; type = types.nullOr types.str; }; + sshKeys = mkOption { + description = '' + SSH keys of the user that was defined at the initial setup process + ''; + type = types.nullOr types.str; + default = [ ]; + }; + ############### + # API options # + ############### api = { token = mkOption { description = '' @@ -52,6 +85,9 @@ in type = types.bool; }; }; + ############# + # Secrets # + ############# backblaze = { bucket = mkOption { description = "Bucket name used for userdata backups"; @@ -72,6 +108,9 @@ in type = types.nullOr types.str; }; }; + ############## + # Services # + ############## databasePassword = mkOption { description = '' Password for the database @@ -126,12 +165,18 @@ in type = types.nullOr types.bool; }; }; + ############# + # Backups # + ############# resticPassword = mkOption { description = '' Password for the restic ''; type = types.nullOr types.str; }; + ######### + # SSH # + ######### ssh = { enable = mkOption { default = true; @@ -142,7 +187,7 @@ in Root SSH Keys ''; type = types.nullOr (types.listOf types.str); - default = [""]; + default = [ "" ]; }; passwordAuthentication = mkOption { description = '' @@ -152,19 +197,15 @@ in type = types.nullOr types.bool; }; }; - timezone = mkOption { - description = '' - Timezone used by the server - ''; - type = types.nullOr types.str; - default = "Europe/Uzhgorod"; - }; + ########### + # Users # + ########### users = mkOption { description = '' Users that will be created on the server ''; type = types.nullOr (types.listOf (types.attrsOf types.anything)); - default = []; + default = [ ]; }; }; }