diff options
Diffstat (limited to 'krebs/4lib/types.nix')
-rw-r--r-- | krebs/4lib/types.nix | 446 |
1 files changed, 0 insertions, 446 deletions
diff --git a/krebs/4lib/types.nix b/krebs/4lib/types.nix deleted file mode 100644 index 8d6ace2e5..000000000 --- a/krebs/4lib/types.nix +++ /dev/null @@ -1,446 +0,0 @@ -{ lib, ... }: - -with builtins; -with lib; -with types; - -types // rec { - - host = submodule ({ config, ... }: { - options = { - name = mkOption { - type = label; - default = config._module.args.name; - }; - cores = mkOption { - type = positive; - }; - nets = mkOption { - type = attrsOf net; - default = {}; - }; - - owner = mkOption { - type = user; - }; - - extraZones = mkOption { - default = {}; - # TODO: string is either MX, NS, A or AAAA - type = with types; attrsOf string; - }; - - secure = mkOption { - type = bool; - default = false; - description = '' - If true, then the host is capable of keeping secret information. - - TODO define minimum requirements for secure hosts - ''; - }; - - ssh.pubkey = mkOption { - type = nullOr ssh-pubkey; - default = null; - }; - ssh.privkey = mkOption { - type = nullOr ssh-privkey; - default = null; - }; - }; - }); - - net = submodule ({ config, ... }: { - options = { - name = mkOption { - type = label; - default = config._module.args.name; - }; - via = mkOption { - type = nullOr net; - default = null; - }; - addrs = mkOption { - type = listOf addr; - default = - optional (config.ip4 != null) config.ip4.addr ++ - optional (config.ip6 != null) config.ip6.addr; - }; - aliases = mkOption { - # TODO nonEmptyListOf hostname - type = listOf hostname; - default = []; - }; - ip4 = mkOption { - type = nullOr (submodule { - options = { - addr = mkOption { - type = addr4; - }; - prefix = mkOption ({ - type = str; # TODO routing prefix (CIDR) - } // optionalAttrs (config.name == "retiolum") { - default = "10.243.0.0/16"; - }); - }; - }); - default = null; - }; - ip6 = mkOption { - type = nullOr (submodule { - options = { - addr = mkOption { - type = addr6; - }; - prefix = mkOption ({ - type = str; # TODO routing prefix (CIDR) - } // optionalAttrs (config.name == "retiolum") { - default = "42::/16"; - }); - }; - }); - default = null; - }; - ssh = mkOption { - type = submodule { - options = { - port = mkOption { - type = int; - default = 22; - }; - }; - }; - default = {}; - }; - tinc = mkOption { - type = let net = config; in nullOr (submodule ({ config, ... }: { - options = { - config = mkOption { - type = str; - default = concatStringsSep "\n" ( - (optionals (net.via != null) - (map (a: "Address = ${a} ${toString config.port}") net.via.addrs)) - ++ - (map (a: "Subnet = ${a}") net.addrs) - ++ - [config.extraConfig] - ++ - [config.pubkey] - ); - }; - pubkey = mkOption { - type = tinc-pubkey; - }; - extraConfig = mkOption { - description = "Extra Configuration to be appended to the hosts file"; - default = ""; - type = string; - }; - port = mkOption { - type = int; - description = "tinc port to use to connect to host"; - default = 655; - }; - }; - })); - default = null; - }; - }; - }); - - positive = mkOptionType { - name = "positive integer"; - check = x: isInt x && x > 0; - merge = mergeOneOption; - }; - - uint = mkOptionType { - name = "unsigned integer"; - check = x: isInt x && x >= 0; - merge = mergeOneOption; - }; - - secret-file = submodule ({ config, ... }: { - options = { - name = mkOption { - type = filename; - default = config._module.args.name; - }; - path = mkOption { - type = absolute-pathname; - default = "/run/keys/${config.name}"; - }; - mode = mkOption { - type = file-mode; - default = "0400"; - }; - owner = mkOption { - type = user; - }; - group-name = mkOption { - type = str; - default = "root"; - }; - source-path = mkOption { - type = str; - default = toString <secrets> + "/${config.name}"; - }; - }; - }); - - - source = submodule ({ config, ... }: { - options = { - type = let - types = ["file" "git" "symlink"]; - in mkOption { - type = enum types; - default = let - cands = filter (k: config.${k} != null) types; - in - if length cands == 1 - then head cands - else throw "cannot determine type"; - }; - file = let - file-path = (file-source.getSubOptions "FIXME").path.type; - in mkOption { - type = nullOr (either file-source file-path); - default = null; - apply = x: - if file-path.check x - then { path = x; } - else x; - }; - git = mkOption { - type = nullOr git-source; - default = null; - }; - symlink = let - symlink-target = (symlink-source.getSubOptions "FIXME").target.type; - in mkOption { - type = nullOr (either symlink-source symlink-target); - default = null; - apply = x: - if symlink-target.check x - then { target = x; } - else x; - }; - }; - }); - - file-source = submodule { - options = { - path = mkOption { - type = absolute-pathname; - }; - }; - }; - - git-source = submodule { - options = { - ref = mkOption { - type = str; # TODO types.git.ref - }; - url = mkOption { - type = str; # TODO types.git.url - }; - }; - }; - - symlink-source = submodule { - options = { - target = mkOption { - type = pathname; # TODO relative-pathname - }; - }; - }; - - - suffixed-str = suffs: - mkOptionType { - name = "string suffixed by ${concatStringsSep ", " suffs}"; - check = x: isString x && any (flip hasSuffix x) suffs; - merge = mergeOneOption; - }; - - user = submodule ({ config, ... }: { - options = { - home = mkOption { - type = absolute-pathname; - default = "/home/${config.name}"; - }; - mail = mkOption { - type = str; # TODO retiolum mail address - default = "${config._module.args.name}@${config.networking.hostName}.r"; - }; - name = mkOption { - type = username; - default = config._module.args.name; - }; - pgp.pubkeys = mkOption { - type = attrsOf pgp-pubkey; - default = {}; - description = '' - Set of user's PGP public keys. - - Modules supporting PGP may use well-known key names to define - default values for options, in which case the well-known name - should be documented in the respective option's description. - ''; - }; - pubkey = mkOption { - type = nullOr ssh-pubkey; - default = null; - }; - uid = mkOption { - type = int; - default = genid config.name; - }; - }; - }); - group = submodule ({ config, ... }: { - options = { - name = mkOption { - type = username; - default = config._module.args.name; - }; - gid = mkOption { - type = int; - default = genid config.name; - }; - }; - }); - - addr = either addr4 addr6; - addr4 = mkOptionType { - name = "IPv4 address"; - check = let - IPv4address = let d = "([1-9]?[0-9]|1[0-9][0-9]|2[0-4][0-9]|25[0-5])"; in - concatMapStringsSep "." (const d) (range 1 4); - in x: isString x && match IPv4address x != null; - merge = mergeOneOption; - }; - addr6 = mkOptionType { - name = "IPv6 address"; - check = let - # TODO check IPv6 address harder - IPv6address = "[0-9a-f.:]+"; - in x: isString x && match IPv6address x != null; - merge = mergeOneOption; - }; - - pgp-pubkey = str; - - ssh-pubkey = str; - ssh-privkey = submodule { - options = { - bits = mkOption { - type = nullOr (enum ["4096"]); - default = null; - }; - path = mkOption { - type = either path str; - apply = x: { - path = toString x; - string = x; - }.${typeOf x}; - }; - type = mkOption { - type = enum ["rsa" "ed25519"]; - default = "ed25519"; - }; - }; - }; - - tinc-pubkey = str; - - krebs.file-location = types.submodule { - options = { - # TODO user - host = mkOption { - type = host; - }; - # TODO merge with ssl.privkey.path - path = mkOption { - type = types.either types.path types.str; - apply = x: { - path = toString x; - string = x; - }.${typeOf x}; - }; - }; - }; - - file-mode = mkOptionType { - name = "file mode"; - check = x: isString x && match "[0-7]{4}" x != null; - merge = mergeOneOption; - }; - - haskell.conid = mkOptionType { - name = "Haskell constructor identifier"; - check = x: - isString x && match "[[:upper:]][[:lower:]_[:upper:]0-9']*" x != null; - merge = mergeOneOption; - }; - - haskell.modid = mkOptionType { - name = "Haskell module identifier"; - check = x: isString x && all haskell.conid.check (splitString "." x); - merge = mergeOneOption; - }; - - # RFC952, B. Lexical grammar, <hname> - hostname = mkOptionType { - name = "hostname"; - check = x: isString x && all label.check (splitString "." x); - merge = mergeOneOption; - }; - - # RFC952, B. Lexical grammar, <name> - # RFC1123, 2.1 Host Names and Numbers - label = mkOptionType { - name = "label"; - # TODO case-insensitive labels - check = x: isString x - && match "[0-9A-Za-z]([0-9A-Za-z-]*[0-9A-Za-z])?" x != null; - merge = mergeOneOption; - }; - - # POSIX.1‐2013, 3.278 Portable Filename Character Set - filename = mkOptionType { - name = "POSIX filename"; - check = x: isString x && match "([0-9A-Za-z._])[0-9A-Za-z._-]*" x != null; - merge = mergeOneOption; - }; - - # POSIX.1‐2013, 3.2 Absolute Pathname - # TODO normalize slashes - # TODO two slashes - absolute-pathname = mkOptionType { - name = "POSIX absolute pathname"; - check = x: let xs = splitString "/" x; xa = head xs; in - isString x - && stringLength x > 0 - && (xa == "/" || (xa == "" && all filename.check (tail xs))); - merge = mergeOneOption; - }; - - # POSIX.1‐2013, 3.267 Pathname - # TODO normalize slashes - pathname = mkOptionType { - name = "POSIX pathname"; - check = x: let xs = splitString "/" x; in - isString x && all filename.check (if head xs == "" then tail xs else xs); - merge = mergeOneOption; - }; - - # POSIX.1-2013, 3.431 User Name - username = mkOptionType { - name = "POSIX username"; - check = filename.check; - merge = mergeOneOption; - }; -} |