From e1ce751171909925902390bce343d21a1d006a54 Mon Sep 17 00:00:00 2001 From: shimun Date: Sun, 4 Dec 2022 23:29:32 +0100 Subject: [PATCH] added: hm module --- flake.nix | 12 ++++----- modules/home-manager.nix | 55 +++++++++++++++++++++++++++++++++++++++- modules/nixos.nix | 13 +++++++--- 3 files changed, 70 insertions(+), 10 deletions(-) diff --git a/flake.nix b/flake.nix index 062a330..f0ca672 100644 --- a/flake.nix +++ b/flake.nix @@ -99,12 +99,12 @@ }; }; - nixosModules.default = { - imports = [ ./modules/nixos.nix ]; - }; - homeManagerModules.default = { - imports = [ ./modules/home-manager.nix ]; - }; + nixosModules.default = { + imports = [ ./modules/nixos.nix ]; + }; + homeManagerModules.default = { + imports = [ ./modules/home-manager.nix ]; + }; }; diff --git a/modules/home-manager.nix b/modules/home-manager.nix index 40de4a2..06247bb 100644 --- a/modules/home-manager.nix +++ b/modules/home-manager.nix @@ -1,2 +1,55 @@ -{ config, pkgs, lib, ... }: with lib; let cfg = config.services.ssh-cert-dist; in { } +{ config, pkgs, lib, ... }: with lib; let + cfg = config.services.ssh-cert-dist; + directoryModule = { name, ... }: { + options = { + name = mkOption { + type = types.str; + default = last (splitString "/" name); + }; + fetch = mkOption { + type = types.bool; + default = true; + }; + upload = mkOption { + type = types.bool; + default = false; + }; + }; + }; +in +{ + options.services.ssh-cert-dist = { + enable = mkEnableOption "ssh-cert-dist"; + endpoint = mkOption { + type = types.str; + description = "API endpoint url"; + }; + directories = mkOption { + type = with types; attrsOf (submodule directoryModule); + default = { }; + }; + }; + config.systemd.user.services = mkIf cfg.enable (mapAttrs' + (path: options: { + inherit (options) name; value = { + Unit.Description = "ssh-cert-dist service for ${path}"; + Service = { + Environment = "RUST_LOG=debug"; + ExecStart = toString (pkgs.writeShellApplication { + name = "ssh-cert-dist-${options.name}"; + runtimeInputs = [ pkgs.ssh-cert-dist ]; + text = '' + ${optionalString options.fetch '' + ssh-cert-dist client fetch --cert-dir '${path}' --api-endpoint '${cfg.endpoint}' + ''} + ${optionalString options.upload '' + ssh-cert-dist client upload --api-endpoint '${cfg.endpoint}' ${path}/* + ''} + ''; + }); + }; + }; + }) + cfg.directories); +} diff --git a/modules/nixos.nix b/modules/nixos.nix index df1267d..0b543f5 100644 --- a/modules/nixos.nix +++ b/modules/nixos.nix @@ -1,6 +1,6 @@ { config, pkgs, lib, ... }: with lib; let cfg = config.services.ssh-cert-dist; - ca = if isStorePath cfg.ca then cfg.ca else pkgs.writeText "ssh-ca" cfg.ca; + ca = if isPath cfg.ca then cfg.ca else pkgs.writeText "ssh-ca" cfg.ca; in { options.services.ssh-cert-dist = { @@ -44,14 +44,21 @@ in }; systemd.services.ssh-cert-dist = { wantedBy = [ "multi-user.target" ]; - environment.RUST_LOG = "debug"; + environment = { + SSH_CD_SOCKET_ADDRESS = "${cfg.host}:${toString cfg.port}"; + SSH_CD_CERT_DIR = cfg.dataDir; + SSH_CD_VALIDATE_EXPIRY = true; + SSH_CD_VALIDATE_SERIAL = false; + SSH_CD_CA = ca; + RUST_LOG = "debug"; + }; serviceConfig = { ExecStartPre = "+${pkgs.writeShellScript "pre-start" '' mkdir -p ${cfg.dataDir} chown ${cfg.user}:${cfg.group} ${cfg.dataDir} ''}"; User = cfg.user; - ExecStart = "${cfg.package}/bin/ssh-cert-dist server --address ${cfg.host}:${toString cfg.port} -c ${cfg.dataDir} --ca ${ca}"; + ExecStart = "${cfg.package}/bin/ssh-cert-dist server"; }; }; };