mod: use explicit shb argument to pass lib

This commit is contained in:
ibizaman 2025-11-23 01:16:37 +01:00 committed by Pierre Penninckx
parent fa4c636dbc
commit c10cab627f
76 changed files with 833 additions and 682 deletions

View file

@ -27,6 +27,7 @@ Template:
- Allow to upload big files in Immich. - Allow to upload big files in Immich.
- Only enable php-fpm Prometheus exporter if Nextcloud is enabled. - Only enable php-fpm Prometheus exporter if Nextcloud is enabled.
- Fix pkgs overrides not being passed to users of SelfHostBlocks.
## Other Changes ## Other Changes

View file

@ -15,11 +15,13 @@
let let
system = "x86_64-linux"; system = "x86_64-linux";
nixpkgs' = selfhostblocks.lib.${system}.patchedNixpkgs; nixpkgs' = selfhostblocks.lib.${system}.patchedNixpkgs;
inherit (selfhostblocks.lib.${system}) pkgs;
basic = basic =
{ config, ... }: { config, ... }:
{ {
nixpkgs.overlays = [
selfhostblocks.overlays.${system}.default
];
imports = [ imports = [
./configuration.nix ./configuration.nix
selfhostblocks.nixosModules.authelia selfhostblocks.nixosModules.authelia
@ -105,7 +107,7 @@
in in
{ {
nixosConfigurations = { nixosConfigurations = {
basic = pkgs.nixosSystem { basic = nixpkgs'.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
basic basic
@ -113,7 +115,7 @@
]; ];
}; };
ldap = pkgs.nixosSystem { ldap = nixpkgs'.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
basic basic

View file

@ -19,7 +19,7 @@
nixosConfigurations = nixosConfigurations =
let let
system = "x86_64-linux"; system = "x86_64-linux";
shb = selfhostblocks.lib.${system}; nixpkgs' = selfhostblocks.lib.${system}.patchedNixpkgs;
# This module makes the assertions happy and the build succeed. # This module makes the assertions happy and the build succeed.
# This is of course wrong and will not work on any real system. # This is of course wrong and will not work on any real system.
@ -31,19 +31,29 @@
{ {
# Test with: # Test with:
# nix build .#nixosConfigurations.minimal.config.system.build.toplevel # nix build .#nixosConfigurations.minimal.config.system.build.toplevel
minimal = shb.pkgs.nixosSystem { minimal = nixpkgs'.nixosSystem {
inherit system; inherit system;
modules = [ modules = [
selfhostblocks.nixosModules.default selfhostblocks.nixosModules.default
filesystemModule filesystemModule
{
nixpkgs.overlays = [
selfhostblocks.overlays.${system}.default
];
}
# This modules showcases the use of SHB's lib. # This modules showcases the use of SHB's lib.
( (
{ config, lib, ... }: {
config,
lib,
shb,
...
}:
{ {
options.myOption = lib.mkOption { options.myOption = lib.mkOption {
# Using provided nixosSystem directly # Using provided nixosSystem directly.
# SHB's lib is available under `lib.shb`. # SHB's lib is available under `shb` thanks to the overlay.
type = lib.shb.secretFileType; type = shb.secretFileType;
}; };
config = { config = {
myOption.source = "/a/path"; myOption.source = "/a/path";
@ -58,21 +68,31 @@
# Test with: # Test with:
# nix build .#nixosConfigurations.sops.config.system.build.toplevel # nix build .#nixosConfigurations.sops.config.system.build.toplevel
# nix eval .#nixosConfigurations.sops.config.myOption # nix eval .#nixosConfigurations.sops.config.myOption
sops = shb.pkgs.nixosSystem { sops = nixpkgs'.nixosSystem {
inherit system; inherit system;
modules = [ modules = [
selfhostblocks.nixosModules.default selfhostblocks.nixosModules.default
selfhostblocks.nixosModules.sops selfhostblocks.nixosModules.sops
sops-nix.nixosModules.default sops-nix.nixosModules.default
filesystemModule filesystemModule
{
nixpkgs.overlays = [
selfhostblocks.overlays.${system}.default
];
}
# This modules showcases the use of SHB's lib. # This modules showcases the use of SHB's lib.
( (
{ config, lib, ... }: {
config,
lib,
shb,
...
}:
{ {
options.myOption = lib.mkOption { options.myOption = lib.mkOption {
# Using provided nixosSystem directly # Using provided nixosSystem directly.
# SHB's lib is available under `lib.shb`. # SHB's lib is available under `shb` thanks to the overlay.
type = lib.shb.secretFileType; type = shb.secretFileType;
}; };
config = { config = {
myOption.source = "/a/path"; myOption.source = "/a/path";
@ -84,8 +104,7 @@
]; ];
}; };
# Note: this is just to show-off a common pitfall for more advanced user. # This example shows how to import the nixosSystem patches to nixpkgs manually.
# Prefer using the `shb.pkgs.nixosSystem` function directly.
# #
# Test with: # Test with:
# nix build .#nixosConfigurations.lowlevel.config.system.build.toplevel # nix build .#nixosConfigurations.lowlevel.config.system.build.toplevel
@ -94,21 +113,83 @@
let let
# We must import nixosSystem directly from the patched nixpkgs # We must import nixosSystem directly from the patched nixpkgs
# otherwise we do not get the patches. # otherwise we do not get the patches.
nixosSystem' = import "${shb.patchedNixpkgs}/nixos/lib/eval-config.nix"; nixosSystem' = import "${nixpkgs'}/nixos/lib/eval-config.nix";
in in
nixosSystem' { nixosSystem' {
inherit system; inherit system;
modules = [ modules = [
selfhostblocks.nixosModules.default selfhostblocks.nixosModules.default
filesystemModule filesystemModule
{
nixpkgs.overlays = [
selfhostblocks.overlays.${system}.default
];
}
# This modules showcases the use of SHB's lib. # This modules showcases the use of SHB's lib.
( (
{ config, lib, ... }: {
config,
lib,
shb,
...
}:
{ {
options.myOption = lib.mkOption { options.myOption = lib.mkOption {
# lib.shb.secretFileType is not available here, # Using provided nixosSystem directly.
# so we must pass around the shb flake input. # SHB's lib is available under `shb` thanks to the overlay.
# type = shb.secretFileType; type = shb.secretFileType;
};
config = {
myOption.source = "/a/path";
# Use the option.
environment.etc.myOption.text = config.myOption.source;
};
}
)
];
};
# This example shows how to apply patches to nixpkgs manually.
#
# Test with:
# nix build .#nixosConfigurations.manual.config.system.build.toplevel
# nix eval .#nixosConfigurations.manual.config.myOption
manual =
let
pkgs = import selfhostblocks.inputs.nixpkgs {
inherit system;
};
nixpkgs' = pkgs.applyPatches {
name = "nixpkgs-patched";
src = selfhostblocks.inputs.nixpkgs;
patches = selfhostblocks.lib.${system}.patches;
};
# We must import nixosSystem directly from the patched nixpkgs
# otherwise we do not get the patches.
nixosSystem' = import "${nixpkgs'}/nixos/lib/eval-config.nix";
in
nixosSystem' {
inherit system;
modules = [
selfhostblocks.nixosModules.default
filesystemModule
{
nixpkgs.overlays = [
selfhostblocks.overlays.${system}.default
];
}
# This modules showcases the use of SHB's lib.
(
{
config,
lib,
shb,
...
}:
{
options.myOption = lib.mkOption {
# Using provided nixosSystem directly.
# SHB's lib is available under `shb` thanks to the overlay.
type = shb.secretFileType; type = shb.secretFileType;
}; };
config = { config = {

View file

@ -15,7 +15,6 @@
let let
system = "x86_64-linux"; system = "x86_64-linux";
nixpkgs' = selfhostblocks.lib.${system}.patchedNixpkgs; nixpkgs' = selfhostblocks.lib.${system}.patchedNixpkgs;
inherit (selfhostblocks.lib.${system}) pkgs;
basic = basic =
{ config, ... }: { config, ... }:
@ -178,14 +177,14 @@
in in
{ {
nixosConfigurations = { nixosConfigurations = {
basic = pkgs.nixosSystem { basic = nixpkgs'.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
sopsConfig sopsConfig
basic basic
]; ];
}; };
ldap = pkgs.nixosSystem { ldap = nixpkgs'.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
sopsConfig sopsConfig
@ -193,7 +192,7 @@
ldap ldap
]; ];
}; };
sso = pkgs.nixosSystem { sso = nixpkgs'.nixosSystem {
system = "x86_64-linux"; system = "x86_64-linux";
modules = [ modules = [
sopsConfig sopsConfig

View file

@ -445,7 +445,7 @@ A simplified test for a secret contract would look like the following.
First, there is the generic test: First, there is the generic test:
```nix ```nix
{ pkgs, lib, ... }: { pkgs, lib, shb, ... }:
let let
inherit (lib) getAttrFromPath setAttrByPath; inherit (lib) getAttrFromPath setAttrByPath;
in in
@ -455,7 +455,7 @@ in
modules ? [], modules ? [],
owner ? "root", owner ? "root",
content ? "secretPasswordA", content ? "secretPasswordA",
}: lib.shb.runNixOSTest { }: shb.test.runNixOSTest {
inherit name; inherit name;
nodes.machine = { config, ... }: { nodes.machine = { config, ... }: {

View file

@ -4385,9 +4385,6 @@
"usage-flake-tag": [ "usage-flake-tag": [
"usage.html#usage-flake-tag" "usage.html#usage-flake-tag"
], ],
"usage-lib": [
"usage.html#usage-lib"
],
"usage-secrets": [ "usage-secrets": [
"usage.html#usage-secrets" "usage.html#usage-secrets"
] ]

View file

@ -295,12 +295,12 @@ let
in { in {
# Test variants (all 6 required) # Test variants (all 6 required)
basic = lib.shb.runNixOSTest { ... }; basic = lib.shb.test.runNixOSTest { ... };
backup = lib.shb.runNixOSTest { ... }; backup = lib.shb.test.runNixOSTest { ... };
https = lib.shb.runNixOSTest { ... }; https = lib.shb.test.runNixOSTest { ... };
ldap = lib.shb.runNixOSTest { ... }; ldap = lib.shb.test.runNixOSTest { ... };
monitoring = lib.shb.runNixOSTest { ... }; monitoring = lib.shb.test.runNixOSTest { ... };
sso = lib.shb.runNixOSTest { ... }; sso = lib.shb.test.runNixOSTest { ... };
} }
``` ```

View file

@ -4,11 +4,6 @@
## Flake {#usage-flake} ## Flake {#usage-flake}
::: {.note}
A complete minimal and buildable example can be found at
[`./demo/minimal/flake.nix`](@REPO@/demo/minimal/flake.nix).
:::
Self Host Blocks is available as a flake. It also uses its own `pkgs.lib` and Self Host Blocks is available as a flake. It also uses its own `pkgs.lib` and
`nixpkgs` and it is required to use the provided ones as input for your `nixpkgs` and it is required to use the provided ones as input for your
deployments, otherwise you might end up blocked when Self Host Blocks patches a deployments, otherwise you might end up blocked when Self Host Blocks patches a
@ -35,6 +30,13 @@ Host Blocks:
} }
``` ```
::: {.note}
For seasoned nixers or if you want to add your patches and overlays,
SHB provides a decomposed version of the `nixosSystem` function above.
For more examples, see the buildable examples at
[`./demo/minimal/flake.nix`](@REPO@/demo/minimal/flake.nix).
:::
If you use `sops-nix` for secrets, SHB provides an additional module, not If you use `sops-nix` for secrets, SHB provides an additional module, not
imported in the `default` module. It can be added by importing imported in the `default` module. It can be added by importing
@ -43,32 +45,6 @@ inputs.sops-nix.nixosModules.default
inputs.selfhostblocks.nixosModules.sops inputs.selfhostblocks.nixosModules.sops
``` ```
### SHB Lib {#usage-flake-lib}
Providing patches to downstream users is finicky, to say the least. For example,
using `selfhostblocks.inputs.nixpkgs` directly will _not_ work. So Self Host
Blocks provides a few attributes under the `selfhostblocks.lib.${system}` flake
output:
- At the top-level, all functions defined by SHB under
[`./lib/default.nix`](@REPO@/lib/default.nix) and
[`./test/common.nix`](@REPO@/test/common.nix).
- `patches`: the list of patches applied by SHB [`./patches`](@REPO@/patches) to
nixpkgs.
- `contracts`: all contract modules.
- `patchNixpkgs`: a re-export of `nixpkgs.legacyPackages.${system}.applyPatches`
with the arguments made a bit more explicit.
- `patchedNixpkgs`: nixpkgs with `patches` applied.
- `pkgs`: `nixpkgs.legacyPackages.${system}` with `patches` applied and also:
- `config.allowUnfree` set to `true`
- `lib.shb` holds functions defined by
[`./lib/default.nix`](@REPO@/lib/default.nix)
- `lib.evalModules` is patched to include patches provided by nixpkgs
- `nixosSystem` is patched to include patches provided by nixpkgs
For normal usage, one should only need the provided `.nixosSystem`, `.pkgs` and
in some cases `.nixpkgs`.
### Substituter {#usage-flake-substituter} ### Substituter {#usage-flake-substituter}
You can also use the public cache as a substituter with: You can also use the public cache as a substituter with:
@ -104,9 +80,11 @@ automatically merging the new `nixpkgs` version. The setup is explained in
[repo]: https://github.com/ibizaman/selfhostblocks [repo]: https://github.com/ibizaman/selfhostblocks
[automerge]: https://blog.tiserbox.com/posts/2023-12-25-automated-flake-lock-update-pull-requests-and-merging.html [automerge]: https://blog.tiserbox.com/posts/2023-12-25-automated-flake-lock-update-pull-requests-and-merging.html
### Use SelfHostBlocks' lib {#usage-lib} ### SHB Lib {#usage-flake-lib}
Access any functions exposed by the [lib][lib] with this snippet: Providing patches to downstream users is finicky, to say the least.
For example, using `selfhostblocks.inputs.nixpkgs` directly will _not_ work.
So Self Host Blocks provides a few attributes under the `selfhostblocks.lib.${system}` flake output:
```nix ```nix
{ {
@ -115,15 +93,32 @@ Access any functions exposed by the [lib][lib] with this snippet:
}; };
outputs = { selfhostblocks, ... }: outputs = { selfhostblocks, ... }:
let let
lib = selfhostblocks.lib.${system}; shb = selfhostblocks.lib.${system};
in in
{ {
// Use lib.shb.replaceSecrets for example. // Use shb.replaceSecrets for example.
} }
} }
``` ```
[lib]: https://github.com/ibizaman/selfhostblocks/blob/main/lib/default.nix - At the top-level, all functions defined by SHB under
[`./lib/default.nix`](@REPO@/lib/default.nix) and
[`./test/common.nix`](@REPO@/test/common.nix).
- `patches`: the list of patches applied by SHB [`./patches`](@REPO@/patches) to
nixpkgs.
- `contracts`: all contract modules.
- `patchNixpkgs`: a re-export of `nixpkgs.legacyPackages.${system}.applyPatches`
with the arguments made a bit more explicit.
- `patchedNixpkgs`: nixpkgs with `patches` applied.
- `pkgs`: `nixpkgs.legacyPackages.${system}` with `patches` applied and also:
- `config.allowUnfree` set to `true`
- `lib.shb` holds functions defined by
[`./lib/default.nix`](@REPO@/lib/default.nix)
- `lib.evalModules` is patched to include patches provided by nixpkgs
- `nixosSystem` is patched to include patches provided by nixpkgs
For normal usage, one should only need the provided `.nixosSystem`, `.pkgs` and
in some cases `.nixpkgs`.
## Example Deployment with Nixos-Rebuild {#usage-example-nixosrebuild} ## Example Deployment with Nixos-Rebuild {#usage-example-nixosrebuild}
@ -138,19 +133,13 @@ deployment system [nixos-rebuild][nixos-rebuild].
selfhostblocks.url = "github:ibizaman/selfhostblocks"; selfhostblocks.url = "github:ibizaman/selfhostblocks";
}; };
outputs = { outputs = { self, selfhostblocks }: let
self,
selfhostblocks,
}: let
system = "x86_64-linux"; system = "x86_64-linux";
lib = selfhostblocks.lib.${system};
nixpkgs' = lib.shb.patchedNixpkgs; pkgs' = selfhostblocks.lib.${system}.pkgs;
nixosSystem' = import "${nixpkgs'}/nixos/lib/eval-config.nix";
in { in {
nixosConfigurations = { nixosConfigurations = {
machine = nixosSystem' { machine = pkgs'.nixosSystem {
inherit system; inherit system;
modules = [ modules = [
selfhostblocks.nixosModules.default selfhostblocks.nixosModules.default

108
flake.nix
View file

@ -46,46 +46,23 @@
src = nixpkgs; src = nixpkgs;
inherit patches; inherit patches;
}; };
patchedNixpkgs = ( patchedNixpkgs =
patchNixpkgs { let
nixpkgs = inputs.nixpkgs; patched = patchNixpkgs {
patches = shbPatches; nixpkgs = inputs.nixpkgs;
inherit system; patches = shbPatches;
} inherit system;
); };
in
patched
// {
nixosSystem = args: import "${patched}/nixos/lib/eval-config.nix" args;
};
pkgs = import patchedNixpkgs { pkgs = import patchedNixpkgs {
inherit system; inherit system;
config.allowUnfree = true; config.allowUnfree = true;
overlays = [ overlays = [
(final: prev: { self.overlays.${system}.default
lib = prev.lib // {
shb = self.lib.${system};
evalModules =
args:
((prev.lib.makeOverridable prev.lib.evalModules) args).override (prevAttrs: {
specialArgs = (prevAttrs.specialArgs or { }) // {
inherit (pkgs) lib;
};
});
};
nixosSystem =
args:
((prev.lib.makeOverridable (import "${patchedNixpkgs}/nixos/lib/eval-config.nix")) args).override
(prevAttrs: {
inherit (pkgs) lib;
});
prometheus-systemd-exporter = prev.prometheus-systemd-exporter.overrideAttrs {
src = pkgs.fetchFromGitHub {
owner = "ibizaman";
repo = prev.prometheus-systemd-exporter.pname;
# rev = "v${prev.prometheus-systemd-exporter.version}";
rev = "next_timer";
sha256 = "sha256-jzkh/616tsJbNxFtZ0xbdBQc16TMIYr9QOkPaeQw8xA=";
};
vendorHash = "sha256-4hsQ1417jLNOAqGkfCkzrmEtYR4YLLW2j0CiJtPg6GI=";
};
})
]; ];
}; };
@ -231,26 +208,47 @@
''; '';
}); });
lib = lib = (pkgs.callPackage ./lib { }) // {
(pkgs.callPackage ./lib { }) test = pkgs.callPackage ./test/common.nix { };
// (pkgs.callPackage ./test/common.nix { }) contracts = pkgs.callPackage ./modules/contracts {
// { shb = self.lib.${system};
contracts = pkgs.callPackage ./modules/contracts { };
patches = shbPatches;
inherit patchNixpkgs patchedNixpkgs pkgs;
}; };
patches = shbPatches;
inherit patchNixpkgs patchedNixpkgs;
};
overlays.default = final: prev: {
# shb = self.nixosModules.lib;
prometheus-systemd-exporter = prev.prometheus-systemd-exporter.overrideAttrs {
src = pkgs.fetchFromGitHub {
owner = "ibizaman";
repo = prev.prometheus-systemd-exporter.pname;
# rev = "v${prev.prometheus-systemd-exporter.version}";
rev = "next_timer";
sha256 = "sha256-jzkh/616tsJbNxFtZ0xbdBQc16TMIYr9QOkPaeQw8xA=";
};
vendorHash = "sha256-4hsQ1417jLNOAqGkfCkzrmEtYR4YLLW2j0CiJtPg6GI=";
};
};
checks = checks =
let let
inherit (pkgs.lib) inherit (pkgs.lib)
foldl foldl
foldlAttrs foldlAttrs
removeAttrs
mergeAttrs mergeAttrs
optionalAttrs optionalAttrs
; ;
importFiles = files: map (m: pkgs.callPackage m { }) files; importFiles =
files:
map (
m:
pkgs.callPackage m {
shb = self.lib.${system};
}
) files;
mergeTests = foldl mergeAttrs { }; mergeTests = foldl mergeAttrs { };
@ -267,15 +265,19 @@
vm_test = vm_test =
name: path: name: path:
flattenAttrs "vm_${name}" ( flattenAttrs "vm_${name}" (
removeAttrs (pkgs.callPackage path { }) [ removeAttrs
"override" (pkgs.callPackage path {
"overrideDerivation" shb = self.lib.${system};
] })
[
"override"
"overrideDerivation"
]
); );
in in
(optionalAttrs (system == "x86_64-linux") ( (optionalAttrs (system == "x86_64-linux") (
{ {
modules = pkgs.lib.shb.check { modules = self.lib.${system}.check {
inherit pkgs; inherit pkgs;
tests = mergeTests (importFiles [ tests = mergeTests (importFiles [
./test/modules/davfs.nix ./test/modules/davfs.nix
@ -287,7 +289,9 @@
# TODO: Make this not use IFD # TODO: Make this not use IFD
lib = nix-flake-tests.lib.check { lib = nix-flake-tests.lib.check {
inherit pkgs; inherit pkgs;
tests = pkgs.callPackage ./test/modules/lib.nix { }; tests = pkgs.callPackage ./test/modules/lib.nix {
shb = self.lib.${system};
};
}; };
} }
// (vm_test "arr" ./test/services/arr.nix) // (vm_test "arr" ./test/services/arr.nix)
@ -416,6 +420,8 @@
]; ];
}; };
nixosModules.lib = lib/module.nix;
nixosModules.authelia = modules/blocks/authelia.nix; nixosModules.authelia = modules/blocks/authelia.nix;
nixosModules.borgbackup = modules/blocks/borgbackup.nix; nixosModules.borgbackup = modules/blocks/borgbackup.nix;
nixosModules.davfs = modules/blocks/davfs.nix; nixosModules.davfs = modules/blocks/davfs.nix;

10
lib/module.nix Normal file
View file

@ -0,0 +1,10 @@
{ pkgs, lib, ... }:
let
shb = (import ./default.nix { inherit pkgs lib; });
in
{
_module.args.shb = shb // {
test = pkgs.callPackage ../test/common.nix { };
contracts = pkgs.callPackage ../modules/contracts { inherit shb; };
};
}

View file

@ -3,6 +3,7 @@
options, options,
pkgs, pkgs,
lib, lib,
shb,
... ...
}: }:
@ -10,8 +11,6 @@ let
cfg = config.shb.authelia; cfg = config.shb.authelia;
opt = options.shb.authelia; opt = options.shb.authelia;
contracts = pkgs.callPackage ../contracts { };
fqdn = "${cfg.subdomain}.${cfg.domain}"; fqdn = "${cfg.subdomain}.${cfg.domain}";
fqdnWithPort = if isNull cfg.port then fqdn else "${fqdn}:${toString cfg.port}"; fqdnWithPort = if isNull cfg.port then fqdn else "${fqdn}:${toString cfg.port}";
@ -23,6 +22,7 @@ let
in in
{ {
imports = [ imports = [
../../lib/module.nix
./lldap.nix ./lldap.nix
./mitmdump.nix ./mitmdump.nix
./postgresql.nix ./postgresql.nix
@ -51,7 +51,7 @@ in
ssl = lib.mkOption { ssl = lib.mkOption {
description = "Path to SSL files"; description = "Path to SSL files";
type = lib.types.nullOr contracts.ssl.certs; type = lib.types.nullOr shb.contracts.ssl.certs;
default = null; default = null;
}; };
@ -86,7 +86,7 @@ in
jwtSecret = lib.mkOption { jwtSecret = lib.mkOption {
description = "JWT secret."; description = "JWT secret.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
owner = cfg.autheliaUser; owner = cfg.autheliaUser;
restartUnits = [ "authelia-${opt.subdomain}.${opt.domain}" ]; restartUnits = [ "authelia-${opt.subdomain}.${opt.domain}" ];
@ -96,7 +96,7 @@ in
ldapAdminPassword = lib.mkOption { ldapAdminPassword = lib.mkOption {
description = "LDAP admin user password."; description = "LDAP admin user password.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
owner = cfg.autheliaUser; owner = cfg.autheliaUser;
restartUnits = [ "authelia-${opt.subdomain}.${opt.domain}" ]; restartUnits = [ "authelia-${opt.subdomain}.${opt.domain}" ];
@ -106,7 +106,7 @@ in
sessionSecret = lib.mkOption { sessionSecret = lib.mkOption {
description = "Session secret."; description = "Session secret.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
owner = cfg.autheliaUser; owner = cfg.autheliaUser;
restartUnits = [ "authelia-${opt.subdomain}.${opt.domain}" ]; restartUnits = [ "authelia-${opt.subdomain}.${opt.domain}" ];
@ -116,7 +116,7 @@ in
storageEncryptionKey = lib.mkOption { storageEncryptionKey = lib.mkOption {
description = "Storage encryption key."; description = "Storage encryption key.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
owner = cfg.autheliaUser; owner = cfg.autheliaUser;
restartUnits = [ "authelia-${opt.subdomain}.${opt.domain}" ]; restartUnits = [ "authelia-${opt.subdomain}.${opt.domain}" ];
@ -126,7 +126,7 @@ in
identityProvidersOIDCHMACSecret = lib.mkOption { identityProvidersOIDCHMACSecret = lib.mkOption {
description = "Identity provider OIDC HMAC secret."; description = "Identity provider OIDC HMAC secret.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
owner = cfg.autheliaUser; owner = cfg.autheliaUser;
restartUnits = [ "authelia-${opt.subdomain}.${opt.domain}" ]; restartUnits = [ "authelia-${opt.subdomain}.${opt.domain}" ];
@ -140,7 +140,7 @@ in
Generate one with `nix run nixpkgs#openssl -- genrsa -out keypair.pem 2048` Generate one with `nix run nixpkgs#openssl -- genrsa -out keypair.pem 2048`
''; '';
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
owner = cfg.autheliaUser; owner = cfg.autheliaUser;
restartUnits = [ "authelia-${opt.subdomain}.${opt.domain}" ]; restartUnits = [ "authelia-${opt.subdomain}.${opt.domain}" ];
@ -204,7 +204,7 @@ in
}; };
client_secret = lib.mkOption { client_secret = lib.mkOption {
type = lib.shb.secretFileType; type = shb.secretFileType;
description = '' description = ''
File containing the shared secret with the OIDC client. File containing the shared secret with the OIDC client.
@ -311,7 +311,7 @@ in
password = lib.mkOption { password = lib.mkOption {
description = "File containing the password to connect to the SMTP host."; description = "File containing the password to connect to the SMTP host.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
owner = cfg.autheliaUser; owner = cfg.autheliaUser;
restartUnits = [ "authelia-${fqdn}" ]; restartUnits = [ "authelia-${fqdn}" ];
@ -331,7 +331,7 @@ in
}; };
mount = lib.mkOption { mount = lib.mkOption {
type = contracts.mount; type = shb.contracts.mount;
description = '' description = ''
Mount configuration. This is an output option. Mount configuration. This is an output option.
@ -354,7 +354,7 @@ in
}; };
mountRedis = lib.mkOption { mountRedis = lib.mkOption {
type = contracts.mount; type = shb.contracts.mount;
description = '' description = ''
Mount configuration for Redis. This is an output option. Mount configuration for Redis. This is an output option.
@ -554,12 +554,12 @@ in
let let
mkCfg = mkCfg =
clients: clients:
lib.shb.replaceSecrets { shb.replaceSecrets {
userConfig = { userConfig = {
identity_providers.oidc.clients = clients; identity_providers.oidc.clients = clients;
}; };
resultPath = "/var/lib/authelia-${fqdn}/oidc_clients.yaml"; resultPath = "/var/lib/authelia-${fqdn}/oidc_clients.yaml";
generator = lib.shb.replaceSecretsGeneratorAdapter (lib.generators.toYAML { }); generator = shb.replaceSecretsGeneratorAdapter (lib.generators.toYAML { });
}; };
in in
lib.mkBefore ( lib.mkBefore (

View file

@ -3,14 +3,13 @@
pkgs, pkgs,
lib, lib,
utils, utils,
shb,
... ...
}: }:
let let
cfg = config.shb.borgbackup; cfg = config.shb.borgbackup;
contracts = pkgs.callPackage ../contracts { };
inherit (lib) inherit (lib)
concatStringsSep concatStringsSep
filterAttrs filterAttrs
@ -56,7 +55,7 @@ let
passphrase = lib.mkOption { passphrase = lib.mkOption {
description = "Encryption key for the backup repository."; description = "Encryption key for the backup repository.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
owner = config.request.user; owner = config.request.user;
ownerText = "[shb.borgbackup.${prefix}.<name>.request.user](#blocks-borgbackup-options-shb.borgbackup.${prefix}._name_.request.user)"; ownerText = "[shb.borgbackup.${prefix}.<name>.request.user](#blocks-borgbackup-options-shb.borgbackup.${prefix}._name_.request.user)";
@ -76,7 +75,7 @@ let
}; };
secrets = mkOption { secrets = mkOption {
type = attrsOf lib.shb.secretFileType; type = attrsOf shb.secretFileType;
default = { }; default = { };
description = '' description = ''
Secrets needed to access the repository where the backups will be stored. Secrets needed to access the repository where the backups will be stored.
@ -157,15 +156,19 @@ let
fullName = name: repository: "borgbackup-job-${name}_${repoSlugName repository.path}"; fullName = name: repository: "borgbackup-job-${name}_${repoSlugName repository.path}";
in in
{ {
imports = [
../../lib/module.nix
];
options.shb.borgbackup = { options.shb.borgbackup = {
instances = mkOption { instances = mkOption {
description = "Files to backup following the [backup contract](./contracts-backup.html)."; description = "Files to backup following the [backup contract](./shb.contracts-backup.html).";
default = { }; default = { };
type = attrsOf ( type = attrsOf (
submodule ( submodule (
{ name, config, ... }: { name, config, ... }:
{ {
options = contracts.backup.mkProvider { options = shb.contracts.backup.mkProvider {
settings = mkOption { settings = mkOption {
description = '' description = ''
Settings specific to the BorgBackup provider. Settings specific to the BorgBackup provider.
@ -193,13 +196,13 @@ in
}; };
databases = mkOption { databases = mkOption {
description = "Databases to backup following the [database backup contract](./contracts-databasebackup.html)."; description = "Databases to backup following the [database backup contract](./shb.contracts-databasebackup.html).";
default = { }; default = { };
type = attrsOf ( type = attrsOf (
submodule ( submodule (
{ name, config, ... }: { name, config, ... }:
{ {
options = contracts.databasebackup.mkProvider { options = shb.contracts.databasebackup.mkProvider {
settings = mkOption { settings = mkOption {
description = '' description = ''
Settings specific to the BorgBackup provider. Settings specific to the BorgBackup provider.
@ -397,10 +400,10 @@ in
"${serviceName}-pre" = mkIf (instance.settings.repository.secrets != { }) ( "${serviceName}-pre" = mkIf (instance.settings.repository.secrets != { }) (
let let
script = lib.shb.genConfigOutOfBandSystemd { script = shb.genConfigOutOfBandSystemd {
config = instance.settings.repository.secrets; config = instance.settings.repository.secrets;
configLocation = "/run/secrets_borgbackup/${serviceName}"; configLocation = "/run/secrets_borgbackup/${serviceName}";
generator = lib.shb.toEnvVar; generator = shb.toEnvVar;
user = instance.request.user; user = instance.request.user;
}; };
in in
@ -424,13 +427,13 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
script = ( script = (
lib.shb.replaceSecrets { shb.replaceSecrets {
userConfig = instance.settings.repository.secrets // { userConfig = instance.settings.repository.secrets // {
BORG_PASSCOMMAND = ''"cat ${instance.settings.passphrase.result.path}"''; BORG_PASSCOMMAND = ''"cat ${instance.settings.passphrase.result.path}"'';
BORG_REPO = instance.settings.repository.path; BORG_REPO = instance.settings.repository.path;
}; };
resultPath = "/run/secrets_borgbackup_env/${fullName name instance.settings.repository}"; resultPath = "/run/secrets_borgbackup_env/${fullName name instance.settings.repository}";
generator = lib.shb.toEnvVar; generator = shb.toEnvVar;
user = instance.request.user; user = instance.request.user;
} }
); );

View file

@ -118,7 +118,7 @@ Here we will only highlight the differences with the previous configuration.
This assumes you have access to such a remote S3 store, for example by using [Backblaze](https://www.backblaze.com/). This assumes you have access to such a remote S3 store, for example by using [Backblaze](https://www.backblaze.com/).
```diff ```diff
shb.backup.instances.myservice = { shb.test.backup.instances.myservice = {
repository = { repository = {
- path = "/srv/pool1/backups/myfolder"; - path = "/srv/pool1/backups/myfolder";
@ -211,15 +211,15 @@ backupcfg = repositories: name: sourceDirectories {
Now, we can define multiple backup jobs to backup different folders: Now, we can define multiple backup jobs to backup different folders:
```nix ```nix
shb.backup.instances.myfolder1 = backupcfg repos ["/var/lib/myfolder1"]; shb.test.backup.instances.myfolder1 = backupcfg repos ["/var/lib/myfolder1"];
shb.backup.instances.myfolder2 = backupcfg repos ["/var/lib/myfolder2"]; shb.test.backup.instances.myfolder2 = backupcfg repos ["/var/lib/myfolder2"];
``` ```
The difference between the above snippet and putting all the folders into one configuration (shown The difference between the above snippet and putting all the folders into one configuration (shown
below) is the former splits the backups into sub-folders on the repositories. below) is the former splits the backups into sub-folders on the repositories.
```nix ```nix
shb.backup.instances.all = backupcfg repos ["/var/lib/myfolder1" "/var/lib/myfolder2"]; shb.test.backup.instances.all = backupcfg repos ["/var/lib/myfolder1" "/var/lib/myfolder2"];
``` ```
## Monitoring {#blocks-borgbackup-monitoring} ## Monitoring {#blocks-borgbackup-monitoring}

View file

@ -2,13 +2,12 @@
config, config,
lib, lib,
pkgs, pkgs,
shb,
... ...
}: }:
let let
cfg = config.shb.hardcodedsecret; cfg = config.shb.hardcodedsecret;
contracts = pkgs.callPackage ../contracts { };
inherit (lib) mapAttrs' mkOption nameValuePair; inherit (lib) mapAttrs' mkOption nameValuePair;
inherit (lib.types) inherit (lib.types)
attrsOf attrsOf
@ -19,6 +18,10 @@ let
inherit (pkgs) writeText; inherit (pkgs) writeText;
in in
{ {
imports = [
../../lib/module.nix
];
options.shb.hardcodedsecret = mkOption { options.shb.hardcodedsecret = mkOption {
default = { }; default = { };
description = '' description = ''
@ -40,7 +43,7 @@ in
submodule ( submodule (
{ name, ... }: { name, ... }:
{ {
options = contracts.secret.mkProvider { options = shb.contracts.secret.mkProvider {
settings = mkOption { settings = mkOption {
description = '' description = ''
Settings specific to the hardcoded secret module. Settings specific to the hardcoded secret module.

View file

@ -2,14 +2,13 @@
config, config,
pkgs, pkgs,
lib, lib,
shb,
... ...
}: }:
let let
cfg = config.shb.lldap; cfg = config.shb.lldap;
contracts = pkgs.callPackage ../contracts { };
fqdn = "${cfg.subdomain}.${cfg.domain}"; fqdn = "${cfg.subdomain}.${cfg.domain}";
inherit (lib) mkOption types; inherit (lib) mkOption types;
@ -54,6 +53,7 @@ let
in in
{ {
imports = [ imports = [
../../lib/module.nix
./mitmdump.nix ./mitmdump.nix
(lib.mkRenamedOptionModule [ "shb" "ldap" ] [ "shb" "lldap" ]) (lib.mkRenamedOptionModule [ "shb" "ldap" ] [ "shb" "lldap" ])
@ -88,7 +88,7 @@ in
ssl = lib.mkOption { ssl = lib.mkOption {
description = "Path to SSL files"; description = "Path to SSL files";
type = lib.types.nullOr contracts.ssl.certs; type = lib.types.nullOr shb.contracts.ssl.certs;
default = null; default = null;
}; };
@ -101,7 +101,7 @@ in
ldapUserPassword = lib.mkOption { ldapUserPassword = lib.mkOption {
description = "LDAP admin user secret."; description = "LDAP admin user secret.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0440"; mode = "0440";
owner = "lldap"; owner = "lldap";
group = "lldap"; group = "lldap";
@ -113,7 +113,7 @@ in
jwtSecret = lib.mkOption { jwtSecret = lib.mkOption {
description = "JWT secret."; description = "JWT secret.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0440"; mode = "0440";
owner = "lldap"; owner = "lldap";
group = "lldap"; group = "lldap";
@ -136,7 +136,7 @@ in
}; };
mount = lib.mkOption { mount = lib.mkOption {
type = contracts.mount; type = shb.contracts.mount;
description = '' description = ''
Mount configuration. This is an output option. Mount configuration. This is an output option.
@ -160,7 +160,7 @@ in
Backup configuration. Backup configuration.
''; '';
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.backup.mkRequester { options = shb.contracts.backup.mkRequester {
# TODO: is there a workaround that avoid needing to use root? # TODO: is there a workaround that avoid needing to use root?
# root because otherwise we cannot access the private StateDiretory # root because otherwise we cannot access the private StateDiretory
user = "root"; user = "root";
@ -203,7 +203,7 @@ in
password = mkOption { password = mkOption {
description = "Password."; description = "Password.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0440"; mode = "0440";
owner = "lldap"; owner = "lldap";
group = "lldap"; group = "lldap";

View file

@ -2,14 +2,13 @@
config, config,
pkgs, pkgs,
lib, lib,
shb,
... ...
}: }:
let let
cfg = config.shb.monitoring; cfg = config.shb.monitoring;
contracts = pkgs.callPackage ../contracts { };
fqdn = "${cfg.subdomain}.${cfg.domain}"; fqdn = "${cfg.subdomain}.${cfg.domain}";
commonLabels = { commonLabels = {
@ -49,7 +48,7 @@ in
ssl = lib.mkOption { ssl = lib.mkOption {
description = "Path to SSL files"; description = "Path to SSL files";
type = lib.types.nullOr contracts.ssl.certs; type = lib.types.nullOr shb.contracts.ssl.certs;
default = null; default = null;
}; };
@ -112,7 +111,7 @@ in
adminPassword = lib.mkOption { adminPassword = lib.mkOption {
description = "Initial admin password."; description = "Initial admin password.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
owner = "grafana"; owner = "grafana";
group = "grafana"; group = "grafana";
@ -124,7 +123,7 @@ in
secretKey = lib.mkOption { secretKey = lib.mkOption {
description = "Secret key used for signing."; description = "Secret key used for signing.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
owner = "grafana"; owner = "grafana";
group = "grafana"; group = "grafana";
@ -226,7 +225,7 @@ in
sharedSecret = lib.mkOption { sharedSecret = lib.mkOption {
description = "OIDC shared secret for Grafana."; description = "OIDC shared secret for Grafana.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
owner = "grafana"; owner = "grafana";
restartUnits = [ restartUnits = [
"grafana.service" "grafana.service"
@ -238,7 +237,7 @@ in
sharedSecretForAuthelia = lib.mkOption { sharedSecretForAuthelia = lib.mkOption {
description = "OIDC shared secret for Authelia. Must be the same as `sharedSecret`"; description = "OIDC shared secret for Authelia. Must be the same as `sharedSecret`";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
ownerText = "config.shb.authelia.autheliaUser"; ownerText = "config.shb.authelia.autheliaUser";
owner = config.shb.authelia.autheliaUser; owner = config.shb.authelia.autheliaUser;

View file

@ -1,15 +1,13 @@
{ {
config, config,
pkgs,
lib, lib,
shb,
... ...
}: }:
let let
cfg = config.shb.nginx; cfg = config.shb.nginx;
contracts = pkgs.callPackage ../contracts { };
fqdn = c: "${c.subdomain}.${c.domain}"; fqdn = c: "${c.subdomain}.${c.domain}";
vhostConfig = lib.types.submodule { vhostConfig = lib.types.submodule {
@ -28,7 +26,7 @@ let
ssl = lib.mkOption { ssl = lib.mkOption {
description = "Path to SSL files"; description = "Path to SSL files";
type = lib.types.nullOr contracts.ssl.certs; type = lib.types.nullOr shb.contracts.ssl.certs;
default = null; default = null;
}; };

View file

@ -2,11 +2,11 @@
config, config,
lib, lib,
pkgs, pkgs,
shb,
... ...
}: }:
let let
cfg = config.shb.postgresql; cfg = config.shb.postgresql;
contracts = pkgs.callPackage ../contracts { };
upgrade-script = upgrade-script =
old: new: old: new:
@ -39,6 +39,10 @@ let
''; '';
in in
{ {
imports = [
../../lib/module.nix
];
options.shb.postgresql = { options.shb.postgresql = {
debug = lib.mkOption { debug = lib.mkOption {
type = lib.types.bool; type = lib.types.bool;
@ -63,7 +67,7 @@ in
default = { }; default = { };
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.databasebackup.mkRequester { options = shb.contracts.databasebackup.mkRequester {
user = "postgres"; user = "postgres";
backupName = "postgres.sql"; backupName = "postgres.sql";

View file

@ -2,6 +2,7 @@
config, config,
pkgs, pkgs,
lib, lib,
shb,
utils, utils,
... ...
}: }:
@ -9,8 +10,6 @@
let let
cfg = config.shb.restic; cfg = config.shb.restic;
contracts = pkgs.callPackage ../contracts { };
inherit (lib) inherit (lib)
concatStringsSep concatStringsSep
filterAttrs filterAttrs
@ -60,7 +59,7 @@ let
passphrase = lib.mkOption { passphrase = lib.mkOption {
description = "Encryption key for the backup repository."; description = "Encryption key for the backup repository.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
owner = config.request.user; owner = config.request.user;
ownerText = "[shb.restic.${prefix}.<name>.request.user](#blocks-restic-options-shb.restic.${prefix}._name_.request.user)"; ownerText = "[shb.restic.${prefix}.<name>.request.user](#blocks-restic-options-shb.restic.${prefix}._name_.request.user)";
@ -80,7 +79,7 @@ let
}; };
secrets = mkOption { secrets = mkOption {
type = attrsOf lib.shb.secretFileType; type = attrsOf shb.secretFileType;
default = { }; default = { };
description = '' description = ''
Secrets needed to access the repository where the backups will be stored. Secrets needed to access the repository where the backups will be stored.
@ -148,15 +147,19 @@ let
fullName = name: repository: "restic-backups-${name}_${repoSlugName repository.path}"; fullName = name: repository: "restic-backups-${name}_${repoSlugName repository.path}";
in in
{ {
imports = [
../../lib/module.nix
];
options.shb.restic = { options.shb.restic = {
instances = mkOption { instances = mkOption {
description = "Files to backup following the [backup contract](./contracts-backup.html)."; description = "Files to backup following the [backup contract](./shb.contracts-backup.html).";
default = { }; default = { };
type = attrsOf ( type = attrsOf (
submodule ( submodule (
{ name, config, ... }: { name, config, ... }:
{ {
options = contracts.backup.mkProvider { options = shb.contracts.backup.mkProvider {
settings = mkOption { settings = mkOption {
description = '' description = ''
Settings specific to the Restic provider. Settings specific to the Restic provider.
@ -184,13 +187,13 @@ in
}; };
databases = mkOption { databases = mkOption {
description = "Databases to backup following the [database backup contract](./contracts-databasebackup.html)."; description = "Databases to backup following the [database backup contract](./shb.contracts-databasebackup.html).";
default = { }; default = { };
type = attrsOf ( type = attrsOf (
submodule ( submodule (
{ name, config, ... }: { name, config, ... }:
{ {
options = contracts.databasebackup.mkProvider { options = shb.contracts.databasebackup.mkProvider {
settings = mkOption { settings = mkOption {
description = '' description = ''
Settings specific to the Restic provider. Settings specific to the Restic provider.
@ -380,10 +383,10 @@ in
"${serviceName}-pre" = mkIf (instance.settings.repository.secrets != { }) ( "${serviceName}-pre" = mkIf (instance.settings.repository.secrets != { }) (
let let
script = lib.shb.genConfigOutOfBandSystemd { script = shb.genConfigOutOfBandSystemd {
config = instance.settings.repository.secrets; config = instance.settings.repository.secrets;
configLocation = "/run/secrets_restic/${serviceName}"; configLocation = "/run/secrets_restic/${serviceName}";
generator = lib.shb.toEnvVar; generator = shb.toEnvVar;
user = instance.request.user; user = instance.request.user;
}; };
in in
@ -407,13 +410,13 @@ in
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
script = ( script = (
lib.shb.replaceSecrets { shb.replaceSecrets {
userConfig = instance.settings.repository.secrets // { userConfig = instance.settings.repository.secrets // {
RESTIC_PASSWORD_FILE = toString instance.settings.passphrase.result.path; RESTIC_PASSWORD_FILE = toString instance.settings.passphrase.result.path;
RESTIC_REPOSITORY = instance.settings.repository.path; RESTIC_REPOSITORY = instance.settings.repository.path;
}; };
resultPath = "/run/secrets_restic_env/${fullName name instance.settings.repository}"; resultPath = "/run/secrets_restic_env/${fullName name instance.settings.repository}";
generator = lib.shb.toEnvVar; generator = shb.toEnvVar;
user = instance.request.user; user = instance.request.user;
} }
); );

View file

@ -118,7 +118,7 @@ Here we will only highlight the differences with the previous configuration.
This assumes you have access to such a remote S3 store, for example by using [Backblaze](https://www.backblaze.com/). This assumes you have access to such a remote S3 store, for example by using [Backblaze](https://www.backblaze.com/).
```diff ```diff
shb.backup.instances.myservice = { shb.test.backup.instances.myservice = {
repository = { repository = {
- path = "/srv/pool1/backups/myfolder"; - path = "/srv/pool1/backups/myfolder";
@ -211,15 +211,15 @@ backupcfg = repositories: name: sourceDirectories {
Now, we can define multiple backup jobs to backup different folders: Now, we can define multiple backup jobs to backup different folders:
```nix ```nix
shb.backup.instances.myfolder1 = backupcfg repos ["/var/lib/myfolder1"]; shb.test.backup.instances.myfolder1 = backupcfg repos ["/var/lib/myfolder1"];
shb.backup.instances.myfolder2 = backupcfg repos ["/var/lib/myfolder2"]; shb.test.backup.instances.myfolder2 = backupcfg repos ["/var/lib/myfolder2"];
``` ```
The difference between the above snippet and putting all the folders into one configuration (shown The difference between the above snippet and putting all the folders into one configuration (shown
below) is the former splits the backups into sub-folders on the repositories. below) is the former splits the backups into sub-folders on the repositories.
```nix ```nix
shb.backup.instances.all = backupcfg repos ["/var/lib/myfolder1" "/var/lib/myfolder2"]; shb.test.backup.instances.all = backupcfg repos ["/var/lib/myfolder1" "/var/lib/myfolder2"];
``` ```
## Monitoring {#blocks-restic-monitoring} ## Monitoring {#blocks-restic-monitoring}

View file

@ -1,18 +1,20 @@
{ {
config, config,
lib, lib,
pkgs, shb,
... ...
}: }:
let let
inherit (lib) mapAttrs mkOption; inherit (lib) mapAttrs mkOption;
inherit (lib.types) attrsOf anything submodule; inherit (lib.types) attrsOf anything submodule;
contracts = pkgs.callPackage ../contracts { };
cfg = config.shb.sops; cfg = config.shb.sops;
in in
{ {
imports = [
../../lib/module.nix
];
options.shb.sops = { options.shb.sops = {
secret = mkOption { secret = mkOption {
description = "Secret following the [secret contract](./contracts-secret.html)."; description = "Secret following the [secret contract](./contracts-secret.html).";
@ -21,7 +23,7 @@ in
submodule ( submodule (
{ name, options, ... }: { name, options, ... }:
{ {
options = contracts.secret.mkProvider { options = shb.contracts.secret.mkProvider {
settings = mkOption { settings = mkOption {
description = '' description = ''
Settings specific to the Sops provider. Settings specific to the Sops provider.

View file

@ -2,14 +2,13 @@
config, config,
pkgs, pkgs,
lib, lib,
shb,
... ...
}: }:
let let
cfg = config.shb.certs; cfg = config.shb.certs;
contracts = pkgs.callPackage ../contracts { };
inherit (builtins) dirOf; inherit (builtins) dirOf;
inherit (lib) inherit (lib)
flatten flatten
@ -20,6 +19,10 @@ let
; ;
in in
{ {
imports = [
../../lib/module.nix
];
options.shb.certs = { options.shb.certs = {
systemdService = lib.mkOption { systemdService = lib.mkOption {
description = '' description = ''
@ -51,7 +54,7 @@ in
This option implements the SSL Generator contract. This option implements the SSL Generator contract.
''; '';
type = contracts.ssl.certs-paths; type = shb.contracts.ssl.certs-paths;
default = { default = {
key = "/var/lib/certs/cas/${config._module.args.name}.key"; key = "/var/lib/certs/cas/${config._module.args.name}.key";
cert = "/var/lib/certs/cas/${config._module.args.name}.cert"; cert = "/var/lib/certs/cas/${config._module.args.name}.cert";
@ -81,7 +84,7 @@ in
{ {
options = { options = {
ca = lib.mkOption { ca = lib.mkOption {
type = lib.types.nullOr contracts.ssl.cas; type = lib.types.nullOr shb.contracts.ssl.cas;
description = '' description = ''
CA used to generate this certificate. Only used for self-signed. CA used to generate this certificate. Only used for self-signed.
@ -128,7 +131,7 @@ in
This option implements the SSL Generator contract. This option implements the SSL Generator contract.
''; '';
type = contracts.ssl.certs-paths; type = shb.contracts.ssl.certs-paths;
default = { default = {
key = "/var/lib/certs/selfsigned/${config._module.args.name}.key"; key = "/var/lib/certs/selfsigned/${config._module.args.name}.key";
cert = "/var/lib/certs/selfsigned/${config._module.args.name}.cert"; cert = "/var/lib/certs/selfsigned/${config._module.args.name}.cert";
@ -196,7 +199,7 @@ in
This option implements the SSL Generator contract. This option implements the SSL Generator contract.
''; '';
type = contracts.ssl.certs-paths; type = shb.contracts.ssl.certs-paths;
default = { default = {
key = "/var/lib/acme/${config._module.args.name}/key.pem"; key = "/var/lib/acme/${config._module.args.name}/key.pem";
cert = "/var/lib/acme/${config._module.args.name}/cert.pem"; cert = "/var/lib/acme/${config._module.args.name}/cert.pem";

View file

@ -1,4 +1,4 @@
{ lib, ... }: { lib, shb, ... }:
let let
inherit (lib) inherit (lib)
concatStringsSep concatStringsSep
@ -13,7 +13,7 @@ let
submodule submodule
str str
; ;
inherit (lib.shb) anyNotNull; inherit (shb) anyNotNull;
in in
{ {
mkRequest = mkRequest =

View file

@ -1,11 +1,13 @@
{ pkgs, lib, ... }: { lib, shb, ... }:
let let
contracts = pkgs.callPackage ../. { };
inherit (lib) mkOption; inherit (lib) mkOption;
inherit (lib.types) submodule; inherit (lib.types) submodule;
in in
{ {
imports = [
../../../lib/module.nix
];
options.shb.contracts.backup = mkOption { options.shb.contracts.backup = mkOption {
description = '' description = ''
Contract for backing up files Contract for backing up files
@ -23,7 +25,7 @@ in
''; '';
type = submodule { type = submodule {
options = contracts.backup.contract; options = shb.contracts.backup.contract;
}; };
}; };
} }

View file

@ -1,4 +1,8 @@
{ pkgs, lib }: {
pkgs,
lib,
shb,
}:
let let
inherit (lib) inherit (lib)
concatMapStringsSep concatMapStringsSep
@ -20,13 +24,13 @@ in
settings, # { repository, config } -> attrset settings, # { repository, config } -> attrset
extraConfig ? null, # { username, config } -> attrset extraConfig ? null, # { username, config } -> attrset
}: }:
lib.shb.runNixOSTest { shb.test.runNixOSTest {
inherit name; inherit name;
nodes.machine = nodes.machine =
{ config, ... }: { config, ... }:
{ {
imports = [ lib.shb.baseImports ] ++ modules; imports = [ shb.test.baseImports ] ++ modules;
config = lib.mkMerge [ config = lib.mkMerge [
(setAttrByPath providerRoot { (setAttrByPath providerRoot {

View file

@ -1,4 +1,4 @@
{ lib, ... }: { lib, shb, ... }:
let let
inherit (lib) inherit (lib)
mkOption mkOption
@ -8,7 +8,7 @@ let
optionalString optionalString
; ;
inherit (lib.types) submodule str; inherit (lib.types) submodule str;
inherit (lib.shb) anyNotNull; inherit (shb) anyNotNull;
in in
{ {
mkRequest = mkRequest =

View file

@ -1,11 +1,13 @@
{ pkgs, lib, ... }: { lib, shb, ... }:
let let
contracts = pkgs.callPackage ../. { };
inherit (lib) mkOption; inherit (lib) mkOption;
inherit (lib.types) submodule; inherit (lib.types) submodule;
in in
{ {
imports = [
../../../lib/module.nix
];
options.shb.contracts.databasebackup = mkOption { options.shb.contracts.databasebackup = mkOption {
description = '' description = ''
Contract for database backup between a requester module Contract for database backup between a requester module
@ -23,7 +25,7 @@ in
''; '';
type = submodule { type = submodule {
options = contracts.databasebackup.contract; options = shb.contracts.databasebackup.contract;
}; };
}; };
} }

View file

@ -1,4 +1,8 @@
{ pkgs, lib }: {
pkgs,
lib,
shb,
}:
let let
inherit (lib) inherit (lib)
getAttrFromPath getAttrFromPath
@ -16,13 +20,13 @@ in
database ? "me", database ? "me",
settings, # { repository, config } -> attrset settings, # { repository, config } -> attrset
}: }:
lib.shb.runNixOSTest { shb.test.runNixOSTest {
inherit name; inherit name;
nodes.machine = nodes.machine =
{ config, ... }: { config, ... }:
{ {
imports = [ lib.shb.baseImports ] ++ modules; imports = [ shb.test.baseImports ] ++ modules;
config = lib.mkMerge [ config = lib.mkMerge [
(setAttrByPath providerRoot { (setAttrByPath providerRoot {
request = (getAttrFromPath requesterRoot config).request; request = (getAttrFromPath requesterRoot config).request;

View file

@ -1,4 +1,8 @@
{ pkgs, lib }: {
pkgs,
lib,
shb,
}:
let let
inherit (lib) mkOption optionalAttrs; inherit (lib) mkOption optionalAttrs;
inherit (lib.types) anything; inherit (lib.types) anything;
@ -44,7 +48,7 @@ let
importContract = importContract =
module: module:
let let
importedModule = pkgs.callPackage module { }; importedModule = pkgs.callPackage module { inherit shb; };
in in
mkContractFunctions { mkContractFunctions {
inherit (importedModule) mkRequest mkResult; inherit (importedModule) mkRequest mkResult;
@ -57,8 +61,8 @@ in
secret = importContract ./secret.nix; secret = importContract ./secret.nix;
ssl = pkgs.callPackage ./ssl.nix { }; ssl = pkgs.callPackage ./ssl.nix { };
test = { test = {
secret = pkgs.callPackage ./secret/test.nix { }; secret = pkgs.callPackage ./secret/test.nix { inherit shb; };
databasebackup = pkgs.callPackage ./databasebackup/test.nix { }; databasebackup = pkgs.callPackage ./databasebackup/test.nix { inherit shb; };
backup = pkgs.callPackage ./backup/test.nix { }; backup = pkgs.callPackage ./backup/test.nix { inherit shb; };
}; };
} }

View file

@ -1,4 +1,4 @@
{ lib, ... }: { lib, shb, ... }:
let let
inherit (lib) inherit (lib)
concatStringsSep concatStringsSep
@ -8,7 +8,7 @@ let
optionalString optionalString
; ;
inherit (lib.types) listOf submodule str; inherit (lib.types) listOf submodule str;
inherit (lib.shb) anyNotNull; inherit (shb) anyNotNull;
in in
{ {
mkRequest = mkRequest =

View file

@ -1,11 +1,13 @@
{ pkgs, lib, ... }: { lib, shb, ... }:
let let
contracts = pkgs.callPackage ../. { };
inherit (lib) mkOption; inherit (lib) mkOption;
inherit (lib.types) submodule; inherit (lib.types) submodule;
in in
{ {
imports = [
../../../lib/module.nix
];
options.shb.contracts.secret = mkOption { options.shb.contracts.secret = mkOption {
description = '' description = ''
Contract for secrets between a requester module Contract for secrets between a requester module
@ -21,7 +23,7 @@ in
through the `result.*` options. through the `result.*` options.
''; '';
type = submodule { type = submodule {
options = contracts.secret.contract; options = shb.contracts.secret.contract;
}; };
}; };
} }

View file

@ -1,4 +1,8 @@
{ pkgs, lib }: {
pkgs,
lib,
shb,
}:
let let
inherit (lib) getAttrFromPath setAttrByPath; inherit (lib) getAttrFromPath setAttrByPath;
inherit (lib) mkIf; inherit (lib) mkIf;
@ -13,13 +17,13 @@ in
mode ? "0400", mode ? "0400",
restartUnits ? [ "myunit.service" ], restartUnits ? [ "myunit.service" ],
}: }:
lib.shb.runNixOSTest { shb.test.runNixOSTest {
name = "secret_${name}_${owner}_${group}_${mode}"; name = "secret_${name}_${owner}_${group}_${mode}";
nodes.machine = nodes.machine =
{ config, ... }: { config, ... }:
{ {
imports = [ lib.shb.baseImports ] ++ modules; imports = [ shb.test.baseImports ] ++ modules;
config = lib.mkMerge [ config = lib.mkMerge [
(setAttrByPath configRoot { (setAttrByPath configRoot {
A = { A = {

View file

@ -1,10 +1,11 @@
{ pkgs, lib, ... }: { lib, shb, ... }:
let
contracts = pkgs.callPackage ../. { };
in
{ {
imports = [
../../../lib/module.nix
];
options.shb.contracts.ssl = lib.mkOption { options.shb.contracts.ssl = lib.mkOption {
description = "Contract for SSL Certificate generator."; description = "Contract for SSL Certificate generator.";
type = contracts.ssl.certs; type = shb.contracts.ssl.certs;
}; };
} }

View file

@ -2,17 +2,16 @@
config, config,
pkgs, pkgs,
lib, lib,
shb,
... ...
}: }:
let let
cfg = config.shb.arr; cfg = config.shb.arr;
contracts = pkgs.callPackage ../contracts { };
apps = { apps = {
radarr = { radarr = {
settingsFormat = lib.shb.formatXML { enclosingRoot = "Config"; }; settingsFormat = shb.formatXML { enclosingRoot = "Config"; };
moreOptions = { moreOptions = {
settings = lib.mkOption { settings = lib.mkOption {
description = "Specific options for radarr."; description = "Specific options for radarr.";
@ -21,7 +20,7 @@ let
freeformType = apps.radarr.settingsFormat.type; freeformType = apps.radarr.settingsFormat.type;
options = { options = {
ApiKey = lib.mkOption { ApiKey = lib.mkOption {
type = lib.shb.secretFileType; type = shb.secretFileType;
description = "Path to api key secret file."; description = "Path to api key secret file.";
}; };
LogLevel = lib.mkOption { LogLevel = lib.mkOption {
@ -73,7 +72,7 @@ let
}; };
}; };
sonarr = { sonarr = {
settingsFormat = lib.shb.formatXML { enclosingRoot = "Config"; }; settingsFormat = shb.formatXML { enclosingRoot = "Config"; };
moreOptions = { moreOptions = {
settings = lib.mkOption { settings = lib.mkOption {
description = "Specific options for sonarr."; description = "Specific options for sonarr.";
@ -82,7 +81,7 @@ let
freeformType = apps.sonarr.settingsFormat.type; freeformType = apps.sonarr.settingsFormat.type;
options = { options = {
ApiKey = lib.mkOption { ApiKey = lib.mkOption {
type = lib.shb.secretFileType; type = shb.secretFileType;
description = "Path to api key secret file."; description = "Path to api key secret file.";
}; };
LogLevel = lib.mkOption { LogLevel = lib.mkOption {
@ -129,7 +128,7 @@ let
}; };
}; };
bazarr = { bazarr = {
settingsFormat = lib.shb.formatXML { enclosingRoot = "Config"; }; settingsFormat = shb.formatXML { enclosingRoot = "Config"; };
moreOptions = { moreOptions = {
settings = lib.mkOption { settings = lib.mkOption {
description = "Specific options for bazarr."; description = "Specific options for bazarr.";
@ -157,7 +156,7 @@ let
}; };
}; };
readarr = { readarr = {
settingsFormat = lib.shb.formatXML { enclosingRoot = "Config"; }; settingsFormat = shb.formatXML { enclosingRoot = "Config"; };
moreOptions = { moreOptions = {
settings = lib.mkOption { settings = lib.mkOption {
description = "Specific options for readarr."; description = "Specific options for readarr.";
@ -184,7 +183,7 @@ let
}; };
}; };
lidarr = { lidarr = {
settingsFormat = lib.shb.formatXML { enclosingRoot = "Config"; }; settingsFormat = shb.formatXML { enclosingRoot = "Config"; };
moreOptions = { moreOptions = {
settings = lib.mkOption { settings = lib.mkOption {
description = "Specific options for lidarr."; description = "Specific options for lidarr.";
@ -220,7 +219,7 @@ let
freeformType = apps.jackett.settingsFormat.type; freeformType = apps.jackett.settingsFormat.type;
options = { options = {
ApiKey = lib.mkOption { ApiKey = lib.mkOption {
type = lib.shb.secretFileType; type = shb.secretFileType;
description = "Path to api key secret file."; description = "Path to api key secret file.";
}; };
FlareSolverrUrl = lib.mkOption { FlareSolverrUrl = lib.mkOption {
@ -229,7 +228,7 @@ let
default = null; default = null;
}; };
OmdbApiKey = lib.mkOption { OmdbApiKey = lib.mkOption {
type = lib.types.nullOr lib.shb.secretFileType; type = lib.types.nullOr shb.secretFileType;
description = "File containing the Open Movie Database API key."; description = "File containing the Open Movie Database API key.";
default = null; default = null;
}; };
@ -341,7 +340,7 @@ let
ssl = lib.mkOption { ssl = lib.mkOption {
description = "Path to SSL files"; description = "Path to SSL files";
type = lib.types.nullOr contracts.ssl.certs; type = lib.types.nullOr shb.contracts.ssl.certs;
default = null; default = null;
}; };
@ -358,7 +357,7 @@ let
''; '';
default = { }; default = { };
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.backup.mkRequester { options = shb.contracts.backup.mkRequester {
user = name; user = name;
sourceDirectories = [ sourceDirectories = [
cfg.${name}.dataDir cfg.${name}.dataDir
@ -379,6 +378,7 @@ let
in in
{ {
imports = [ imports = [
../../lib/module.nix
../blocks/nginx.nix ../blocks/nginx.nix
]; ];
@ -398,7 +398,7 @@ in
dataDir = "/var/lib/radarr"; dataDir = "/var/lib/radarr";
}; };
systemd.services.radarr.preStart = lib.shb.replaceSecrets { systemd.services.radarr.preStart = shb.replaceSecrets {
userConfig = userConfig =
cfg'.settings cfg'.settings
// (lib.optionalAttrs isSSOEnabled { // (lib.optionalAttrs isSSOEnabled {
@ -406,7 +406,7 @@ in
AuthenticationMethod = "External"; AuthenticationMethod = "External";
}); });
resultPath = "${config.services.radarr.dataDir}/config.xml"; resultPath = "${config.services.radarr.dataDir}/config.xml";
generator = lib.shb.replaceSecretsFormatAdapter apps.radarr.settingsFormat; generator = shb.replaceSecretsFormatAdapter apps.radarr.settingsFormat;
}; };
shb.nginx.vhosts = [ (vhosts { } cfg') ]; shb.nginx.vhosts = [ (vhosts { } cfg') ];
@ -429,7 +429,7 @@ in
extraGroups = [ "media" ]; extraGroups = [ "media" ];
}; };
systemd.services.sonarr.preStart = lib.shb.replaceSecrets { systemd.services.sonarr.preStart = shb.replaceSecrets {
userConfig = userConfig =
cfg'.settings cfg'.settings
// (lib.optionalAttrs isSSOEnabled { // (lib.optionalAttrs isSSOEnabled {
@ -457,7 +457,7 @@ in
users.users.bazarr = { users.users.bazarr = {
extraGroups = [ "media" ]; extraGroups = [ "media" ];
}; };
systemd.services.bazarr.preStart = lib.shb.replaceSecrets { systemd.services.bazarr.preStart = shb.replaceSecrets {
userConfig = userConfig =
cfg'.settings cfg'.settings
// (lib.optionalAttrs isSSOEnabled { // (lib.optionalAttrs isSSOEnabled {
@ -484,7 +484,7 @@ in
users.users.readarr = { users.users.readarr = {
extraGroups = [ "media" ]; extraGroups = [ "media" ];
}; };
systemd.services.readarr.preStart = lib.shb.replaceSecrets { systemd.services.readarr.preStart = shb.replaceSecrets {
userConfig = cfg'.settings; userConfig = cfg'.settings;
resultPath = "${config.services.readarr.dataDir}/config.xml"; resultPath = "${config.services.readarr.dataDir}/config.xml";
generator = apps.readarr.settingsFormat.generate; generator = apps.readarr.settingsFormat.generate;
@ -507,7 +507,7 @@ in
users.users.lidarr = { users.users.lidarr = {
extraGroups = [ "media" ]; extraGroups = [ "media" ];
}; };
systemd.services.lidarr.preStart = lib.shb.replaceSecrets { systemd.services.lidarr.preStart = shb.replaceSecrets {
userConfig = userConfig =
cfg'.settings cfg'.settings
// (lib.optionalAttrs isSSOEnabled { // (lib.optionalAttrs isSSOEnabled {
@ -535,8 +535,8 @@ in
users.users.jackett = { users.users.jackett = {
extraGroups = [ "media" ]; extraGroups = [ "media" ];
}; };
systemd.services.jackett.preStart = lib.shb.replaceSecrets { systemd.services.jackett.preStart = shb.replaceSecrets {
userConfig = lib.shb.renameAttrName cfg'.settings "ApiKey" "APIKey"; userConfig = shb.renameAttrName cfg'.settings "ApiKey" "APIKey";
resultPath = "${config.services.jackett.dataDir}/ServerConfig.json"; resultPath = "${config.services.jackett.dataDir}/ServerConfig.json";
generator = apps.jackett.settingsFormat.generate; generator = apps.jackett.settingsFormat.generate;
}; };

View file

@ -1,15 +1,13 @@
{ {
config, config,
pkgs,
lib, lib,
shb,
... ...
}: }:
let let
cfg = config.shb.audiobookshelf; cfg = config.shb.audiobookshelf;
contracts = pkgs.callPackage ../contracts { };
fqdn = "${cfg.subdomain}.${cfg.domain}"; fqdn = "${cfg.subdomain}.${cfg.domain}";
roleClaim = "audiobookshelf_groups"; roleClaim = "audiobookshelf_groups";
@ -38,7 +36,7 @@ in
ssl = lib.mkOption { ssl = lib.mkOption {
description = "Path to SSL files"; description = "Path to SSL files";
type = lib.types.nullOr contracts.ssl.certs; type = lib.types.nullOr shb.contracts.ssl.certs;
default = null; default = null;
}; };
@ -103,7 +101,7 @@ in
sharedSecret = lib.mkOption { sharedSecret = lib.mkOption {
description = "OIDC shared secret for Audiobookshelf."; description = "OIDC shared secret for Audiobookshelf.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0440"; mode = "0440";
owner = "audiobookshelf"; owner = "audiobookshelf";
group = "audiobookshelf"; group = "audiobookshelf";
@ -115,7 +113,7 @@ in
sharedSecretForAuthelia = lib.mkOption { sharedSecretForAuthelia = lib.mkOption {
description = "OIDC shared secret for Authelia."; description = "OIDC shared secret for Authelia.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
ownerText = "config.shb.authelia.autheliaUser"; ownerText = "config.shb.authelia.autheliaUser";
owner = config.shb.authelia.autheliaUser; owner = config.shb.authelia.autheliaUser;
@ -131,7 +129,7 @@ in
Backup configuration. Backup configuration.
''; '';
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.backup.mkRequester { options = shb.contracts.backup.mkRequester {
user = "audiobookshelf"; user = "audiobookshelf";
sourceDirectories = [ sourceDirectories = [
"/var/lib/audiobookshelf" "/var/lib/audiobookshelf"

View file

@ -2,14 +2,13 @@
config, config,
pkgs, pkgs,
lib, lib,
shb,
... ...
}: }:
let let
cfg = config.shb.deluge; cfg = config.shb.deluge;
contracts = pkgs.callPackage ../contracts { };
fqdn = "${cfg.subdomain}.${cfg.domain}"; fqdn = "${cfg.subdomain}.${cfg.domain}";
authGenerator = authGenerator =
@ -29,6 +28,7 @@ let
in in
{ {
imports = [ imports = [
../../lib/module.nix
../blocks/nginx.nix ../blocks/nginx.nix
]; ];
@ -49,7 +49,7 @@ in
ssl = lib.mkOption { ssl = lib.mkOption {
description = "Path to SSL files"; description = "Path to SSL files";
type = lib.types.nullOr contracts.ssl.certs; type = lib.types.nullOr shb.contracts.ssl.certs;
default = null; default = null;
}; };
@ -194,7 +194,7 @@ in
lib.types.submodule { lib.types.submodule {
options = { options = {
password = lib.mkOption { password = lib.mkOption {
type = lib.shb.secretFileType; type = shb.secretFileType;
description = "File containing the user password."; description = "File containing the user password.";
}; };
}; };
@ -205,7 +205,7 @@ in
localclientPassword = lib.mkOption { localclientPassword = lib.mkOption {
description = "Password for mandatory localclient user."; description = "Password for mandatory localclient user.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
owner = "deluge"; owner = "deluge";
restartUnits = [ "deluged.service" ]; restartUnits = [ "deluged.service" ];
}; };
@ -216,7 +216,7 @@ in
description = "Password for prometheus scraper. Setting this option will activate the prometheus deluge exporter."; description = "Password for prometheus scraper. Setting this option will activate the prometheus deluge exporter.";
type = lib.types.nullOr ( type = lib.types.nullOr (
lib.types.submodule { lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
owner = "deluge"; owner = "deluge";
restartUnits = [ restartUnits = [
"deluged.service" "deluged.service"
@ -273,7 +273,7 @@ in
''; '';
default = { }; default = { };
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.backup.mkRequester { options = shb.contracts.backup.mkRequester {
user = "deluge"; user = "deluge";
sourceDirectories = [ sourceDirectories = [
cfg.dataDir cfg.dataDir
@ -361,7 +361,7 @@ in
}; };
systemd.services.deluged.preStart = lib.mkBefore ( systemd.services.deluged.preStart = lib.mkBefore (
lib.shb.replaceSecrets { shb.replaceSecrets {
userConfig = userConfig =
cfg.extraUsers cfg.extraUsers
// { // {

View file

@ -3,14 +3,13 @@
options, options,
pkgs, pkgs,
lib, lib,
shb,
... ...
}: }:
let let
cfg = config.shb.forgejo; cfg = config.shb.forgejo;
contracts = pkgs.callPackage ../contracts { };
inherit (lib) inherit (lib)
all all
attrNames attrNames
@ -87,7 +86,7 @@ in
ssl = mkOption { ssl = mkOption {
description = "Path to SSL files"; description = "Path to SSL files";
type = nullOr contracts.ssl.certs; type = nullOr shb.contracts.ssl.certs;
default = null; default = null;
}; };
@ -137,7 +136,7 @@ in
adminPassword = mkOption { adminPassword = mkOption {
description = "LDAP admin password."; description = "LDAP admin password.";
type = submodule { type = submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0440"; mode = "0440";
owner = "forgejo"; owner = "forgejo";
group = "forgejo"; group = "forgejo";
@ -210,7 +209,7 @@ in
sharedSecret = mkOption { sharedSecret = mkOption {
description = "OIDC shared secret for Forgejo."; description = "OIDC shared secret for Forgejo.";
type = submodule { type = submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0440"; mode = "0440";
owner = "forgejo"; owner = "forgejo";
group = "forgejo"; group = "forgejo";
@ -222,7 +221,7 @@ in
sharedSecretForAuthelia = mkOption { sharedSecretForAuthelia = mkOption {
description = "OIDC shared secret for Authelia."; description = "OIDC shared secret for Authelia.";
type = submodule { type = submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
owner = "authelia"; owner = "authelia";
}; };
@ -254,7 +253,7 @@ in
password = mkOption { password = mkOption {
description = "Forgejo admin user password."; description = "Forgejo admin user password.";
type = submodule { type = submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0440"; mode = "0440";
owner = "forgejo"; owner = "forgejo";
group = "forgejo"; group = "forgejo";
@ -269,7 +268,7 @@ in
databasePassword = mkOption { databasePassword = mkOption {
description = "File containing the Forgejo database password."; description = "File containing the Forgejo database password.";
type = submodule { type = submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0440"; mode = "0440";
owner = "forgejo"; owner = "forgejo";
group = "forgejo"; group = "forgejo";
@ -329,7 +328,7 @@ in
''; '';
default = { }; default = { };
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.backup.mkRequester { options = shb.contracts.backup.mkRequester {
user = options.services.forgejo.user.value; user = options.services.forgejo.user.value;
sourceDirectories = [ sourceDirectories = [
options.services.forgejo.dump.backupDir.value options.services.forgejo.dump.backupDir.value
@ -342,7 +341,7 @@ in
}; };
mount = mkOption { mount = mkOption {
type = contracts.mount; type = shb.contracts.mount;
description = '' description = ''
Mount configuration. This is an output option. Mount configuration. This is an output option.

View file

@ -1,15 +1,13 @@
{ {
config, config,
pkgs,
lib, lib,
shb,
... ...
}: }:
let let
cfg = config.shb.grocy; cfg = config.shb.grocy;
contracts = pkgs.callPackage ../contracts { };
fqdn = "${cfg.subdomain}.${cfg.domain}"; fqdn = "${cfg.subdomain}.${cfg.domain}";
in in
{ {
@ -68,7 +66,7 @@ in
ssl = lib.mkOption { ssl = lib.mkOption {
description = "Path to SSL files"; description = "Path to SSL files";
type = lib.types.nullOr contracts.ssl.certs; type = lib.types.nullOr shb.contracts.ssl.certs;
default = null; default = null;
}; };
@ -90,7 +88,7 @@ in
''; '';
readOnly = true; readOnly = true;
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.backup.mkRequester { options = shb.contracts.backup.mkRequester {
user = "grocy"; user = "grocy";
sourceDirectories = [ sourceDirectories = [
cfg.dataDir cfg.dataDir

View file

@ -1,15 +1,13 @@
{ {
config, config,
pkgs,
lib, lib,
shb,
... ...
}: }:
let let
cfg = config.shb.hledger; cfg = config.shb.hledger;
contracts = pkgs.callPackage ../contracts { };
fqdn = "${cfg.subdomain}.${cfg.domain}"; fqdn = "${cfg.subdomain}.${cfg.domain}";
in in
{ {
@ -40,7 +38,7 @@ in
ssl = lib.mkOption { ssl = lib.mkOption {
description = "Path to SSL files"; description = "Path to SSL files";
type = lib.types.nullOr contracts.ssl.certs; type = lib.types.nullOr shb.contracts.ssl.certs;
default = null; default = null;
}; };
@ -70,7 +68,7 @@ in
''; '';
default = { }; default = { };
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.backup.mkRequester { options = shb.contracts.backup.mkRequester {
user = "hledger"; user = "hledger";
sourceDirectories = [ sourceDirectories = [
cfg.dataDir cfg.dataDir

View file

@ -2,14 +2,13 @@
config, config,
pkgs, pkgs,
lib, lib,
shb,
... ...
}: }:
let let
cfg = config.shb.home-assistant; cfg = config.shb.home-assistant;
contracts = pkgs.callPackage ../contracts { };
fqdn = "${cfg.subdomain}.${cfg.domain}"; fqdn = "${cfg.subdomain}.${cfg.domain}";
ldap_auth_script_repo = pkgs.fetchFromGitHub { ldap_auth_script_repo = pkgs.fetchFromGitHub {
@ -32,6 +31,10 @@ let
configWithSecretsIncludes = nonSecrets // (lib.attrsets.mapAttrs (k: v: "!secret ${k}") secrets); configWithSecretsIncludes = nonSecrets // (lib.attrsets.mapAttrs (k: v: "!secret ${k}") secrets);
in in
{ {
imports = [
../../lib/module.nix
];
options.shb.home-assistant = { options.shb.home-assistant = {
enable = lib.mkEnableOption "selfhostblocks.home-assistant"; enable = lib.mkEnableOption "selfhostblocks.home-assistant";
@ -49,7 +52,7 @@ in
ssl = lib.mkOption { ssl = lib.mkOption {
description = "Path to SSL files"; description = "Path to SSL files";
type = lib.types.nullOr contracts.ssl.certs; type = lib.types.nullOr shb.contracts.ssl.certs;
default = null; default = null;
}; };
@ -61,35 +64,35 @@ in
name = lib.mkOption { name = lib.mkOption {
type = lib.types.oneOf [ type = lib.types.oneOf [
lib.types.str lib.types.str
lib.shb.secretFileType shb.secretFileType
]; ];
description = "Name of the Home Assistant instance."; description = "Name of the Home Assistant instance.";
}; };
country = lib.mkOption { country = lib.mkOption {
type = lib.types.oneOf [ type = lib.types.oneOf [
lib.types.str lib.types.str
lib.shb.secretFileType shb.secretFileType
]; ];
description = "Two letter country code where this instance is located."; description = "Two letter country code where this instance is located.";
}; };
latitude = lib.mkOption { latitude = lib.mkOption {
type = lib.types.oneOf [ type = lib.types.oneOf [
lib.types.str lib.types.str
lib.shb.secretFileType shb.secretFileType
]; ];
description = "Latitude where this instance is located."; description = "Latitude where this instance is located.";
}; };
longitude = lib.mkOption { longitude = lib.mkOption {
type = lib.types.oneOf [ type = lib.types.oneOf [
lib.types.str lib.types.str
lib.shb.secretFileType shb.secretFileType
]; ];
description = "Longitude where this instance is located."; description = "Longitude where this instance is located.";
}; };
time_zone = lib.mkOption { time_zone = lib.mkOption {
type = lib.types.oneOf [ type = lib.types.oneOf [
lib.types.str lib.types.str
lib.shb.secretFileType shb.secretFileType
]; ];
description = "Timezone of this instance."; description = "Timezone of this instance.";
example = "America/Los_Angeles"; example = "America/Los_Angeles";
@ -206,7 +209,7 @@ in
''; '';
default = { }; default = { };
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.backup.mkRequester { options = shb.contracts.backup.mkRequester {
user = "hass"; user = "hass";
# No need for backup hooks as we use an hourly automation job in home assistant directly with a cron job. # No need for backup hooks as we use an hourly automation job in home assistant directly with a cron job.
sourceDirectories = [ sourceDirectories = [
@ -383,10 +386,10 @@ in
fi fi
'' ''
) )
+ (lib.shb.replaceSecrets { + (shb.replaceSecrets {
userConfig = cfg.config; userConfig = cfg.config;
resultPath = "${config.services.home-assistant.configDir}/secrets.yaml"; resultPath = "${config.services.home-assistant.configDir}/secrets.yaml";
generator = lib.shb.replaceSecretsGeneratorAdapter (lib.generators.toYAML { }); generator = shb.replaceSecretsGeneratorAdapter (lib.generators.toYAML { });
}); });
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [

View file

@ -2,14 +2,13 @@
config, config,
pkgs, pkgs,
lib, lib,
shb,
... ...
}: }:
let let
cfg = config.shb.immich; cfg = config.shb.immich;
contracts = pkgs.callPackage ../contracts { };
fqdn = "${cfg.subdomain}.${cfg.domain}"; fqdn = "${cfg.subdomain}.${cfg.domain}";
protocol = if !(isNull cfg.ssl) then "https" else "http"; protocol = if !(isNull cfg.ssl) then "https" else "http";
@ -76,10 +75,10 @@ let
# Use SHB's replaceSecrets function for loading secrets at runtime # Use SHB's replaceSecrets function for loading secrets at runtime
configSetupScript = lib.optionalString (cfg.sso.enable || cfg.smtp != null) ( configSetupScript = lib.optionalString (cfg.sso.enable || cfg.smtp != null) (
lib.shb.replaceSecrets { shb.replaceSecrets {
userConfig = shbManagedSettings; userConfig = shbManagedSettings;
resultPath = configFile; resultPath = configFile;
generator = lib.shb.replaceSecretsFormatAdapter (pkgs.formats.json { }); generator = shb.replaceSecretsFormatAdapter (pkgs.formats.json { });
user = "immich"; user = "immich";
permissions = "u=r,g=,o="; permissions = "u=r,g=,o=";
} }
@ -106,6 +105,7 @@ let
in in
{ {
imports = [ imports = [
../../lib/module.nix
../blocks/nginx.nix ../blocks/nginx.nix
]; ];
@ -146,7 +146,7 @@ in
ssl = mkOption { ssl = mkOption {
description = "Path to SSL files"; description = "Path to SSL files";
type = nullOr contracts.ssl.certs; type = nullOr shb.contracts.ssl.certs;
default = null; default = null;
}; };
@ -162,7 +162,7 @@ in
This is required for secure session management. This is required for secure session management.
''; '';
type = nullOr (submodule { type = nullOr (submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
owner = "immich"; owner = "immich";
restartUnits = [ "immich-server.service" ]; restartUnits = [ "immich-server.service" ];
@ -172,7 +172,7 @@ in
}; };
mount = mkOption { mount = mkOption {
type = contracts.mount; type = shb.contracts.mount;
description = '' description = ''
Mount configuration. This is an output option. Mount configuration. This is an output option.
@ -197,7 +197,7 @@ in
''; '';
default = { }; default = { };
type = submodule { type = submodule {
options = contracts.backup.mkRequester { options = shb.contracts.backup.mkRequester {
user = "immich"; user = "immich";
sourceDirectories = [ sourceDirectories = [
dataFolder dataFolder
@ -328,7 +328,7 @@ in
sharedSecret = mkOption { sharedSecret = mkOption {
description = "OIDC shared secret for Immich."; description = "OIDC shared secret for Immich.";
type = submodule { type = submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
owner = "immich"; owner = "immich";
group = "immich"; group = "immich";
@ -340,7 +340,7 @@ in
sharedSecretForAuthelia = mkOption { sharedSecretForAuthelia = mkOption {
description = "OIDC shared secret for Authelia. Content must be the same as `sharedSecret` option."; description = "OIDC shared secret for Authelia. Content must be the same as `sharedSecret` option.";
type = submodule { type = submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
owner = "authelia"; owner = "authelia";
}; };
@ -420,7 +420,7 @@ in
password = mkOption { password = mkOption {
description = "File containing the password to connect to the SMTP host."; description = "File containing the password to connect to the SMTP host.";
type = submodule { type = submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
owner = "immich"; owner = "immich";
restartUnits = [ "immich-server.service" ]; restartUnits = [ "immich-server.service" ];

View file

@ -2,6 +2,7 @@
config, config,
lib, lib,
pkgs, pkgs,
shb,
... ...
}: }:
@ -10,8 +11,6 @@ let
cfg = config.shb.jellyfin; cfg = config.shb.jellyfin;
contracts = pkgs.callPackage ../contracts { };
fqdn = "${cfg.subdomain}.${cfg.domain}"; fqdn = "${cfg.subdomain}.${cfg.domain}";
jellyfin-cli = pkgs.buildDotnetModule rec { jellyfin-cli = pkgs.buildDotnetModule rec {
@ -83,7 +82,7 @@ in
ssl = lib.mkOption { ssl = lib.mkOption {
description = "Path to SSL files"; description = "Path to SSL files";
type = types.nullOr contracts.ssl.certs; type = types.nullOr shb.contracts.ssl.certs;
default = null; default = null;
}; };
@ -107,7 +106,7 @@ in
password = lib.mkOption { password = lib.mkOption {
description = "Password of the default admin user."; description = "Password of the default admin user.";
type = types.submodule { type = types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0440"; mode = "0440";
owner = "jellyfin"; owner = "jellyfin";
group = "jellyfin"; group = "jellyfin";
@ -160,7 +159,7 @@ in
adminPassword = lib.mkOption { adminPassword = lib.mkOption {
description = "LDAP admin password."; description = "LDAP admin password.";
type = types.submodule { type = types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0440"; mode = "0440";
owner = "jellyfin"; owner = "jellyfin";
group = "jellyfin"; group = "jellyfin";
@ -221,7 +220,7 @@ in
sharedSecret = lib.mkOption { sharedSecret = lib.mkOption {
description = "OIDC shared secret for Jellyfin."; description = "OIDC shared secret for Jellyfin.";
type = types.submodule { type = types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0440"; mode = "0440";
owner = "jellyfin"; owner = "jellyfin";
group = "jellyfin"; group = "jellyfin";
@ -233,7 +232,7 @@ in
sharedSecretForAuthelia = lib.mkOption { sharedSecretForAuthelia = lib.mkOption {
description = "OIDC shared secret for Authelia."; description = "OIDC shared secret for Authelia.";
type = types.submodule { type = types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
ownerText = "config.shb.authelia.autheliaUser"; ownerText = "config.shb.authelia.autheliaUser";
owner = config.shb.authelia.autheliaUser; owner = config.shb.authelia.autheliaUser;
@ -250,7 +249,7 @@ in
''; '';
default = { }; default = { };
type = types.submodule { type = types.submodule {
options = contracts.backup.mkRequester { options = shb.contracts.backup.mkRequester {
user = "jellyfin"; user = "jellyfin";
sourceDirectories = [ sourceDirectories = [
config.services.jellyfin.dataDir config.services.jellyfin.dataDir
@ -265,6 +264,8 @@ in
}; };
imports = [ imports = [
../../lib/module.nix
(lib.mkRenamedOptionModule (lib.mkRenamedOptionModule
[ "shb" "jellyfin" "adminPassword" ] [ "shb" "jellyfin" "adminPassword" ]
[ "shb" "jellyfin" "admin" "password" ] [ "shb" "jellyfin" "admin" "password" ]
@ -586,7 +587,7 @@ in
fi fi
ln -fs "${debugLogging}" "${config.services.jellyfin.configDir}/logging.json" ln -fs "${debugLogging}" "${config.services.jellyfin.configDir}/logging.json"
'' ''
+ (lib.shb.replaceSecretsScript { + (shb.replaceSecretsScript {
file = networkConfig; file = networkConfig;
# Write permissions are needed otherwise the jellyfin-cli tool will not work correctly. # Write permissions are needed otherwise the jellyfin-cli tool will not work correctly.
permissions = "u=rw,g=rw,o="; permissions = "u=rw,g=rw,o=";
@ -595,7 +596,7 @@ in
]; ];
}) })
+ lib.strings.optionalString cfg.ldap.enable ( + lib.strings.optionalString cfg.ldap.enable (
lib.shb.replaceSecretsScript { shb.replaceSecretsScript {
file = ldapConfig; file = ldapConfig;
resultPath = "${config.services.jellyfin.dataDir}/plugins/configurations/LDAP-Auth.xml"; resultPath = "${config.services.jellyfin.dataDir}/plugins/configurations/LDAP-Auth.xml";
replacements = [ replacements = [
@ -607,7 +608,7 @@ in
} }
) )
+ lib.strings.optionalString cfg.sso.enable ( + lib.strings.optionalString cfg.sso.enable (
lib.shb.replaceSecretsScript { shb.replaceSecretsScript {
file = ssoConfig; file = ssoConfig;
resultPath = "${config.services.jellyfin.dataDir}/plugins/configurations/SSO-Auth.xml"; resultPath = "${config.services.jellyfin.dataDir}/plugins/configurations/SSO-Auth.xml";
replacements = [ replacements = [
@ -619,7 +620,7 @@ in
} }
) )
+ lib.strings.optionalString cfg.sso.enable ( + lib.strings.optionalString cfg.sso.enable (
lib.shb.replaceSecretsScript { shb.replaceSecretsScript {
file = brandingConfig; file = brandingConfig;
resultPath = "${config.services.jellyfin.dataDir}/config/branding.xml"; resultPath = "${config.services.jellyfin.dataDir}/config/branding.xml";
replacements = [ replacements = [

View file

@ -1,16 +1,15 @@
{ {
config, config,
lib, lib,
pkgs, shb,
... ...
}: }:
let let
cfg = config.shb.karakeep; cfg = config.shb.karakeep;
contracts = pkgs.callPackage ../contracts { };
in in
{ {
imports = [ imports = [
../../lib/module.nix
../blocks/nginx.nix ../blocks/nginx.nix
]; ];
@ -31,7 +30,7 @@ in
ssl = lib.mkOption { ssl = lib.mkOption {
description = "Path to SSL files"; description = "Path to SSL files";
type = lib.types.nullOr contracts.ssl.certs; type = lib.types.nullOr shb.contracts.ssl.certs;
default = null; default = null;
}; };
@ -106,7 +105,7 @@ in
sharedSecret = lib.mkOption { sharedSecret = lib.mkOption {
description = "OIDC shared secret for Karakeep."; description = "OIDC shared secret for Karakeep.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
owner = "karakeep"; owner = "karakeep";
# These services are the ones relying on the environment file containing the secrets. # These services are the ones relying on the environment file containing the secrets.
restartUnits = [ restartUnits = [
@ -121,7 +120,7 @@ in
sharedSecretForAuthelia = lib.mkOption { sharedSecretForAuthelia = lib.mkOption {
description = "OIDC shared secret for Authelia. Must be the same as `sharedSecret`"; description = "OIDC shared secret for Authelia. Must be the same as `sharedSecret`";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
ownerText = "config.shb.authelia.autheliaUser"; ownerText = "config.shb.authelia.autheliaUser";
owner = config.shb.authelia.autheliaUser; owner = config.shb.authelia.autheliaUser;
@ -138,7 +137,7 @@ in
''; '';
default = { }; default = { };
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.backup.mkRequester { options = shb.contracts.backup.mkRequester {
user = "karakeep"; user = "karakeep";
sourceDirectories = [ sourceDirectories = [
"/var/lib/karakeep" "/var/lib/karakeep"
@ -150,7 +149,7 @@ in
nextauthSecret = lib.mkOption { nextauthSecret = lib.mkOption {
description = "NextAuth secret."; description = "NextAuth secret.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
owner = "karakeep"; owner = "karakeep";
# These services are the ones relying on the environment file containing the secrets. # These services are the ones relying on the environment file containing the secrets.
restartUnits = [ restartUnits = [
@ -165,7 +164,7 @@ in
meilisearchMasterKey = lib.mkOption { meilisearchMasterKey = lib.mkOption {
description = "Master key used to secure communication with Meilisearch."; description = "Master key used to secure communication with Meilisearch.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
owner = "karakeep"; owner = "karakeep";
# These services are the ones relying on the environment file containing the secrets. # These services are the ones relying on the environment file containing the secrets.
restartUnits = [ restartUnits = [
@ -204,7 +203,7 @@ in
# instead of using the value from the cfg.meilisearchMasterKey option. # instead of using the value from the cfg.meilisearchMasterKey option.
systemd.services.karakeep-init = { systemd.services.karakeep-init = {
script = lib.mkForce ( script = lib.mkForce (
(lib.shb.replaceSecrets { (shb.replaceSecrets {
userConfig = { userConfig = {
MEILI_MASTER_KEY.source = cfg.meilisearchMasterKey.result.path; MEILI_MASTER_KEY.source = cfg.meilisearchMasterKey.result.path;
NEXTAUTH_SECRET.source = cfg.nextauthSecret.result.path; NEXTAUTH_SECRET.source = cfg.nextauthSecret.result.path;
@ -213,7 +212,7 @@ in
OAUTH_CLIENT_SECRET.source = cfg.sso.sharedSecret.result.path; OAUTH_CLIENT_SECRET.source = cfg.sso.sharedSecret.result.path;
}; };
resultPath = "/var/lib/karakeep/settings.env"; resultPath = "/var/lib/karakeep/settings.env";
generator = lib.shb.toEnvVar; generator = shb.toEnvVar;
}) })
+ '' + ''
export DATA_DIR="$STATE_DIRECTORY" export DATA_DIR="$STATE_DIRECTORY"

View file

@ -2,6 +2,7 @@
config, config,
pkgs, pkgs,
lib, lib,
shb,
... ...
}: }:
@ -18,8 +19,6 @@ let
else else
"${cfg.apps.sso.endpoint}:${toString cfg.apps.sso.port}"; "${cfg.apps.sso.endpoint}:${toString cfg.apps.sso.port}";
contracts = pkgs.callPackage ../contracts { };
nextcloudPkg = builtins.getAttr ("nextcloud" + builtins.toString cfg.version) pkgs; nextcloudPkg = builtins.getAttr ("nextcloud" + builtins.toString cfg.version) pkgs;
nextcloudApps = nextcloudApps =
(builtins.getAttr ("nextcloud" + builtins.toString cfg.version + "Packages") pkgs).apps; (builtins.getAttr ("nextcloud" + builtins.toString cfg.version + "Packages") pkgs).apps;
@ -27,6 +26,10 @@ let
occ = "${config.services.nextcloud.occ}/bin/nextcloud-occ"; occ = "${config.services.nextcloud.occ}/bin/nextcloud-occ";
in in
{ {
imports = [
../../lib/module.nix
];
options.shb.nextcloud = { options.shb.nextcloud = {
enable = lib.mkEnableOption "selfhostblocks.nextcloud-server"; enable = lib.mkEnableOption "selfhostblocks.nextcloud-server";
@ -68,7 +71,7 @@ in
ssl = lib.mkOption { ssl = lib.mkOption {
description = "Path to SSL files"; description = "Path to SSL files";
type = lib.types.nullOr contracts.ssl.certs; type = lib.types.nullOr shb.contracts.ssl.certs;
default = null; default = null;
}; };
@ -110,7 +113,7 @@ in
adminPass = lib.mkOption { adminPass = lib.mkOption {
description = "Nextcloud admin password."; description = "Nextcloud admin password.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
owner = "nextcloud"; owner = "nextcloud";
restartUnits = [ "phpfpm-nextcloud.service" ]; restartUnits = [ "phpfpm-nextcloud.service" ];
@ -251,7 +254,7 @@ in
ssl = lib.mkOption { ssl = lib.mkOption {
description = "Path to SSL files"; description = "Path to SSL files";
type = lib.types.nullOr contracts.ssl.certs; type = lib.types.nullOr shb.contracts.ssl.certs;
default = null; default = null;
}; };
@ -424,7 +427,7 @@ in
adminPassword = lib.mkOption { adminPassword = lib.mkOption {
description = "LDAP server admin password."; description = "LDAP server admin password.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
owner = "nextcloud"; owner = "nextcloud";
restartUnits = [ "phpfpm-nextcloud.service" ]; restartUnits = [ "phpfpm-nextcloud.service" ];
@ -505,7 +508,7 @@ in
secret = lib.mkOption { secret = lib.mkOption {
description = "OIDC shared secret."; description = "OIDC shared secret.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
owner = "nextcloud"; owner = "nextcloud";
restartUnits = [ "phpfpm-nextcloud.service" ]; restartUnits = [ "phpfpm-nextcloud.service" ];
@ -516,7 +519,7 @@ in
secretForAuthelia = lib.mkOption { secretForAuthelia = lib.mkOption {
description = "OIDC shared secret. Content must be the same as `secretFile` option."; description = "OIDC shared secret. Content must be the same as `secretFile` option.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
owner = "authelia"; owner = "authelia";
}; };
@ -625,7 +628,7 @@ in
''; '';
default = { }; default = { };
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.backup.mkRequester { options = shb.contracts.backup.mkRequester {
user = "nextcloud"; user = "nextcloud";
sourceDirectories = [ sourceDirectories = [
cfg.dataDir cfg.dataDir

View file

@ -2,13 +2,12 @@
config, config,
lib, lib,
pkgs, pkgs,
shb,
... ...
}: }:
let let
cfg = config.shb.open-webui; cfg = config.shb.open-webui;
contracts = pkgs.callPackage ../contracts { };
roleClaim = "openwebui_groups"; roleClaim = "openwebui_groups";
oauthScopes = [ oauthScopes = [
"openid" "openid"
@ -20,6 +19,7 @@ let
in in
{ {
imports = [ imports = [
../../lib/module.nix
../blocks/nginx.nix ../blocks/nginx.nix
]; ];
@ -40,7 +40,7 @@ in
ssl = lib.mkOption { ssl = lib.mkOption {
description = "Path to SSL files"; description = "Path to SSL files";
type = lib.types.nullOr contracts.ssl.certs; type = lib.types.nullOr shb.contracts.ssl.certs;
default = null; default = null;
}; };
@ -124,7 +124,7 @@ in
sharedSecret = lib.mkOption { sharedSecret = lib.mkOption {
description = "OIDC shared secret for Open-WebUI."; description = "OIDC shared secret for Open-WebUI.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
owner = "open-webui"; owner = "open-webui";
restartUnits = [ "open-webui.service" ]; restartUnits = [ "open-webui.service" ];
}; };
@ -134,7 +134,7 @@ in
sharedSecretForAuthelia = lib.mkOption { sharedSecretForAuthelia = lib.mkOption {
description = "OIDC shared secret for Authelia. Must be the same as `sharedSecret`"; description = "OIDC shared secret for Authelia. Must be the same as `sharedSecret`";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
ownerText = "config.shb.authelia.autheliaUser"; ownerText = "config.shb.authelia.autheliaUser";
owner = config.shb.authelia.autheliaUser; owner = config.shb.authelia.autheliaUser;
@ -151,7 +151,7 @@ in
''; '';
default = { }; default = { };
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.backup.mkRequester { options = shb.contracts.backup.mkRequester {
user = "open-webui"; user = "open-webui";
sourceDirectories = [ sourceDirectories = [
config.services.open-webui.stateDir config.services.open-webui.stateDir
@ -270,12 +270,12 @@ in
"d '/run/open-webui' 0750 root root - -" "d '/run/open-webui' 0750 root root - -"
]; ];
systemd.services.open-webui-pre = { systemd.services.open-webui-pre = {
script = lib.shb.replaceSecrets { script = shb.replaceSecrets {
userConfig = { userConfig = {
OAUTH_CLIENT_SECRET.source = cfg.sso.sharedSecret.result.path; OAUTH_CLIENT_SECRET.source = cfg.sso.sharedSecret.result.path;
}; };
resultPath = "/run/open-webui/secrets.env"; resultPath = "/run/open-webui/secrets.env";
generator = lib.shb.toEnvVar; generator = shb.toEnvVar;
}; };
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];

View file

@ -2,12 +2,12 @@
config, config,
pkgs, pkgs,
lib, lib,
shb,
... ...
}: }:
let let
cfg = config.shb.paperless; cfg = config.shb.paperless;
contracts = pkgs.callPackage ../contracts { };
dataFolder = cfg.dataDir; dataFolder = cfg.dataDir;
fqdn = "${cfg.subdomain}.${cfg.domain}"; fqdn = "${cfg.subdomain}.${cfg.domain}";
protocol = if !(isNull cfg.ssl) then "https" else "http"; protocol = if !(isNull cfg.ssl) then "https" else "http";
@ -48,7 +48,7 @@ let
source = cfg.sso.sharedSecret.result.path; source = cfg.sso.sharedSecret.result.path;
} }
]; ];
replaceSecretsScript = lib.shb.replaceSecretsScript { replaceSecretsScript = shb.replaceSecretsScript {
file = ssoClientSettingsFile; file = ssoClientSettingsFile;
resultPath = "/run/paperless/paperless-sso-client.env"; resultPath = "/run/paperless/paperless-sso-client.env";
inherit replacements; inherit replacements;
@ -77,6 +77,7 @@ let
in in
{ {
imports = [ imports = [
../../lib/module.nix
../blocks/nginx.nix ../blocks/nginx.nix
]; ];
@ -117,7 +118,7 @@ in
ssl = mkOption { ssl = mkOption {
description = "Path to SSL files"; description = "Path to SSL files";
type = nullOr contracts.ssl.certs; type = nullOr shb.contracts.ssl.certs;
default = null; default = null;
}; };
@ -152,7 +153,7 @@ in
adminPassword = mkOption { adminPassword = mkOption {
description = "Secret containing the superuser (admin) password."; description = "Secret containing the superuser (admin) password.";
type = submodule { type = submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
owner = "paperless"; owner = "paperless";
group = "paperless"; group = "paperless";
@ -208,7 +209,7 @@ in
}; };
mount = mkOption { mount = mkOption {
type = contracts.mount; type = shb.contracts.mount;
description = '' description = ''
Mount configuration. This is an output option. Mount configuration. This is an output option.
@ -233,7 +234,7 @@ in
''; '';
default = { }; default = { };
type = submodule { type = submodule {
options = contracts.backup.mkRequester { options = shb.contracts.backup.mkRequester {
user = "paperless"; user = "paperless";
sourceDirectories = [ sourceDirectories = [
dataFolder dataFolder
@ -314,7 +315,7 @@ in
sharedSecret = mkOption { sharedSecret = mkOption {
description = "OIDC shared secret for paperless."; description = "OIDC shared secret for paperless.";
type = submodule { type = submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
owner = "paperless"; owner = "paperless";
group = "paperless"; group = "paperless";
@ -326,7 +327,7 @@ in
sharedSecretForAuthelia = mkOption { sharedSecretForAuthelia = mkOption {
description = "OIDC shared secret for Authelia. Content must be the same as `sharedSecret` option."; description = "OIDC shared secret for Authelia. Content must be the same as `sharedSecret` option.";
type = submodule { type = submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
owner = "authelia"; owner = "authelia";
}; };

View file

@ -2,17 +2,17 @@
config, config,
lib, lib,
pkgs, pkgs,
shb,
... ...
}: }:
let let
cfg = config.shb.pinchflat; cfg = config.shb.pinchflat;
inherit (lib) types; inherit (lib) types;
contracts = pkgs.callPackage ../contracts { };
in in
{ {
imports = [ imports = [
../../lib/module.nix
../blocks/nginx.nix ../blocks/nginx.nix
]; ];
@ -33,7 +33,7 @@ in
ssl = lib.mkOption { ssl = lib.mkOption {
description = "Path to SSL files"; description = "Path to SSL files";
type = lib.types.nullOr contracts.ssl.certs; type = lib.types.nullOr shb.contracts.ssl.certs;
default = null; default = null;
}; };
@ -50,7 +50,7 @@ in
Make sure the secret is at least 64 characters long. Make sure the secret is at least 64 characters long.
''; '';
type = types.submodule { type = types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
restartUnits = [ "pinchflat.service" ]; restartUnits = [ "pinchflat.service" ];
}; };
}; };
@ -64,7 +64,7 @@ in
timeZone = lib.mkOption { timeZone = lib.mkOption {
type = lib.types.oneOf [ type = lib.types.oneOf [
lib.types.str lib.types.str
lib.shb.secretFileType shb.secretFileType
]; ];
description = "Timezone of this instance."; description = "Timezone of this instance.";
example = "America/Los_Angeles"; example = "America/Los_Angeles";
@ -123,7 +123,7 @@ in
''; '';
default = { }; default = { };
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.backup.mkRequester { options = shb.contracts.backup.mkRequester {
user = "pinchflat"; user = "pinchflat";
sourceDirectories = [ sourceDirectories = [
cfg.mediaDir cfg.mediaDir
@ -158,13 +158,13 @@ in
}; };
systemd.services.pinchflat-pre = { systemd.services.pinchflat-pre = {
script = lib.shb.replaceSecrets { script = shb.replaceSecrets {
userConfig = { userConfig = {
SECRET_KEY_BASE.source = cfg.secretKeyBase.result.path; SECRET_KEY_BASE.source = cfg.secretKeyBase.result.path;
# TZ = cfg.secretKeyBase.result.path; # Uncomment when PR is merged. # TZ = cfg.secretKeyBase.result.path; # Uncomment when PR is merged.
}; };
resultPath = "/run/pinchflat/secrets.env"; resultPath = "/run/pinchflat/secrets.env";
generator = lib.shb.toEnvVar; generator = shb.toEnvVar;
}; };
serviceConfig.Type = "oneshot"; serviceConfig.Type = "oneshot";
wantedBy = [ "multi-user.target" ]; wantedBy = [ "multi-user.target" ];

View file

@ -1,15 +1,13 @@
{ {
config, config,
pkgs,
lib, lib,
shb,
... ...
}: }:
let let
cfg = config.shb.vaultwarden; cfg = config.shb.vaultwarden;
contracts = pkgs.callPackage ../contracts { };
fqdn = "${cfg.subdomain}.${cfg.domain}"; fqdn = "${cfg.subdomain}.${cfg.domain}";
dataFolder = dataFolder =
@ -20,6 +18,7 @@ let
in in
{ {
imports = [ imports = [
../../lib/module.nix
../blocks/nginx.nix ../blocks/nginx.nix
]; ];
@ -40,7 +39,7 @@ in
ssl = lib.mkOption { ssl = lib.mkOption {
description = "Path to SSL files"; description = "Path to SSL files";
type = lib.types.nullOr contracts.ssl.certs; type = lib.types.nullOr shb.contracts.ssl.certs;
default = null; default = null;
}; };
@ -60,7 +59,7 @@ in
databasePassword = lib.mkOption { databasePassword = lib.mkOption {
description = "File containing the Vaultwarden database password."; description = "File containing the Vaultwarden database password.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0440"; mode = "0440";
owner = "vaultwarden"; owner = "vaultwarden";
group = "postgres"; group = "postgres";
@ -118,7 +117,7 @@ in
password = lib.mkOption { password = lib.mkOption {
description = "File containing the password to connect to the SMTP host."; description = "File containing the password to connect to the SMTP host.";
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.secret.mkRequester { options = shb.contracts.secret.mkRequester {
mode = "0400"; mode = "0400";
owner = "vaultwarden"; owner = "vaultwarden";
restartUnits = [ "vaultwarden.service" ]; restartUnits = [ "vaultwarden.service" ];
@ -131,7 +130,7 @@ in
}; };
mount = lib.mkOption { mount = lib.mkOption {
type = contracts.mount; type = shb.contracts.mount;
description = '' description = ''
Mount configuration. This is an output option. Mount configuration. This is an output option.
@ -156,7 +155,7 @@ in
''; '';
default = { }; default = { };
type = lib.types.submodule { type = lib.types.submodule {
options = contracts.backup.mkRequester { options = shb.contracts.backup.mkRequester {
user = "vaultwarden"; user = "vaultwarden";
sourceDirectories = [ sourceDirectories = [
dataFolder dataFolder
@ -210,7 +209,7 @@ in
]; ];
# Needed to be able to write template config. # Needed to be able to write template config.
systemd.services.vaultwarden.serviceConfig.ProtectHome = lib.mkForce false; systemd.services.vaultwarden.serviceConfig.ProtectHome = lib.mkForce false;
systemd.services.vaultwarden.preStart = lib.shb.replaceSecrets { systemd.services.vaultwarden.preStart = shb.replaceSecrets {
userConfig = { userConfig = {
DATABASE_URL.source = cfg.databasePassword.result.path; DATABASE_URL.source = cfg.databasePassword.result.path;
DATABASE_URL.transform = v: "postgresql://vaultwarden:${v}@127.0.0.1:5432/vaultwarden"; DATABASE_URL.transform = v: "postgresql://vaultwarden:${v}@127.0.0.1:5432/vaultwarden";
@ -219,7 +218,7 @@ in
SMTP_PASSWORD.source = cfg.smtp.password.result.path; SMTP_PASSWORD.source = cfg.smtp.password.result.path;
}; };
resultPath = "${dataFolder}/vaultwarden.env"; resultPath = "${dataFolder}/vaultwarden.env";
generator = lib.shb.toEnvVar; generator = shb.toEnvVar;
}; };
shb.nginx.vhosts = [ shb.nginx.vhosts = [

View file

@ -1,11 +1,11 @@
{ pkgs, lib, ... }: { pkgs, shb, ... }:
let let
pkgs' = pkgs; pkgs' = pkgs;
ldapAdminPassword = "ldapAdminPassword"; ldapAdminPassword = "ldapAdminPassword";
in in
{ {
basic = lib.shb.runNixOSTest { basic = shb.test.runNixOSTest {
name = "authelia-basic"; name = "authelia-basic";
nodes.machine = nodes.machine =

View file

@ -1,15 +1,15 @@
{ lib, ... }: { shb, ... }:
let let
commonTest = commonTest =
user: user:
lib.shb.runNixOSTest { shb.test.runNixOSTest {
name = "borgbackup_backupAndRestore_${user}"; name = "borgbackup_backupAndRestore_${user}";
nodes.machine = nodes.machine =
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseImports shb.test.baseImports
../../modules/blocks/hardcodedsecret.nix ../../modules/blocks/hardcodedsecret.nix
../../modules/blocks/borgbackup.nix ../../modules/blocks/borgbackup.nix

View file

@ -1,4 +1,9 @@
{ pkgs, lib, ... }: {
pkgs,
lib,
shb,
...
}:
let let
pkgs' = pkgs; pkgs' = pkgs;
in in
@ -22,39 +27,39 @@ in
d.d = "not secret D"; d.d = "not secret D";
}; };
configWithTemplates = lib.shb.withReplacements userConfig; configWithTemplates = shb.withReplacements userConfig;
nonSecretConfigFile = pkgs.writeText "config.yaml.template" ( nonSecretConfigFile = pkgs.writeText "config.yaml.template" (
lib.generators.toJSON { } configWithTemplates lib.generators.toJSON { } configWithTemplates
); );
replacements = lib.shb.getReplacements userConfig; replacements = shb.getReplacements userConfig;
replaceInTemplate = lib.shb.replaceSecretsScript { replaceInTemplate = shb.replaceSecretsScript {
file = nonSecretConfigFile; file = nonSecretConfigFile;
resultPath = "/var/lib/config.yaml"; resultPath = "/var/lib/config.yaml";
inherit replacements; inherit replacements;
}; };
replaceInTemplateJSON = lib.shb.replaceSecrets { replaceInTemplateJSON = shb.replaceSecrets {
inherit userConfig; inherit userConfig;
resultPath = "/var/lib/config.json"; resultPath = "/var/lib/config.json";
generator = lib.shb.replaceSecretsFormatAdapter (pkgs.formats.json { }); generator = shb.replaceSecretsFormatAdapter (pkgs.formats.json { });
}; };
replaceInTemplateJSONGen = lib.shb.replaceSecrets { replaceInTemplateJSONGen = shb.replaceSecrets {
inherit userConfig; inherit userConfig;
resultPath = "/var/lib/config_gen.json"; resultPath = "/var/lib/config_gen.json";
generator = lib.shb.replaceSecretsGeneratorAdapter (lib.generators.toJSON { }); generator = shb.replaceSecretsGeneratorAdapter (lib.generators.toJSON { });
}; };
replaceInTemplateXML = lib.shb.replaceSecrets { replaceInTemplateXML = shb.replaceSecrets {
inherit userConfig; inherit userConfig;
resultPath = "/var/lib/config.xml"; resultPath = "/var/lib/config.xml";
generator = lib.shb.replaceSecretsFormatAdapter (lib.shb.formatXML { enclosingRoot = "Root"; }); generator = shb.replaceSecretsFormatAdapter (shb.formatXML { enclosingRoot = "Root"; });
}; };
in in
lib.shb.runNixOSTest { shb.test.runNixOSTest {
name = "lib-template"; name = "lib-template";
nodes.machine = nodes.machine =
{ config, pkgs, ... }: { config, pkgs, ... }:

View file

@ -1,4 +1,9 @@
{ pkgs, lib, ... }: {
pkgs,
lib,
shb,
...
}:
let let
pkgs' = pkgs; pkgs' = pkgs;
@ -6,7 +11,7 @@ let
charliePassword = "CharliePassword"; charliePassword = "CharliePassword";
in in
{ {
auth = lib.shb.runNixOSTest { auth = shb.test.runNixOSTest {
name = "ldap-auth"; name = "ldap-auth";
nodes.server = nodes.server =

View file

@ -1,4 +1,9 @@
{ pkgs, lib, ... }: {
pkgs,
lib,
shb,
...
}:
let let
serve = serve =
port: text: port: text:
@ -45,7 +50,7 @@ let
); );
in in
{ {
default = lib.shb.runNixOSTest { default = shb.test.runNixOSTest {
name = "mitmdump-default"; name = "mitmdump-default";
nodes.machine = nodes.machine =

View file

@ -1,9 +1,9 @@
{ lib, ... }: { lib, shb, ... }:
let let
password = "securepw"; password = "securepw";
oidcSecret = "oidcSecret"; oidcSecret = "oidcSecret";
commonTestScript = lib.shb.accessScript { commonTestScript = shb.test.accessScript {
hasSSL = { node, ... }: !(isNull node.config.shb.monitoring.ssl); hasSSL = { node, ... }: !(isNull node.config.shb.monitoring.ssl);
waitForServices = waitForServices =
{ ... }: { ... }:
@ -21,7 +21,7 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
../../modules/blocks/monitoring.nix ../../modules/blocks/monitoring.nix
]; ];
@ -71,8 +71,8 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
lib.shb.clientLoginModule shb.test.clientLoginModule
]; ];
test = { test = {
subdomain = "g"; subdomain = "g";
@ -161,7 +161,7 @@ let
}; };
in in
{ {
basic = lib.shb.runNixOSTest { basic = shb.test.runNixOSTest {
name = "monitoring_basic"; name = "monitoring_basic";
nodes.server = { nodes.server = {
@ -175,13 +175,13 @@ in
testScript = commonTestScript; testScript = commonTestScript;
}; };
https = lib.shb.runNixOSTest { https = shb.test.runNixOSTest {
name = "monitoring_https"; name = "monitoring_https";
nodes.server = { nodes.server = {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
]; ];
}; };
@ -191,7 +191,7 @@ in
testScript = commonTestScript; testScript = commonTestScript;
}; };
sso = lib.shb.runNixOSTest { sso = shb.test.runNixOSTest {
name = "monitoring_sso"; name = "monitoring_sso";
nodes.client = { nodes.client = {
@ -206,11 +206,11 @@ in
{ {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
lib.shb.ldap shb.test.ldap
ldap ldap
(lib.shb.sso config.shb.certs.certs.selfsigned.n) (shb.test.sso config.shb.certs.certs.selfsigned.n)
sso sso
]; ];

View file

@ -1,9 +1,14 @@
{ pkgs, lib, ... }: {
pkgs,
lib,
shb,
...
}:
let let
pkgs' = pkgs; pkgs' = pkgs;
in in
{ {
peerWithoutUser = lib.shb.runNixOSTest { peerWithoutUser = shb.test.runNixOSTest {
name = "postgresql-peerWithoutUser"; name = "postgresql-peerWithoutUser";
nodes.machine = nodes.machine =
@ -44,7 +49,7 @@ in
''; '';
}; };
peerAuth = lib.shb.runNixOSTest { peerAuth = shb.test.runNixOSTest {
name = "postgresql-peerAuth"; name = "postgresql-peerAuth";
nodes.machine = nodes.machine =
@ -98,7 +103,7 @@ in
''; '';
}; };
tcpIPWithoutPasswordAuth = lib.shb.runNixOSTest { tcpIPWithoutPasswordAuth = shb.test.runNixOSTest {
name = "postgresql-tcpIpWithoutPasswordAuth"; name = "postgresql-tcpIpWithoutPasswordAuth";
nodes.machine = nodes.machine =
@ -140,7 +145,7 @@ in
''; '';
}; };
tcpIPPasswordAuth = lib.shb.runNixOSTest { tcpIPPasswordAuth = shb.test.runNixOSTest {
name = "postgresql-tcpIPPasswordAuth"; name = "postgresql-tcpIPPasswordAuth";
nodes.machine = nodes.machine =

View file

@ -1,15 +1,15 @@
{ lib, ... }: { lib, shb, ... }:
let let
commonTest = commonTest =
user: user:
lib.shb.runNixOSTest { shb.test.runNixOSTest {
name = "restic_backupAndRestore_${user}"; name = "restic_backupAndRestore_${user}";
nodes.machine = nodes.machine =
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseImports shb.test.baseImports
../../modules/blocks/hardcodedsecret.nix ../../modules/blocks/hardcodedsecret.nix
../../modules/blocks/restic.nix ../../modules/blocks/restic.nix

View file

@ -1,9 +1,9 @@
{ pkgs, lib, ... }: { pkgs, shb, ... }:
let let
pkgs' = pkgs; pkgs' = pkgs;
in in
{ {
test = lib.shb.runNixOSTest { test = shb.test.runNixOSTest {
name = "ssl-test"; name = "ssl-test";
nodes.server = nodes.server =

View file

@ -1,9 +1,6 @@
{ pkgs, ... }: { shb, ... }:
let
contracts = pkgs.callPackage ../../modules/contracts { };
in
{ {
restic_root = contracts.test.backup { restic_root = shb.contracts.test.backup {
name = "restic_root"; name = "restic_root";
username = "root"; username = "root";
providerRoot = [ providerRoot = [
@ -38,7 +35,7 @@ in
}; };
}; };
restic_nonroot = contracts.test.backup { restic_nonroot = shb.contracts.test.backup {
name = "restic_nonroot"; name = "restic_nonroot";
username = "me"; username = "me";
providerRoot = [ providerRoot = [
@ -73,7 +70,7 @@ in
}; };
}; };
borgbackup_root = contracts.test.backup { borgbackup_root = shb.contracts.test.backup {
name = "borgbackup_root"; name = "borgbackup_root";
username = "root"; username = "root";
providerRoot = [ providerRoot = [
@ -108,7 +105,7 @@ in
}; };
}; };
borgbackup_nonroot = contracts.test.backup { borgbackup_nonroot = shb.contracts.test.backup {
name = "borgbackup_nonroot"; name = "borgbackup_nonroot";
username = "me"; username = "me";
providerRoot = [ providerRoot = [

View file

@ -1,9 +1,6 @@
{ pkgs, ... }: { shb, ... }:
let
contracts = pkgs.callPackage ../../modules/contracts { };
in
{ {
restic_postgres = contracts.test.databasebackup { restic_postgres = shb.contracts.test.databasebackup {
name = "restic_postgres"; name = "restic_postgres";
requesterRoot = [ requesterRoot = [
"shb" "shb"
@ -49,7 +46,7 @@ in
}; };
}; };
borgbackup_postgres = contracts.test.databasebackup { borgbackup_postgres = shb.contracts.test.databasebackup {
name = "borgbackup_postgres"; name = "borgbackup_postgres";
requesterRoot = [ requesterRoot = [
"shb" "shb"

View file

@ -1,9 +1,6 @@
{ pkgs, ... }: { shb, ... }:
let
contracts = pkgs.callPackage ../../modules/contracts { };
in
{ {
hardcoded_root_root = contracts.test.secret { hardcoded_root_root = shb.contracts.test.secret {
name = "hardcoded"; name = "hardcoded";
modules = [ ../../modules/blocks/hardcodedsecret.nix ]; modules = [ ../../modules/blocks/hardcodedsecret.nix ];
configRoot = [ configRoot = [
@ -15,7 +12,7 @@ in
}; };
}; };
hardcoded_user_group = contracts.test.secret { hardcoded_user_group = shb.contracts.test.secret {
name = "hardcoded"; name = "hardcoded";
modules = [ ../../modules/blocks/hardcodedsecret.nix ]; modules = [ ../../modules/blocks/hardcodedsecret.nix ];
configRoot = [ configRoot = [
@ -31,7 +28,7 @@ in
}; };
# TODO: how to do this? # TODO: how to do this?
# sops = contracts.test.secret { # sops = shb.contracts.test.secret {
# name = "sops"; # name = "sops";
# configRoot = cfg: name: cfg.sops.secrets.${name}; # configRoot = cfg: name: cfg.sops.secrets.${name};
# createContent = content: { # createContent = content: {

View file

@ -1,4 +1,4 @@
{ lib, ... }: { lib, shb, ... }:
let let
inherit (lib) nameValuePair; inherit (lib) nameValuePair;
in in
@ -34,7 +34,7 @@ in
c.other = "other"; c.other = "other";
}; };
in in
lib.shb.withReplacements ( shb.withReplacements (
item item
// { // {
nestedAttr = item; nestedAttr = item;
@ -70,7 +70,7 @@ in
c.other = "other"; c.other = "other";
}; };
in in
lib.shb.withReplacements [ shb.withReplacements [
item item
item item
[ item ] [ item ]
@ -101,8 +101,8 @@ in
c.other = "other"; c.other = "other";
}; };
in in
map lib.shb.genReplacement ( map shb.genReplacement (
lib.shb.getReplacements ( shb.getReplacements (
item item
// { // {
nestedAttr = item; nestedAttr = item;
@ -123,7 +123,7 @@ in
}; };
}; };
expr = lib.shb.parseXML '' expr = shb.parseXML ''
<a> <a>
<b>1</b> <b>1</b>
<c><d>1</d></c> <c><d>1</d></c>

View file

@ -1,4 +1,9 @@
{ pkgs, lib, ... }: {
pkgs,
lib,
shb,
...
}:
let let
healthUrl = "/health"; healthUrl = "/health";
loginUrl = "/UI/Login"; loginUrl = "/UI/Login";
@ -6,7 +11,7 @@ let
# TODO: Test login # TODO: Test login
commonTestScript = commonTestScript =
appname: cfgPathFn: appname: cfgPathFn:
lib.shb.mkScripts { shb.test.mkScripts {
hasSSL = { node, ... }: !(isNull node.config.shb.arr.${appname}.ssl); hasSSL = { node, ... }: !(isNull node.config.shb.arr.${appname}.ssl);
waitForServices = waitForServices =
{ ... }: { ... }:
@ -60,7 +65,7 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
../../modules/services/arr.nix ../../modules/services/arr.nix
]; ];
@ -81,8 +86,8 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
lib.shb.clientLoginModule shb.test.clientLoginModule
]; ];
test = { test = {
@ -106,7 +111,7 @@ let
basicTest = basicTest =
appname: cfgPathFn: appname: cfgPathFn:
lib.shb.runNixOSTest { shb.test.runNixOSTest {
name = "arr_${appname}_basic"; name = "arr_${appname}_basic";
nodes.client = { nodes.client = {
@ -125,7 +130,7 @@ let
backupTest = backupTest =
appname: cfgPathFn: appname: cfgPathFn:
lib.shb.runNixOSTest { shb.test.runNixOSTest {
name = "arr_${appname}_backup"; name = "arr_${appname}_backup";
nodes.server = nodes.server =
@ -133,7 +138,7 @@ let
{ {
imports = [ imports = [
(basic appname) (basic appname)
(lib.shb.backup config.shb.arr.${appname}.backup) (shb.test.backup config.shb.arr.${appname}.backup)
]; ];
}; };
@ -153,7 +158,7 @@ let
httpsTest = httpsTest =
appname: cfgPathFn: appname: cfgPathFn:
lib.shb.runNixOSTest { shb.test.runNixOSTest {
name = "arr_${appname}_https"; name = "arr_${appname}_https";
nodes.server = nodes.server =
@ -161,7 +166,7 @@ let
{ {
imports = [ imports = [
(basic appname) (basic appname)
lib.shb.certs shb.test.certs
(https appname) (https appname)
]; ];
}; };
@ -182,7 +187,7 @@ let
ssoTest = ssoTest =
appname: cfgPathFn: appname: cfgPathFn:
lib.shb.runNixOSTest { shb.test.runNixOSTest {
name = "arr_${appname}_sso"; name = "arr_${appname}_sso";
nodes.server = nodes.server =
@ -190,10 +195,10 @@ let
{ {
imports = [ imports = [
(basic appname) (basic appname)
lib.shb.certs shb.test.certs
(https appname) (https appname)
lib.shb.ldap shb.test.ldap
(lib.shb.sso config.shb.certs.certs.selfsigned.n) (shb.test.sso config.shb.certs.certs.selfsigned.n)
(sso appname) (sso appname)
]; ];
}; };

View file

@ -1,6 +1,6 @@
{ lib, ... }: { shb, ... }:
let let
commonTestScript = lib.shb.accessScript { commonTestScript = shb.test.accessScript {
hasSSL = { node, ... }: !(isNull node.config.shb.audiobookshelf.ssl); hasSSL = { node, ... }: !(isNull node.config.shb.audiobookshelf.ssl);
waitForServices = waitForServices =
{ ... }: { ... }:
@ -22,7 +22,7 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
../../modules/services/audiobookshelf.nix ../../modules/services/audiobookshelf.nix
]; ];
@ -39,8 +39,8 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
lib.shb.clientLoginModule shb.test.clientLoginModule
]; ];
virtualisation.memorySize = 4096; virtualisation.memorySize = 4096;
@ -104,7 +104,7 @@ let
}; };
in in
{ {
basic = lib.shb.runNixOSTest { basic = shb.test.runNixOSTest {
name = "audiobookshelf-basic"; name = "audiobookshelf-basic";
nodes.client = { nodes.client = {
@ -122,13 +122,13 @@ in
testScript = commonTestScript; testScript = commonTestScript;
}; };
https = lib.shb.runNixOSTest { https = shb.test.runNixOSTest {
name = "audiobookshelf-https"; name = "audiobookshelf-https";
nodes.server = { nodes.server = {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
]; ];
}; };
@ -138,7 +138,7 @@ in
testScript = commonTestScript; testScript = commonTestScript;
}; };
sso = lib.shb.runNixOSTest { sso = shb.test.runNixOSTest {
name = "audiobookshelf-sso"; name = "audiobookshelf-sso";
nodes.server = nodes.server =
@ -146,10 +146,10 @@ in
{ {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
lib.shb.ldap shb.test.ldap
(lib.shb.sso config.shb.certs.certs.selfsigned.n) (shb.test.sso config.shb.certs.certs.selfsigned.n)
sso sso
]; ];
}; };

View file

@ -1,6 +1,11 @@
{ pkgs, lib, ... }: {
pkgs,
lib,
shb,
...
}:
let let
commonTestScript = lib.shb.mkScripts { commonTestScript = shb.test.mkScripts {
hasSSL = { node, ... }: !(isNull node.config.shb.deluge.ssl); hasSSL = { node, ... }: !(isNull node.config.shb.deluge.ssl);
waitForServices = waitForServices =
{ ... }: { ... }:
@ -76,7 +81,7 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
../../modules/blocks/hardcodedsecret.nix ../../modules/blocks/hardcodedsecret.nix
../../modules/services/deluge.nix ../../modules/services/deluge.nix
]; ];
@ -109,8 +114,8 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
lib.shb.clientLoginModule shb.test.clientLoginModule
]; ];
test = { test = {
subdomain = "d"; subdomain = "d";
@ -167,7 +172,7 @@ let
}; };
in in
{ {
basic = lib.shb.runNixOSTest { basic = shb.test.runNixOSTest {
name = "deluge_basic"; name = "deluge_basic";
nodes.client = { nodes.client = {
@ -184,7 +189,7 @@ in
testScript = commonTestScript.access; testScript = commonTestScript.access;
}; };
backup = lib.shb.runNixOSTest { backup = shb.test.runNixOSTest {
name = "deluge_backup"; name = "deluge_backup";
nodes.server = nodes.server =
@ -192,7 +197,7 @@ in
{ {
imports = [ imports = [
basic basic
(lib.shb.backup config.shb.deluge.backup) (shb.test.backup config.shb.deluge.backup)
]; ];
}; };
@ -201,13 +206,13 @@ in
testScript = commonTestScript.backup; testScript = commonTestScript.backup;
}; };
https = lib.shb.runNixOSTest { https = shb.test.runNixOSTest {
name = "deluge_https"; name = "deluge_https";
nodes.server = { nodes.server = {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
]; ];
}; };
@ -217,7 +222,7 @@ in
testScript = commonTestScript.access; testScript = commonTestScript.access;
}; };
sso = lib.shb.runNixOSTest { sso = shb.test.runNixOSTest {
name = "deluge_sso"; name = "deluge_sso";
nodes.server = nodes.server =
@ -225,10 +230,10 @@ in
{ {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
lib.shb.ldap shb.test.ldap
(lib.shb.sso config.shb.certs.certs.selfsigned.n) (shb.test.sso config.shb.certs.certs.selfsigned.n)
sso sso
]; ];
}; };
@ -240,13 +245,13 @@ in
}; };
}; };
prometheus = lib.shb.runNixOSTest { prometheus = shb.test.runNixOSTest {
name = "deluge_https"; name = "deluge_https";
nodes.server = { nodes.server = {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
prometheus prometheus
]; ];

View file

@ -1,8 +1,8 @@
{ lib, ... }: { shb, ... }:
let let
adminPassword = "AdminPassword"; adminPassword = "AdminPassword";
commonTestScript = lib.shb.mkScripts { commonTestScript = shb.test.mkScripts {
hasSSL = { node, ... }: !(isNull node.config.shb.forgejo.ssl); hasSSL = { node, ... }: !(isNull node.config.shb.forgejo.ssl);
waitForServices = waitForServices =
{ ... }: { ... }:
@ -27,7 +27,7 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
../../modules/blocks/hardcodedsecret.nix ../../modules/blocks/hardcodedsecret.nix
../../modules/services/forgejo.nix ../../modules/services/forgejo.nix
]; ];
@ -79,8 +79,8 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
lib.shb.clientLoginModule shb.test.clientLoginModule
]; ];
test = { test = {
subdomain = "f"; subdomain = "f";
@ -182,7 +182,7 @@ let
}; };
in in
{ {
basic = lib.shb.runNixOSTest { basic = shb.test.runNixOSTest {
name = "forgejo_basic"; name = "forgejo_basic";
nodes.client = { nodes.client = {
@ -199,7 +199,7 @@ in
testScript = commonTestScript.access; testScript = commonTestScript.access;
}; };
backup = lib.shb.runNixOSTest { backup = shb.test.runNixOSTest {
name = "forgejo_backup"; name = "forgejo_backup";
nodes.server = nodes.server =
@ -207,7 +207,7 @@ in
{ {
imports = [ imports = [
basic basic
(lib.shb.backup config.shb.forgejo.backup) (shb.test.backup config.shb.forgejo.backup)
]; ];
}; };
@ -216,13 +216,13 @@ in
testScript = commonTestScript.backup; testScript = commonTestScript.backup;
}; };
https = lib.shb.runNixOSTest { https = shb.test.runNixOSTest {
name = "forgejo_https"; name = "forgejo_https";
nodes.server = { nodes.server = {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
]; ];
}; };
@ -232,13 +232,13 @@ in
testScript = commonTestScript.access; testScript = commonTestScript.access;
}; };
ldap = lib.shb.runNixOSTest { ldap = shb.test.runNixOSTest {
name = "forgejo_ldap"; name = "forgejo_ldap";
nodes.server = { nodes.server = {
imports = [ imports = [
basic basic
lib.shb.ldap shb.test.ldap
ldap ldap
]; ];
}; };
@ -249,8 +249,8 @@ in
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
lib.shb.clientLoginModule shb.test.clientLoginModule
]; ];
test = { test = {
@ -319,7 +319,7 @@ in
testScript = commonTestScript.access; testScript = commonTestScript.access;
}; };
sso = lib.shb.runNixOSTest { sso = shb.test.runNixOSTest {
name = "forgejo_sso"; name = "forgejo_sso";
nodes.server = nodes.server =
@ -327,10 +327,10 @@ in
{ {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
lib.shb.ldap shb.test.ldap
(lib.shb.sso config.shb.certs.certs.selfsigned.n) (shb.test.sso config.shb.certs.certs.selfsigned.n)
sso sso
]; ];
}; };

View file

@ -1,6 +1,6 @@
{ pkgs, lib, ... }: { shb, ... }:
let let
commonTestScript = lib.shb.mkScripts { commonTestScript = shb.test.mkScripts {
hasSSL = { node, ... }: !(isNull node.config.shb.grocy.ssl); hasSSL = { node, ... }: !(isNull node.config.shb.grocy.ssl);
waitForServices = waitForServices =
{ ... }: { ... }:
@ -19,7 +19,7 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
../../modules/services/grocy.nix ../../modules/services/grocy.nix
]; ];
@ -37,8 +37,8 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
lib.shb.clientLoginModule shb.test.clientLoginModule
]; ];
virtualisation.memorySize = 4096; virtualisation.memorySize = 4096;
@ -81,7 +81,7 @@ let
}; };
in in
{ {
basic = lib.shb.runNixOSTest { basic = shb.test.runNixOSTest {
name = "grocy_basic"; name = "grocy_basic";
nodes.client = { nodes.client = {
@ -98,13 +98,13 @@ in
testScript = commonTestScript.access; testScript = commonTestScript.access;
}; };
https = lib.shb.runNixOSTest { https = shb.test.runNixOSTest {
name = "grocy_https"; name = "grocy_https";
nodes.server = { nodes.server = {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
]; ];
}; };

View file

@ -1,6 +1,6 @@
{ lib, ... }: { shb, ... }:
let let
commonTestScript = lib.shb.mkScripts { commonTestScript = shb.test.mkScripts {
hasSSL = { node, ... }: !(isNull node.config.shb.hledger.ssl); hasSSL = { node, ... }: !(isNull node.config.shb.hledger.ssl);
waitForServices = waitForServices =
{ ... }: { ... }:
@ -14,7 +14,7 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
../../modules/services/hledger.nix ../../modules/services/hledger.nix
]; ];
@ -32,8 +32,8 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
lib.shb.clientLoginModule shb.test.clientLoginModule
]; ];
test = { test = {
@ -69,7 +69,7 @@ let
}; };
in in
{ {
basic = lib.shb.runNixOSTest { basic = shb.test.runNixOSTest {
name = "hledger_basic"; name = "hledger_basic";
nodes.client = { nodes.client = {
@ -87,7 +87,7 @@ in
testScript = commonTestScript.access; testScript = commonTestScript.access;
}; };
backup = lib.shb.runNixOSTest { backup = shb.test.runNixOSTest {
name = "hledger_backup"; name = "hledger_backup";
nodes.server = nodes.server =
@ -95,7 +95,7 @@ in
{ {
imports = [ imports = [
basic basic
(lib.shb.backup config.shb.hledger.backup) (shb.test.backup config.shb.hledger.backup)
]; ];
}; };
@ -104,13 +104,13 @@ in
testScript = commonTestScript.backup; testScript = commonTestScript.backup;
}; };
https = lib.shb.runNixOSTest { https = shb.test.runNixOSTest {
name = "hledger_https"; name = "hledger_https";
nodes.server = { nodes.server = {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
]; ];
}; };
@ -120,7 +120,7 @@ in
testScript = commonTestScript.access; testScript = commonTestScript.access;
}; };
sso = lib.shb.runNixOSTest { sso = shb.test.runNixOSTest {
name = "hledger_sso"; name = "hledger_sso";
nodes.server = nodes.server =
@ -128,10 +128,10 @@ in
{ {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
lib.shb.ldap shb.test.ldap
(lib.shb.sso config.shb.certs.certs.selfsigned.n) (shb.test.sso config.shb.certs.certs.selfsigned.n)
sso sso
]; ];
}; };

View file

@ -1,6 +1,6 @@
{ pkgs, lib, ... }: { pkgs, shb, ... }:
let let
commonTestScript = lib.shb.mkScripts { commonTestScript = shb.test.mkScripts {
hasSSL = { node, ... }: !(isNull node.config.shb.home-assistant.ssl); hasSSL = { node, ... }: !(isNull node.config.shb.home-assistant.ssl);
waitForServices = waitForServices =
{ ... }: { ... }:
@ -19,7 +19,7 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
../../modules/services/home-assistant.nix ../../modules/services/home-assistant.nix
]; ];
@ -46,8 +46,8 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
lib.shb.clientLoginModule shb.test.clientLoginModule
]; ];
virtualisation.memorySize = 4096; virtualisation.memorySize = 4096;
@ -165,7 +165,7 @@ let
}; };
in in
{ {
basic = lib.shb.runNixOSTest { basic = shb.test.runNixOSTest {
name = "homeassistant_basic"; name = "homeassistant_basic";
nodes.client = { nodes.client = {
@ -182,7 +182,7 @@ in
testScript = commonTestScript.access; testScript = commonTestScript.access;
}; };
backup = lib.shb.runNixOSTest { backup = shb.test.runNixOSTest {
name = "homeassistant_backup"; name = "homeassistant_backup";
nodes.server = nodes.server =
@ -190,7 +190,7 @@ in
{ {
imports = [ imports = [
basic basic
(lib.shb.backup config.shb.home-assistant.backup) (shb.test.backup config.shb.home-assistant.backup)
]; ];
}; };
@ -199,13 +199,13 @@ in
testScript = commonTestScript.backup; testScript = commonTestScript.backup;
}; };
https = lib.shb.runNixOSTest { https = shb.test.runNixOSTest {
name = "homeassistant_https"; name = "homeassistant_https";
nodes.server = { nodes.server = {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
]; ];
}; };
@ -215,13 +215,13 @@ in
testScript = commonTestScript.access; testScript = commonTestScript.access;
}; };
ldap = lib.shb.runNixOSTest { ldap = shb.test.runNixOSTest {
name = "homeassistant_ldap"; name = "homeassistant_ldap";
nodes.server = { nodes.server = {
imports = [ imports = [
basic basic
lib.shb.ldap shb.test.ldap
ldap ldap
]; ];
}; };
@ -233,16 +233,16 @@ in
# Not yet supported # Not yet supported
# #
# sso = lib.shb.runNixOSTest { # sso = shb.test.runNixOSTest {
# name = "vaultwarden_sso"; # name = "vaultwarden_sso";
# #
# nodes.server = lib.mkMerge [ # nodes.server = lib.mkMerge [
# basic # basic
# (lib.shb.certs domain) # (shb.certs domain)
# https # https
# ldap # ldap
# (lib.shb.ldap domain pkgs') # (shb.ldap domain pkgs')
# (lib.shb.sso domain pkgs' config.shb.certs.certs.selfsigned.n) # (shb.test.sso domain pkgs' config.shb.certs.certs.selfsigned.n)
# sso # sso
# ]; # ];
# #
@ -251,7 +251,7 @@ in
# testScript = commonTestScript.access; # testScript = commonTestScript.access;
# }; # };
voice = lib.shb.runNixOSTest { voice = shb.test.runNixOSTest {
name = "homeassistant_voice"; name = "homeassistant_voice";
nodes.server = { nodes.server = {

View file

@ -1,9 +1,13 @@
{ pkgs, lib }: {
pkgs,
lib,
shb,
}:
let let
subdomain = "i"; subdomain = "i";
domain = "example.com"; domain = "example.com";
commonTestScript = lib.shb.accessScript { commonTestScript = shb.test.accessScript {
hasSSL = { node, ... }: !(isNull node.config.shb.immich.ssl); hasSSL = { node, ... }: !(isNull node.config.shb.immich.ssl);
waitForServices = waitForServices =
{ ... }: { ... }:
@ -25,7 +29,7 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
../../modules/services/immich.nix ../../modules/services/immich.nix
]; ];
@ -60,7 +64,7 @@ let
{ {
imports = [ imports = [
base base
lib.shb.certs shb.test.certs
]; ];
test.hasSSL = true; test.hasSSL = true;
@ -72,7 +76,7 @@ let
{ {
imports = [ imports = [
https https
(lib.shb.backup config.shb.immich.backup) (shb.test.backup config.shb.immich.backup)
]; ];
}; };
@ -81,8 +85,8 @@ let
{ {
imports = [ imports = [
https https
lib.shb.ldap shb.test.ldap
(lib.shb.sso config.shb.certs.certs.selfsigned.n) (shb.test.sso config.shb.certs.certs.selfsigned.n)
]; ];
shb.immich.sso = { shb.immich.sso = {
@ -157,7 +161,7 @@ in
nodes.client = { }; nodes.client = { };
testScript = testScript =
(lib.shb.mkScripts { (shb.test.mkScripts {
hasSSL = args: !(isNull args.node.config.shb.immich.ssl); hasSSL = args: !(isNull args.node.config.shb.immich.ssl);
waitForServices = args: [ waitForServices = args: [
"immich-server.service" "immich-server.service"

View file

@ -1,8 +1,8 @@
{ pkgs, lib, ... }: { pkgs, shb, ... }:
let let
port = 9096; port = 9096;
commonTestScript = lib.shb.mkScripts { commonTestScript = shb.test.mkScripts {
hasSSL = { node, ... }: !(isNull node.config.shb.jellyfin.ssl); hasSSL = { node, ... }: !(isNull node.config.shb.jellyfin.ssl);
waitForServices = waitForServices =
{ ... }: { ... }:
@ -47,7 +47,7 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
../../modules/services/jellyfin.nix ../../modules/services/jellyfin.nix
]; ];
test = { test = {
@ -79,7 +79,7 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.clientLoginModule shb.test.clientLoginModule
]; ];
virtualisation.memorySize = 4096; virtualisation.memorySize = 4096;
@ -171,7 +171,7 @@ let
jellyfinTest = jellyfinTest =
name: name:
{ nodes, testScript }: { nodes, testScript }:
lib.shb.runNixOSTest { shb.test.runNixOSTest {
name = "jellyfin_${name}"; name = "jellyfin_${name}";
interactive.nodes.server = { interactive.nodes.server = {
@ -206,7 +206,7 @@ in
{ {
imports = [ imports = [
basic basic
(lib.shb.backup config.shb.jellyfin.backup) (shb.test.backup config.shb.jellyfin.backup)
]; ];
}; };
@ -219,7 +219,7 @@ in
nodes.server = { nodes.server = {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
]; ];
}; };
@ -228,7 +228,7 @@ in
{ config, lib, ... }: { config, lib, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
clientLogin clientLogin
]; ];
}; };
@ -240,7 +240,7 @@ in
nodes.server = { nodes.server = {
imports = [ imports = [
basic basic
lib.shb.ldap shb.test.ldap
ldap ldap
]; ];
}; };
@ -256,10 +256,10 @@ in
{ {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
lib.shb.ldap shb.test.ldap
(lib.shb.sso config.shb.certs.certs.selfsigned.n) (shb.test.sso config.shb.certs.certs.selfsigned.n)
sso sso
]; ];
}; };

View file

@ -1,9 +1,9 @@
{ lib, ... }: { lib, shb, ... }:
let let
nextauthSecret = "nextauthSecret"; nextauthSecret = "nextauthSecret";
oidcSecret = "oidcSecret"; oidcSecret = "oidcSecret";
commonTestScript = lib.shb.mkScripts { commonTestScript = shb.test.mkScripts {
hasSSL = { node, ... }: !(isNull node.config.shb.karakeep.ssl); hasSSL = { node, ... }: !(isNull node.config.shb.karakeep.ssl);
waitForServices = waitForServices =
{ ... }: { ... }:
@ -25,7 +25,7 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
../../modules/services/karakeep.nix ../../modules/services/karakeep.nix
]; ];
@ -77,8 +77,8 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
lib.shb.clientLoginModule shb.test.clientLoginModule
]; ];
test = { test = {
subdomain = "k"; subdomain = "k";
@ -171,7 +171,7 @@ let
}; };
in in
{ {
basic = lib.shb.runNixOSTest { basic = shb.test.runNixOSTest {
name = "karakeep_basic"; name = "karakeep_basic";
nodes.client = { }; nodes.client = { };
@ -184,7 +184,7 @@ in
testScript = commonTestScript.access; testScript = commonTestScript.access;
}; };
backup = lib.shb.runNixOSTest { backup = shb.test.runNixOSTest {
name = "karakeep_backup"; name = "karakeep_backup";
nodes.server = nodes.server =
@ -192,7 +192,7 @@ in
{ {
imports = [ imports = [
basic basic
(lib.shb.backup config.shb.karakeep.backup) (shb.test.backup config.shb.karakeep.backup)
]; ];
}; };
@ -201,14 +201,14 @@ in
testScript = commonTestScript.backup; testScript = commonTestScript.backup;
}; };
https = lib.shb.runNixOSTest { https = shb.test.runNixOSTest {
name = "karakeep_https"; name = "karakeep_https";
nodes.client = { }; nodes.client = { };
nodes.server = { nodes.server = {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
]; ];
}; };
@ -216,7 +216,7 @@ in
testScript = commonTestScript.access; testScript = commonTestScript.access;
}; };
sso = lib.shb.runNixOSTest { sso = shb.test.runNixOSTest {
name = "karakeep_sso"; name = "karakeep_sso";
nodes.client = { nodes.client = {
@ -231,11 +231,11 @@ in
{ {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
lib.shb.ldap shb.test.ldap
ldap ldap
(lib.shb.sso config.shb.certs.certs.selfsigned.n) (shb.test.sso config.shb.certs.certs.selfsigned.n)
sso sso
]; ];

View file

@ -1,10 +1,10 @@
{ lib, ... }: { lib, shb, ... }:
let let
adminUser = "root"; adminUser = "root";
adminPass = "rootpw"; adminPass = "rootpw";
oidcSecret = "oidcSecret"; oidcSecret = "oidcSecret";
commonTestScript = lib.shb.mkScripts { commonTestScript = shb.test.mkScripts {
hasSSL = { node, ... }: !(isNull node.config.shb.nextcloud.ssl); hasSSL = { node, ... }: !(isNull node.config.shb.nextcloud.ssl);
waitForServices = waitForServices =
{ ... }: { ... }:
@ -102,7 +102,7 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
../../modules/services/nextcloud-server.nix ../../modules/services/nextcloud-server.nix
]; ];
@ -136,8 +136,8 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
lib.shb.clientLoginModule shb.test.clientLoginModule
]; ];
virtualisation.memorySize = 4096; virtualisation.memorySize = 4096;
@ -176,8 +176,8 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
lib.shb.clientLoginModule shb.test.clientLoginModule
]; ];
virtualisation.memorySize = 4096; virtualisation.memorySize = 4096;
@ -231,8 +231,8 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
lib.shb.clientLoginModule shb.test.clientLoginModule
]; ];
virtualisation.memorySize = 4096; virtualisation.memorySize = 4096;
@ -444,7 +444,7 @@ let
''; '';
in in
{ {
basic = lib.shb.runNixOSTest { basic = shb.test.runNixOSTest {
name = "nextcloud_basic"; name = "nextcloud_basic";
nodes.client = { nodes.client = {
@ -461,7 +461,7 @@ in
testScript = commonTestScript.access; testScript = commonTestScript.access;
}; };
cron = lib.shb.runNixOSTest { cron = shb.test.runNixOSTest {
name = "nextcloud_cron"; name = "nextcloud_cron";
nodes.server = { nodes.server = {
@ -504,7 +504,7 @@ in
}; };
}; };
backup = lib.shb.runNixOSTest { backup = shb.test.runNixOSTest {
name = "nextcloud_backup"; name = "nextcloud_backup";
nodes.server = nodes.server =
@ -512,7 +512,7 @@ in
{ {
imports = [ imports = [
basic basic
(lib.shb.backup config.shb.nextcloud.backup) (shb.test.backup config.shb.nextcloud.backup)
]; ];
}; };
@ -521,13 +521,13 @@ in
testScript = commonTestScript.backup; testScript = commonTestScript.backup;
}; };
https = lib.shb.runNixOSTest { https = shb.test.runNixOSTest {
name = "nextcloud_https"; name = "nextcloud_https";
nodes.server = { nodes.server = {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
]; ];
}; };
@ -538,13 +538,13 @@ in
testScript = commonTestScript.access; testScript = commonTestScript.access;
}; };
previewGenerator = lib.shb.runNixOSTest { previewGenerator = shb.test.runNixOSTest {
name = "nextcloud_previewGenerator"; name = "nextcloud_previewGenerator";
nodes.server = { nodes.server = {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
previewgenerator previewgenerator
]; ];
@ -555,13 +555,13 @@ in
testScript = commonTestScript.access; testScript = commonTestScript.access;
}; };
externalStorage = lib.shb.runNixOSTest { externalStorage = shb.test.runNixOSTest {
name = "nextcloud_externalStorage"; name = "nextcloud_externalStorage";
nodes.server = { nodes.server = {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
externalstorage externalstorage
]; ];
@ -575,13 +575,13 @@ in
# TODO: fix memories app # TODO: fix memories app
# See https://github.com/ibizaman/selfhostblocks/issues/476 # See https://github.com/ibizaman/selfhostblocks/issues/476
# memories = lib.shb.runNixOSTest { # memories = shb.test.runNixOSTest {
# name = "nextcloud_memories"; # name = "nextcloud_memories";
# nodes.server = { # nodes.server = {
# imports = [ # imports = [
# basic # basic
# lib.shb.certs # shb.test.certs
# https # https
# memories # memories
# ]; # ];
@ -592,13 +592,13 @@ in
# testScript = commonTestScript.access; # testScript = commonTestScript.access;
# }; # };
recognize = lib.shb.runNixOSTest { recognize = shb.test.runNixOSTest {
name = "nextcloud_recognize"; name = "nextcloud_recognize";
nodes.server = { nodes.server = {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
recognize recognize
]; ];
@ -609,7 +609,7 @@ in
testScript = commonTestScript.access; testScript = commonTestScript.access;
}; };
ldap = lib.shb.runNixOSTest { ldap = shb.test.runNixOSTest {
name = "nextcloud_ldap"; name = "nextcloud_ldap";
nodes.server = nodes.server =
@ -617,9 +617,9 @@ in
{ {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
lib.shb.ldap shb.test.ldap
ldap ldap
]; ];
}; };
@ -633,7 +633,7 @@ in
testScript = commonTestScript.access; testScript = commonTestScript.access;
}; };
sso = lib.shb.runNixOSTest { sso = shb.test.runNixOSTest {
name = "nextcloud_sso"; name = "nextcloud_sso";
nodes.server = nodes.server =
@ -641,10 +641,10 @@ in
{ {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
lib.shb.ldap shb.test.ldap
(lib.shb.sso config.shb.certs.certs.selfsigned.n) (shb.test.sso config.shb.certs.certs.selfsigned.n)
sso sso
( (
{ config, ... }: { config, ... }:
@ -674,7 +674,7 @@ in
testScript = commonTestScript.access; testScript = commonTestScript.access;
}; };
prometheus = lib.shb.runNixOSTest { prometheus = shb.test.runNixOSTest {
name = "nextcloud_prometheus"; name = "nextcloud_prometheus";
nodes.server = nodes.server =

View file

@ -1,8 +1,8 @@
{ lib, ... }: { shb, ... }:
let let
oidcSecret = "oidcSecret"; oidcSecret = "oidcSecret";
commonTestScript = lib.shb.mkScripts { commonTestScript = shb.test.mkScripts {
hasSSL = { node, ... }: !(isNull node.config.shb.open-webui.ssl); hasSSL = { node, ... }: !(isNull node.config.shb.open-webui.ssl);
waitForServices = waitForServices =
{ ... }: { ... }:
@ -21,7 +21,7 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
../../modules/blocks/hardcodedsecret.nix ../../modules/blocks/hardcodedsecret.nix
../../modules/services/open-webui.nix ../../modules/services/open-webui.nix
]; ];
@ -68,8 +68,8 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
lib.shb.clientLoginModule shb.test.clientLoginModule
]; ];
virtualisation.memorySize = 4096; virtualisation.memorySize = 4096;
test = { test = {
@ -163,7 +163,7 @@ let
}; };
in in
{ {
basic = lib.shb.runNixOSTest { basic = shb.test.runNixOSTest {
name = "open-webui_basic"; name = "open-webui_basic";
nodes.client = { }; nodes.client = { };
@ -176,7 +176,7 @@ in
testScript = commonTestScript.access; testScript = commonTestScript.access;
}; };
backup = lib.shb.runNixOSTest { backup = shb.test.runNixOSTest {
name = "open-webui_backup"; name = "open-webui_backup";
nodes.server = nodes.server =
@ -184,7 +184,7 @@ in
{ {
imports = [ imports = [
basic basic
(lib.shb.backup config.shb.open-webui.backup) (shb.test.backup config.shb.open-webui.backup)
]; ];
}; };
@ -193,14 +193,14 @@ in
testScript = commonTestScript.backup; testScript = commonTestScript.backup;
}; };
https = lib.shb.runNixOSTest { https = shb.test.runNixOSTest {
name = "open-webui_https"; name = "open-webui_https";
nodes.client = { }; nodes.client = { };
nodes.server = { nodes.server = {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
]; ];
}; };
@ -208,7 +208,7 @@ in
testScript = commonTestScript.access; testScript = commonTestScript.access;
}; };
sso = lib.shb.runNixOSTest { sso = shb.test.runNixOSTest {
name = "open-webui_sso"; name = "open-webui_sso";
nodes.client = { nodes.client = {
@ -221,11 +221,11 @@ in
{ {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
lib.shb.ldap shb.test.ldap
ldap ldap
(lib.shb.sso config.shb.certs.certs.selfsigned.n) (shb.test.sso config.shb.certs.certs.selfsigned.n)
sso sso
]; ];
}; };

View file

@ -1,9 +1,13 @@
{ pkgs, lib }: {
pkgs,
lib,
shb,
}:
let let
subdomain = "p"; subdomain = "p";
domain = "example.com"; domain = "example.com";
commonTestScript = lib.shb.accessScript { commonTestScript = shb.test.accessScript {
hasSSL = { node, ... }: !(isNull node.config.shb.paperless.ssl); hasSSL = { node, ... }: !(isNull node.config.shb.paperless.ssl);
waitForServices = waitForServices =
{ ... }: { ... }:
@ -24,7 +28,7 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
../../modules/services/paperless.nix ../../modules/services/paperless.nix
]; ];
@ -57,7 +61,7 @@ let
{ {
imports = [ imports = [
base base
lib.shb.certs shb.test.certs
]; ];
test.hasSSL = true; test.hasSSL = true;
@ -69,7 +73,7 @@ let
{ {
imports = [ imports = [
https https
(lib.shb.backup config.shb.paperless.backup) (shb.test.backup config.shb.paperless.backup)
]; ];
}; };
@ -78,8 +82,8 @@ let
{ {
imports = [ imports = [
https https
lib.shb.ldap shb.test.ldap
(lib.shb.sso config.shb.certs.certs.selfsigned.n) (shb.test.sso config.shb.certs.certs.selfsigned.n)
]; ];
shb.paperless.sso = { shb.paperless.sso = {
@ -163,7 +167,7 @@ in
nodes.client = { }; nodes.client = { };
testScript = testScript =
(lib.shb.mkScripts { (shb.test.mkScripts {
hasSSL = args: !(isNull args.node.config.shb.paperless.ssl); hasSSL = args: !(isNull args.node.config.shb.paperless.ssl);
waitForServices = args: [ waitForServices = args: [
"paperless-web.service" "paperless-web.service"

View file

@ -1,6 +1,6 @@
{ pkgs, lib, ... }: { pkgs, shb, ... }:
let let
commonTestScript = lib.shb.mkScripts { commonTestScript = shb.test.mkScripts {
hasSSL = { node, ... }: !(isNull node.config.shb.pinchflat.ssl); hasSSL = { node, ... }: !(isNull node.config.shb.pinchflat.ssl);
waitForServices = waitForServices =
{ ... }: { ... }:
@ -19,7 +19,7 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
../../modules/blocks/hardcodedsecret.nix ../../modules/blocks/hardcodedsecret.nix
../../modules/services/pinchflat.nix ../../modules/services/pinchflat.nix
]; ];
@ -55,8 +55,8 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
lib.shb.clientLoginModule shb.test.clientLoginModule
]; ];
test = { test = {
subdomain = "p"; subdomain = "p";
@ -101,8 +101,8 @@ let
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
lib.shb.clientLoginModule shb.test.clientLoginModule
]; ];
test = { test = {
subdomain = "p"; subdomain = "p";
@ -176,7 +176,7 @@ let
}; };
in in
{ {
basic = lib.shb.runNixOSTest { basic = shb.test.runNixOSTest {
name = "pinchflat_basic"; name = "pinchflat_basic";
nodes.client = { nodes.client = {
@ -193,7 +193,7 @@ in
testScript = commonTestScript.access; testScript = commonTestScript.access;
}; };
backup = lib.shb.runNixOSTest { backup = shb.test.runNixOSTest {
name = "pinchflat_backup"; name = "pinchflat_backup";
nodes.server = nodes.server =
@ -201,7 +201,7 @@ in
{ {
imports = [ imports = [
basic basic
(lib.shb.backup config.shb.pinchflat.backup) (shb.test.backup config.shb.pinchflat.backup)
]; ];
}; };
@ -210,7 +210,7 @@ in
testScript = commonTestScript.backup; testScript = commonTestScript.backup;
}; };
https = lib.shb.runNixOSTest { https = shb.test.runNixOSTest {
name = "pinchflat_https"; name = "pinchflat_https";
nodes.client = { nodes.client = {
@ -221,7 +221,7 @@ in
nodes.server = { nodes.server = {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
]; ];
}; };
@ -229,7 +229,7 @@ in
testScript = commonTestScript.access; testScript = commonTestScript.access;
}; };
sso = lib.shb.runNixOSTest { sso = shb.test.runNixOSTest {
name = "pinchflat_sso"; name = "pinchflat_sso";
nodes.client = { nodes.client = {
@ -242,11 +242,11 @@ in
{ {
imports = [ imports = [
basic basic
lib.shb.certs shb.test.certs
https https
lib.shb.ldap shb.test.ldap
ldap ldap
(lib.shb.sso config.shb.certs.certs.selfsigned.n) (shb.test.sso config.shb.certs.certs.selfsigned.n)
sso sso
]; ];
}; };

View file

@ -1,6 +1,6 @@
{ lib, ... }: { shb, ... }:
let let
commonTestScript = lib.shb.mkScripts { commonTestScript = shb.test.mkScripts {
hasSSL = { node, ... }: !(isNull node.config.shb.vaultwarden.ssl); hasSSL = { node, ... }: !(isNull node.config.shb.vaultwarden.ssl);
waitForServices = waitForServices =
{ ... }: { ... }:
@ -97,12 +97,12 @@ let
}; };
in in
{ {
basic = lib.shb.runNixOSTest { basic = shb.test.runNixOSTest {
name = "vaultwarden_basic"; name = "vaultwarden_basic";
nodes.server = { nodes.server = {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
../../modules/blocks/hardcodedsecret.nix ../../modules/blocks/hardcodedsecret.nix
../../modules/services/vaultwarden.nix ../../modules/services/vaultwarden.nix
basic basic
@ -114,15 +114,15 @@ in
testScript = commonTestScript.access; testScript = commonTestScript.access;
}; };
https = lib.shb.runNixOSTest { https = shb.test.runNixOSTest {
name = "vaultwarden_https"; name = "vaultwarden_https";
nodes.server = { nodes.server = {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
../../modules/blocks/hardcodedsecret.nix ../../modules/blocks/hardcodedsecret.nix
../../modules/services/vaultwarden.nix ../../modules/services/vaultwarden.nix
lib.shb.certs shb.test.certs
basic basic
https https
]; ];
@ -135,11 +135,11 @@ in
# Not yet supported # Not yet supported
# #
# ldap = lib.shb.runNixOSTest { # ldap = shb.test.runNixOSTest {
# name = "vaultwarden_ldap"; # name = "vaultwarden_ldap";
# #
# nodes.server = lib.mkMerge [ # nodes.server = lib.mkMerge [
# lib.shb.baseModule # shb.test.baseModule
# ../../modules/blocks/hardcodedsecret.nix # ../../modules/blocks/hardcodedsecret.nix
# ../../modules/services/vaultwarden.nix # ../../modules/services/vaultwarden.nix
# basic # basic
@ -151,21 +151,21 @@ in
# testScript = commonTestScript.access; # testScript = commonTestScript.access;
# }; # };
sso = lib.shb.runNixOSTest { sso = shb.test.runNixOSTest {
name = "vaultwarden_sso"; name = "vaultwarden_sso";
nodes.server = nodes.server =
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
../../modules/blocks/hardcodedsecret.nix ../../modules/blocks/hardcodedsecret.nix
../../modules/services/vaultwarden.nix ../../modules/services/vaultwarden.nix
lib.shb.certs shb.test.certs
basic basic
https https
lib.shb.ldap shb.test.ldap
(lib.shb.sso config.shb.certs.certs.selfsigned.n) (shb.test.sso config.shb.certs.certs.selfsigned.n)
sso sso
]; ];
}; };
@ -196,18 +196,18 @@ in
}; };
}; };
backup = lib.shb.runNixOSTest { backup = shb.test.runNixOSTest {
name = "vaultwarden_backup"; name = "vaultwarden_backup";
nodes.server = nodes.server =
{ config, ... }: { config, ... }:
{ {
imports = [ imports = [
lib.shb.baseModule shb.test.baseModule
../../modules/blocks/hardcodedsecret.nix ../../modules/blocks/hardcodedsecret.nix
../../modules/services/vaultwarden.nix ../../modules/services/vaultwarden.nix
basic basic
(lib.shb.backup config.shb.vaultwarden.backup) (shb.test.backup config.shb.vaultwarden.backup)
]; ];
}; };