mod: use explicit shb argument to pass lib
This commit is contained in:
parent
fa4c636dbc
commit
c10cab627f
76 changed files with 833 additions and 682 deletions
|
|
@ -27,6 +27,7 @@ Template:
|
|||
|
||||
- Allow to upload big files in Immich.
|
||||
- Only enable php-fpm Prometheus exporter if Nextcloud is enabled.
|
||||
- Fix pkgs overrides not being passed to users of SelfHostBlocks.
|
||||
|
||||
## Other Changes
|
||||
|
||||
|
|
|
|||
|
|
@ -15,11 +15,13 @@
|
|||
let
|
||||
system = "x86_64-linux";
|
||||
nixpkgs' = selfhostblocks.lib.${system}.patchedNixpkgs;
|
||||
inherit (selfhostblocks.lib.${system}) pkgs;
|
||||
|
||||
basic =
|
||||
{ config, ... }:
|
||||
{
|
||||
nixpkgs.overlays = [
|
||||
selfhostblocks.overlays.${system}.default
|
||||
];
|
||||
imports = [
|
||||
./configuration.nix
|
||||
selfhostblocks.nixosModules.authelia
|
||||
|
|
@ -105,7 +107,7 @@
|
|||
in
|
||||
{
|
||||
nixosConfigurations = {
|
||||
basic = pkgs.nixosSystem {
|
||||
basic = nixpkgs'.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
basic
|
||||
|
|
@ -113,7 +115,7 @@
|
|||
];
|
||||
};
|
||||
|
||||
ldap = pkgs.nixosSystem {
|
||||
ldap = nixpkgs'.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
basic
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@
|
|||
nixosConfigurations =
|
||||
let
|
||||
system = "x86_64-linux";
|
||||
shb = selfhostblocks.lib.${system};
|
||||
nixpkgs' = selfhostblocks.lib.${system}.patchedNixpkgs;
|
||||
|
||||
# This module makes the assertions happy and the build succeed.
|
||||
# This is of course wrong and will not work on any real system.
|
||||
|
|
@ -31,19 +31,29 @@
|
|||
{
|
||||
# Test with:
|
||||
# nix build .#nixosConfigurations.minimal.config.system.build.toplevel
|
||||
minimal = shb.pkgs.nixosSystem {
|
||||
minimal = nixpkgs'.nixosSystem {
|
||||
inherit system;
|
||||
modules = [
|
||||
selfhostblocks.nixosModules.default
|
||||
filesystemModule
|
||||
{
|
||||
nixpkgs.overlays = [
|
||||
selfhostblocks.overlays.${system}.default
|
||||
];
|
||||
}
|
||||
# This modules showcases the use of SHB's lib.
|
||||
(
|
||||
{ config, lib, ... }:
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
{
|
||||
options.myOption = lib.mkOption {
|
||||
# Using provided nixosSystem directly
|
||||
# SHB's lib is available under `lib.shb`.
|
||||
type = lib.shb.secretFileType;
|
||||
# Using provided nixosSystem directly.
|
||||
# SHB's lib is available under `shb` thanks to the overlay.
|
||||
type = shb.secretFileType;
|
||||
};
|
||||
config = {
|
||||
myOption.source = "/a/path";
|
||||
|
|
@ -58,21 +68,31 @@
|
|||
# Test with:
|
||||
# nix build .#nixosConfigurations.sops.config.system.build.toplevel
|
||||
# nix eval .#nixosConfigurations.sops.config.myOption
|
||||
sops = shb.pkgs.nixosSystem {
|
||||
sops = nixpkgs'.nixosSystem {
|
||||
inherit system;
|
||||
modules = [
|
||||
selfhostblocks.nixosModules.default
|
||||
selfhostblocks.nixosModules.sops
|
||||
sops-nix.nixosModules.default
|
||||
filesystemModule
|
||||
{
|
||||
nixpkgs.overlays = [
|
||||
selfhostblocks.overlays.${system}.default
|
||||
];
|
||||
}
|
||||
# This modules showcases the use of SHB's lib.
|
||||
(
|
||||
{ config, lib, ... }:
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
{
|
||||
options.myOption = lib.mkOption {
|
||||
# Using provided nixosSystem directly
|
||||
# SHB's lib is available under `lib.shb`.
|
||||
type = lib.shb.secretFileType;
|
||||
# Using provided nixosSystem directly.
|
||||
# SHB's lib is available under `shb` thanks to the overlay.
|
||||
type = shb.secretFileType;
|
||||
};
|
||||
config = {
|
||||
myOption.source = "/a/path";
|
||||
|
|
@ -84,8 +104,7 @@
|
|||
];
|
||||
};
|
||||
|
||||
# Note: this is just to show-off a common pitfall for more advanced user.
|
||||
# Prefer using the `shb.pkgs.nixosSystem` function directly.
|
||||
# This example shows how to import the nixosSystem patches to nixpkgs manually.
|
||||
#
|
||||
# Test with:
|
||||
# nix build .#nixosConfigurations.lowlevel.config.system.build.toplevel
|
||||
|
|
@ -94,21 +113,83 @@
|
|||
let
|
||||
# We must import nixosSystem directly from the patched nixpkgs
|
||||
# otherwise we do not get the patches.
|
||||
nixosSystem' = import "${shb.patchedNixpkgs}/nixos/lib/eval-config.nix";
|
||||
nixosSystem' = import "${nixpkgs'}/nixos/lib/eval-config.nix";
|
||||
in
|
||||
nixosSystem' {
|
||||
inherit system;
|
||||
modules = [
|
||||
selfhostblocks.nixosModules.default
|
||||
filesystemModule
|
||||
{
|
||||
nixpkgs.overlays = [
|
||||
selfhostblocks.overlays.${system}.default
|
||||
];
|
||||
}
|
||||
# This modules showcases the use of SHB's lib.
|
||||
(
|
||||
{ config, lib, ... }:
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
{
|
||||
options.myOption = lib.mkOption {
|
||||
# lib.shb.secretFileType is not available here,
|
||||
# so we must pass around the shb flake input.
|
||||
# type = shb.secretFileType;
|
||||
# Using provided nixosSystem directly.
|
||||
# SHB's lib is available under `shb` thanks to the overlay.
|
||||
type = shb.secretFileType;
|
||||
};
|
||||
config = {
|
||||
myOption.source = "/a/path";
|
||||
# Use the option.
|
||||
environment.etc.myOption.text = config.myOption.source;
|
||||
};
|
||||
}
|
||||
)
|
||||
];
|
||||
};
|
||||
|
||||
# This example shows how to apply patches to nixpkgs manually.
|
||||
#
|
||||
# Test with:
|
||||
# nix build .#nixosConfigurations.manual.config.system.build.toplevel
|
||||
# nix eval .#nixosConfigurations.manual.config.myOption
|
||||
manual =
|
||||
let
|
||||
pkgs = import selfhostblocks.inputs.nixpkgs {
|
||||
inherit system;
|
||||
};
|
||||
nixpkgs' = pkgs.applyPatches {
|
||||
name = "nixpkgs-patched";
|
||||
src = selfhostblocks.inputs.nixpkgs;
|
||||
patches = selfhostblocks.lib.${system}.patches;
|
||||
};
|
||||
# We must import nixosSystem directly from the patched nixpkgs
|
||||
# otherwise we do not get the patches.
|
||||
nixosSystem' = import "${nixpkgs'}/nixos/lib/eval-config.nix";
|
||||
in
|
||||
nixosSystem' {
|
||||
inherit system;
|
||||
modules = [
|
||||
selfhostblocks.nixosModules.default
|
||||
filesystemModule
|
||||
{
|
||||
nixpkgs.overlays = [
|
||||
selfhostblocks.overlays.${system}.default
|
||||
];
|
||||
}
|
||||
# This modules showcases the use of SHB's lib.
|
||||
(
|
||||
{
|
||||
config,
|
||||
lib,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
{
|
||||
options.myOption = lib.mkOption {
|
||||
# Using provided nixosSystem directly.
|
||||
# SHB's lib is available under `shb` thanks to the overlay.
|
||||
type = shb.secretFileType;
|
||||
};
|
||||
config = {
|
||||
|
|
|
|||
|
|
@ -15,7 +15,6 @@
|
|||
let
|
||||
system = "x86_64-linux";
|
||||
nixpkgs' = selfhostblocks.lib.${system}.patchedNixpkgs;
|
||||
inherit (selfhostblocks.lib.${system}) pkgs;
|
||||
|
||||
basic =
|
||||
{ config, ... }:
|
||||
|
|
@ -178,14 +177,14 @@
|
|||
in
|
||||
{
|
||||
nixosConfigurations = {
|
||||
basic = pkgs.nixosSystem {
|
||||
basic = nixpkgs'.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
sopsConfig
|
||||
basic
|
||||
];
|
||||
};
|
||||
ldap = pkgs.nixosSystem {
|
||||
ldap = nixpkgs'.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
sopsConfig
|
||||
|
|
@ -193,7 +192,7 @@
|
|||
ldap
|
||||
];
|
||||
};
|
||||
sso = pkgs.nixosSystem {
|
||||
sso = nixpkgs'.nixosSystem {
|
||||
system = "x86_64-linux";
|
||||
modules = [
|
||||
sopsConfig
|
||||
|
|
|
|||
|
|
@ -445,7 +445,7 @@ A simplified test for a secret contract would look like the following.
|
|||
First, there is the generic test:
|
||||
|
||||
```nix
|
||||
{ pkgs, lib, ... }:
|
||||
{ pkgs, lib, shb, ... }:
|
||||
let
|
||||
inherit (lib) getAttrFromPath setAttrByPath;
|
||||
in
|
||||
|
|
@ -455,7 +455,7 @@ in
|
|||
modules ? [],
|
||||
owner ? "root",
|
||||
content ? "secretPasswordA",
|
||||
}: lib.shb.runNixOSTest {
|
||||
}: shb.test.runNixOSTest {
|
||||
inherit name;
|
||||
|
||||
nodes.machine = { config, ... }: {
|
||||
|
|
|
|||
|
|
@ -4385,9 +4385,6 @@
|
|||
"usage-flake-tag": [
|
||||
"usage.html#usage-flake-tag"
|
||||
],
|
||||
"usage-lib": [
|
||||
"usage.html#usage-lib"
|
||||
],
|
||||
"usage-secrets": [
|
||||
"usage.html#usage-secrets"
|
||||
]
|
||||
|
|
|
|||
|
|
@ -295,12 +295,12 @@ let
|
|||
|
||||
in {
|
||||
# Test variants (all 6 required)
|
||||
basic = lib.shb.runNixOSTest { ... };
|
||||
backup = lib.shb.runNixOSTest { ... };
|
||||
https = lib.shb.runNixOSTest { ... };
|
||||
ldap = lib.shb.runNixOSTest { ... };
|
||||
monitoring = lib.shb.runNixOSTest { ... };
|
||||
sso = lib.shb.runNixOSTest { ... };
|
||||
basic = lib.shb.test.runNixOSTest { ... };
|
||||
backup = lib.shb.test.runNixOSTest { ... };
|
||||
https = lib.shb.test.runNixOSTest { ... };
|
||||
ldap = lib.shb.test.runNixOSTest { ... };
|
||||
monitoring = lib.shb.test.runNixOSTest { ... };
|
||||
sso = lib.shb.test.runNixOSTest { ... };
|
||||
}
|
||||
```
|
||||
|
||||
|
|
|
|||
|
|
@ -4,11 +4,6 @@
|
|||
|
||||
## Flake {#usage-flake}
|
||||
|
||||
::: {.note}
|
||||
A complete minimal and buildable example can be found at
|
||||
[`./demo/minimal/flake.nix`](@REPO@/demo/minimal/flake.nix).
|
||||
:::
|
||||
|
||||
Self Host Blocks is available as a flake. It also uses its own `pkgs.lib` and
|
||||
`nixpkgs` and it is required to use the provided ones as input for your
|
||||
deployments, otherwise you might end up blocked when Self Host Blocks patches a
|
||||
|
|
@ -35,6 +30,13 @@ Host Blocks:
|
|||
}
|
||||
```
|
||||
|
||||
::: {.note}
|
||||
For seasoned nixers or if you want to add your patches and overlays,
|
||||
SHB provides a decomposed version of the `nixosSystem` function above.
|
||||
For more examples, see the buildable examples at
|
||||
[`./demo/minimal/flake.nix`](@REPO@/demo/minimal/flake.nix).
|
||||
:::
|
||||
|
||||
If you use `sops-nix` for secrets, SHB provides an additional module, not
|
||||
imported in the `default` module. It can be added by importing
|
||||
|
||||
|
|
@ -43,32 +45,6 @@ inputs.sops-nix.nixosModules.default
|
|||
inputs.selfhostblocks.nixosModules.sops
|
||||
```
|
||||
|
||||
### SHB Lib {#usage-flake-lib}
|
||||
|
||||
Providing patches to downstream users is finicky, to say the least. For example,
|
||||
using `selfhostblocks.inputs.nixpkgs` directly will _not_ work. So Self Host
|
||||
Blocks provides a few attributes under the `selfhostblocks.lib.${system}` flake
|
||||
output:
|
||||
|
||||
- At the top-level, all functions defined by SHB under
|
||||
[`./lib/default.nix`](@REPO@/lib/default.nix) and
|
||||
[`./test/common.nix`](@REPO@/test/common.nix).
|
||||
- `patches`: the list of patches applied by SHB [`./patches`](@REPO@/patches) to
|
||||
nixpkgs.
|
||||
- `contracts`: all contract modules.
|
||||
- `patchNixpkgs`: a re-export of `nixpkgs.legacyPackages.${system}.applyPatches`
|
||||
with the arguments made a bit more explicit.
|
||||
- `patchedNixpkgs`: nixpkgs with `patches` applied.
|
||||
- `pkgs`: `nixpkgs.legacyPackages.${system}` with `patches` applied and also:
|
||||
- `config.allowUnfree` set to `true`
|
||||
- `lib.shb` holds functions defined by
|
||||
[`./lib/default.nix`](@REPO@/lib/default.nix)
|
||||
- `lib.evalModules` is patched to include patches provided by nixpkgs
|
||||
- `nixosSystem` is patched to include patches provided by nixpkgs
|
||||
|
||||
For normal usage, one should only need the provided `.nixosSystem`, `.pkgs` and
|
||||
in some cases `.nixpkgs`.
|
||||
|
||||
### Substituter {#usage-flake-substituter}
|
||||
|
||||
You can also use the public cache as a substituter with:
|
||||
|
|
@ -104,9 +80,11 @@ automatically merging the new `nixpkgs` version. The setup is explained in
|
|||
[repo]: https://github.com/ibizaman/selfhostblocks
|
||||
[automerge]: https://blog.tiserbox.com/posts/2023-12-25-automated-flake-lock-update-pull-requests-and-merging.html
|
||||
|
||||
### Use SelfHostBlocks' lib {#usage-lib}
|
||||
### SHB Lib {#usage-flake-lib}
|
||||
|
||||
Access any functions exposed by the [lib][lib] with this snippet:
|
||||
Providing patches to downstream users is finicky, to say the least.
|
||||
For example, using `selfhostblocks.inputs.nixpkgs` directly will _not_ work.
|
||||
So Self Host Blocks provides a few attributes under the `selfhostblocks.lib.${system}` flake output:
|
||||
|
||||
```nix
|
||||
{
|
||||
|
|
@ -115,15 +93,32 @@ Access any functions exposed by the [lib][lib] with this snippet:
|
|||
};
|
||||
outputs = { selfhostblocks, ... }:
|
||||
let
|
||||
lib = selfhostblocks.lib.${system};
|
||||
shb = selfhostblocks.lib.${system};
|
||||
in
|
||||
{
|
||||
// Use lib.shb.replaceSecrets for example.
|
||||
// Use shb.replaceSecrets for example.
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
[lib]: https://github.com/ibizaman/selfhostblocks/blob/main/lib/default.nix
|
||||
- At the top-level, all functions defined by SHB under
|
||||
[`./lib/default.nix`](@REPO@/lib/default.nix) and
|
||||
[`./test/common.nix`](@REPO@/test/common.nix).
|
||||
- `patches`: the list of patches applied by SHB [`./patches`](@REPO@/patches) to
|
||||
nixpkgs.
|
||||
- `contracts`: all contract modules.
|
||||
- `patchNixpkgs`: a re-export of `nixpkgs.legacyPackages.${system}.applyPatches`
|
||||
with the arguments made a bit more explicit.
|
||||
- `patchedNixpkgs`: nixpkgs with `patches` applied.
|
||||
- `pkgs`: `nixpkgs.legacyPackages.${system}` with `patches` applied and also:
|
||||
- `config.allowUnfree` set to `true`
|
||||
- `lib.shb` holds functions defined by
|
||||
[`./lib/default.nix`](@REPO@/lib/default.nix)
|
||||
- `lib.evalModules` is patched to include patches provided by nixpkgs
|
||||
- `nixosSystem` is patched to include patches provided by nixpkgs
|
||||
|
||||
For normal usage, one should only need the provided `.nixosSystem`, `.pkgs` and
|
||||
in some cases `.nixpkgs`.
|
||||
|
||||
## Example Deployment with Nixos-Rebuild {#usage-example-nixosrebuild}
|
||||
|
||||
|
|
@ -138,19 +133,13 @@ deployment system [nixos-rebuild][nixos-rebuild].
|
|||
selfhostblocks.url = "github:ibizaman/selfhostblocks";
|
||||
};
|
||||
|
||||
outputs = {
|
||||
self,
|
||||
selfhostblocks,
|
||||
}: let
|
||||
outputs = { self, selfhostblocks }: let
|
||||
system = "x86_64-linux";
|
||||
lib = selfhostblocks.lib.${system};
|
||||
|
||||
nixpkgs' = lib.shb.patchedNixpkgs;
|
||||
|
||||
nixosSystem' = import "${nixpkgs'}/nixos/lib/eval-config.nix";
|
||||
pkgs' = selfhostblocks.lib.${system}.pkgs;
|
||||
in {
|
||||
nixosConfigurations = {
|
||||
machine = nixosSystem' {
|
||||
machine = pkgs'.nixosSystem {
|
||||
inherit system;
|
||||
modules = [
|
||||
selfhostblocks.nixosModules.default
|
||||
|
|
|
|||
108
flake.nix
108
flake.nix
|
|
@ -46,46 +46,23 @@
|
|||
src = nixpkgs;
|
||||
inherit patches;
|
||||
};
|
||||
patchedNixpkgs = (
|
||||
patchNixpkgs {
|
||||
nixpkgs = inputs.nixpkgs;
|
||||
patches = shbPatches;
|
||||
inherit system;
|
||||
}
|
||||
);
|
||||
patchedNixpkgs =
|
||||
let
|
||||
patched = patchNixpkgs {
|
||||
nixpkgs = inputs.nixpkgs;
|
||||
patches = shbPatches;
|
||||
inherit system;
|
||||
};
|
||||
in
|
||||
patched
|
||||
// {
|
||||
nixosSystem = args: import "${patched}/nixos/lib/eval-config.nix" args;
|
||||
};
|
||||
pkgs = import patchedNixpkgs {
|
||||
inherit system;
|
||||
config.allowUnfree = true;
|
||||
overlays = [
|
||||
(final: prev: {
|
||||
lib = prev.lib // {
|
||||
shb = self.lib.${system};
|
||||
evalModules =
|
||||
args:
|
||||
((prev.lib.makeOverridable prev.lib.evalModules) args).override (prevAttrs: {
|
||||
specialArgs = (prevAttrs.specialArgs or { }) // {
|
||||
inherit (pkgs) lib;
|
||||
};
|
||||
});
|
||||
};
|
||||
nixosSystem =
|
||||
args:
|
||||
((prev.lib.makeOverridable (import "${patchedNixpkgs}/nixos/lib/eval-config.nix")) args).override
|
||||
(prevAttrs: {
|
||||
inherit (pkgs) lib;
|
||||
});
|
||||
prometheus-systemd-exporter = prev.prometheus-systemd-exporter.overrideAttrs {
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "ibizaman";
|
||||
repo = prev.prometheus-systemd-exporter.pname;
|
||||
# rev = "v${prev.prometheus-systemd-exporter.version}";
|
||||
rev = "next_timer";
|
||||
sha256 = "sha256-jzkh/616tsJbNxFtZ0xbdBQc16TMIYr9QOkPaeQw8xA=";
|
||||
};
|
||||
|
||||
vendorHash = "sha256-4hsQ1417jLNOAqGkfCkzrmEtYR4YLLW2j0CiJtPg6GI=";
|
||||
};
|
||||
})
|
||||
self.overlays.${system}.default
|
||||
];
|
||||
};
|
||||
|
||||
|
|
@ -231,26 +208,47 @@
|
|||
'';
|
||||
});
|
||||
|
||||
lib =
|
||||
(pkgs.callPackage ./lib { })
|
||||
// (pkgs.callPackage ./test/common.nix { })
|
||||
// {
|
||||
contracts = pkgs.callPackage ./modules/contracts { };
|
||||
patches = shbPatches;
|
||||
inherit patchNixpkgs patchedNixpkgs pkgs;
|
||||
lib = (pkgs.callPackage ./lib { }) // {
|
||||
test = pkgs.callPackage ./test/common.nix { };
|
||||
contracts = pkgs.callPackage ./modules/contracts {
|
||||
shb = self.lib.${system};
|
||||
};
|
||||
patches = shbPatches;
|
||||
inherit patchNixpkgs patchedNixpkgs;
|
||||
};
|
||||
|
||||
overlays.default = final: prev: {
|
||||
# shb = self.nixosModules.lib;
|
||||
prometheus-systemd-exporter = prev.prometheus-systemd-exporter.overrideAttrs {
|
||||
src = pkgs.fetchFromGitHub {
|
||||
owner = "ibizaman";
|
||||
repo = prev.prometheus-systemd-exporter.pname;
|
||||
# rev = "v${prev.prometheus-systemd-exporter.version}";
|
||||
rev = "next_timer";
|
||||
sha256 = "sha256-jzkh/616tsJbNxFtZ0xbdBQc16TMIYr9QOkPaeQw8xA=";
|
||||
};
|
||||
|
||||
vendorHash = "sha256-4hsQ1417jLNOAqGkfCkzrmEtYR4YLLW2j0CiJtPg6GI=";
|
||||
};
|
||||
};
|
||||
|
||||
checks =
|
||||
let
|
||||
inherit (pkgs.lib)
|
||||
foldl
|
||||
foldlAttrs
|
||||
removeAttrs
|
||||
mergeAttrs
|
||||
optionalAttrs
|
||||
;
|
||||
|
||||
importFiles = files: map (m: pkgs.callPackage m { }) files;
|
||||
importFiles =
|
||||
files:
|
||||
map (
|
||||
m:
|
||||
pkgs.callPackage m {
|
||||
shb = self.lib.${system};
|
||||
}
|
||||
) files;
|
||||
|
||||
mergeTests = foldl mergeAttrs { };
|
||||
|
||||
|
|
@ -267,15 +265,19 @@
|
|||
vm_test =
|
||||
name: path:
|
||||
flattenAttrs "vm_${name}" (
|
||||
removeAttrs (pkgs.callPackage path { }) [
|
||||
"override"
|
||||
"overrideDerivation"
|
||||
]
|
||||
removeAttrs
|
||||
(pkgs.callPackage path {
|
||||
shb = self.lib.${system};
|
||||
})
|
||||
[
|
||||
"override"
|
||||
"overrideDerivation"
|
||||
]
|
||||
);
|
||||
in
|
||||
(optionalAttrs (system == "x86_64-linux") (
|
||||
{
|
||||
modules = pkgs.lib.shb.check {
|
||||
modules = self.lib.${system}.check {
|
||||
inherit pkgs;
|
||||
tests = mergeTests (importFiles [
|
||||
./test/modules/davfs.nix
|
||||
|
|
@ -287,7 +289,9 @@
|
|||
# TODO: Make this not use IFD
|
||||
lib = nix-flake-tests.lib.check {
|
||||
inherit pkgs;
|
||||
tests = pkgs.callPackage ./test/modules/lib.nix { };
|
||||
tests = pkgs.callPackage ./test/modules/lib.nix {
|
||||
shb = self.lib.${system};
|
||||
};
|
||||
};
|
||||
}
|
||||
// (vm_test "arr" ./test/services/arr.nix)
|
||||
|
|
@ -416,6 +420,8 @@
|
|||
];
|
||||
};
|
||||
|
||||
nixosModules.lib = lib/module.nix;
|
||||
|
||||
nixosModules.authelia = modules/blocks/authelia.nix;
|
||||
nixosModules.borgbackup = modules/blocks/borgbackup.nix;
|
||||
nixosModules.davfs = modules/blocks/davfs.nix;
|
||||
|
|
|
|||
10
lib/module.nix
Normal file
10
lib/module.nix
Normal file
|
|
@ -0,0 +1,10 @@
|
|||
{ pkgs, lib, ... }:
|
||||
let
|
||||
shb = (import ./default.nix { inherit pkgs lib; });
|
||||
in
|
||||
{
|
||||
_module.args.shb = shb // {
|
||||
test = pkgs.callPackage ../test/common.nix { };
|
||||
contracts = pkgs.callPackage ../modules/contracts { inherit shb; };
|
||||
};
|
||||
}
|
||||
|
|
@ -3,6 +3,7 @@
|
|||
options,
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
|
||||
|
|
@ -10,8 +11,6 @@ let
|
|||
cfg = config.shb.authelia;
|
||||
opt = options.shb.authelia;
|
||||
|
||||
contracts = pkgs.callPackage ../contracts { };
|
||||
|
||||
fqdn = "${cfg.subdomain}.${cfg.domain}";
|
||||
fqdnWithPort = if isNull cfg.port then fqdn else "${fqdn}:${toString cfg.port}";
|
||||
|
||||
|
|
@ -23,6 +22,7 @@ let
|
|||
in
|
||||
{
|
||||
imports = [
|
||||
../../lib/module.nix
|
||||
./lldap.nix
|
||||
./mitmdump.nix
|
||||
./postgresql.nix
|
||||
|
|
@ -51,7 +51,7 @@ in
|
|||
|
||||
ssl = lib.mkOption {
|
||||
description = "Path to SSL files";
|
||||
type = lib.types.nullOr contracts.ssl.certs;
|
||||
type = lib.types.nullOr shb.contracts.ssl.certs;
|
||||
default = null;
|
||||
};
|
||||
|
||||
|
|
@ -86,7 +86,7 @@ in
|
|||
jwtSecret = lib.mkOption {
|
||||
description = "JWT secret.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
owner = cfg.autheliaUser;
|
||||
restartUnits = [ "authelia-${opt.subdomain}.${opt.domain}" ];
|
||||
|
|
@ -96,7 +96,7 @@ in
|
|||
ldapAdminPassword = lib.mkOption {
|
||||
description = "LDAP admin user password.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
owner = cfg.autheliaUser;
|
||||
restartUnits = [ "authelia-${opt.subdomain}.${opt.domain}" ];
|
||||
|
|
@ -106,7 +106,7 @@ in
|
|||
sessionSecret = lib.mkOption {
|
||||
description = "Session secret.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
owner = cfg.autheliaUser;
|
||||
restartUnits = [ "authelia-${opt.subdomain}.${opt.domain}" ];
|
||||
|
|
@ -116,7 +116,7 @@ in
|
|||
storageEncryptionKey = lib.mkOption {
|
||||
description = "Storage encryption key.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
owner = cfg.autheliaUser;
|
||||
restartUnits = [ "authelia-${opt.subdomain}.${opt.domain}" ];
|
||||
|
|
@ -126,7 +126,7 @@ in
|
|||
identityProvidersOIDCHMACSecret = lib.mkOption {
|
||||
description = "Identity provider OIDC HMAC secret.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
owner = cfg.autheliaUser;
|
||||
restartUnits = [ "authelia-${opt.subdomain}.${opt.domain}" ];
|
||||
|
|
@ -140,7 +140,7 @@ in
|
|||
Generate one with `nix run nixpkgs#openssl -- genrsa -out keypair.pem 2048`
|
||||
'';
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
owner = cfg.autheliaUser;
|
||||
restartUnits = [ "authelia-${opt.subdomain}.${opt.domain}" ];
|
||||
|
|
@ -204,7 +204,7 @@ in
|
|||
};
|
||||
|
||||
client_secret = lib.mkOption {
|
||||
type = lib.shb.secretFileType;
|
||||
type = shb.secretFileType;
|
||||
description = ''
|
||||
File containing the shared secret with the OIDC client.
|
||||
|
||||
|
|
@ -311,7 +311,7 @@ in
|
|||
password = lib.mkOption {
|
||||
description = "File containing the password to connect to the SMTP host.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
owner = cfg.autheliaUser;
|
||||
restartUnits = [ "authelia-${fqdn}" ];
|
||||
|
|
@ -331,7 +331,7 @@ in
|
|||
};
|
||||
|
||||
mount = lib.mkOption {
|
||||
type = contracts.mount;
|
||||
type = shb.contracts.mount;
|
||||
description = ''
|
||||
Mount configuration. This is an output option.
|
||||
|
||||
|
|
@ -354,7 +354,7 @@ in
|
|||
};
|
||||
|
||||
mountRedis = lib.mkOption {
|
||||
type = contracts.mount;
|
||||
type = shb.contracts.mount;
|
||||
description = ''
|
||||
Mount configuration for Redis. This is an output option.
|
||||
|
||||
|
|
@ -554,12 +554,12 @@ in
|
|||
let
|
||||
mkCfg =
|
||||
clients:
|
||||
lib.shb.replaceSecrets {
|
||||
shb.replaceSecrets {
|
||||
userConfig = {
|
||||
identity_providers.oidc.clients = clients;
|
||||
};
|
||||
resultPath = "/var/lib/authelia-${fqdn}/oidc_clients.yaml";
|
||||
generator = lib.shb.replaceSecretsGeneratorAdapter (lib.generators.toYAML { });
|
||||
generator = shb.replaceSecretsGeneratorAdapter (lib.generators.toYAML { });
|
||||
};
|
||||
in
|
||||
lib.mkBefore (
|
||||
|
|
|
|||
|
|
@ -3,14 +3,13 @@
|
|||
pkgs,
|
||||
lib,
|
||||
utils,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.shb.borgbackup;
|
||||
|
||||
contracts = pkgs.callPackage ../contracts { };
|
||||
|
||||
inherit (lib)
|
||||
concatStringsSep
|
||||
filterAttrs
|
||||
|
|
@ -56,7 +55,7 @@ let
|
|||
passphrase = lib.mkOption {
|
||||
description = "Encryption key for the backup repository.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
owner = config.request.user;
|
||||
ownerText = "[shb.borgbackup.${prefix}.<name>.request.user](#blocks-borgbackup-options-shb.borgbackup.${prefix}._name_.request.user)";
|
||||
|
|
@ -76,7 +75,7 @@ let
|
|||
};
|
||||
|
||||
secrets = mkOption {
|
||||
type = attrsOf lib.shb.secretFileType;
|
||||
type = attrsOf shb.secretFileType;
|
||||
default = { };
|
||||
description = ''
|
||||
Secrets needed to access the repository where the backups will be stored.
|
||||
|
|
@ -157,15 +156,19 @@ let
|
|||
fullName = name: repository: "borgbackup-job-${name}_${repoSlugName repository.path}";
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
../../lib/module.nix
|
||||
];
|
||||
|
||||
options.shb.borgbackup = {
|
||||
instances = mkOption {
|
||||
description = "Files to backup following the [backup contract](./contracts-backup.html).";
|
||||
description = "Files to backup following the [backup contract](./shb.contracts-backup.html).";
|
||||
default = { };
|
||||
type = attrsOf (
|
||||
submodule (
|
||||
{ name, config, ... }:
|
||||
{
|
||||
options = contracts.backup.mkProvider {
|
||||
options = shb.contracts.backup.mkProvider {
|
||||
settings = mkOption {
|
||||
description = ''
|
||||
Settings specific to the BorgBackup provider.
|
||||
|
|
@ -193,13 +196,13 @@ in
|
|||
};
|
||||
|
||||
databases = mkOption {
|
||||
description = "Databases to backup following the [database backup contract](./contracts-databasebackup.html).";
|
||||
description = "Databases to backup following the [database backup contract](./shb.contracts-databasebackup.html).";
|
||||
default = { };
|
||||
type = attrsOf (
|
||||
submodule (
|
||||
{ name, config, ... }:
|
||||
{
|
||||
options = contracts.databasebackup.mkProvider {
|
||||
options = shb.contracts.databasebackup.mkProvider {
|
||||
settings = mkOption {
|
||||
description = ''
|
||||
Settings specific to the BorgBackup provider.
|
||||
|
|
@ -397,10 +400,10 @@ in
|
|||
|
||||
"${serviceName}-pre" = mkIf (instance.settings.repository.secrets != { }) (
|
||||
let
|
||||
script = lib.shb.genConfigOutOfBandSystemd {
|
||||
script = shb.genConfigOutOfBandSystemd {
|
||||
config = instance.settings.repository.secrets;
|
||||
configLocation = "/run/secrets_borgbackup/${serviceName}";
|
||||
generator = lib.shb.toEnvVar;
|
||||
generator = shb.toEnvVar;
|
||||
user = instance.request.user;
|
||||
};
|
||||
in
|
||||
|
|
@ -424,13 +427,13 @@ in
|
|||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig.Type = "oneshot";
|
||||
script = (
|
||||
lib.shb.replaceSecrets {
|
||||
shb.replaceSecrets {
|
||||
userConfig = instance.settings.repository.secrets // {
|
||||
BORG_PASSCOMMAND = ''"cat ${instance.settings.passphrase.result.path}"'';
|
||||
BORG_REPO = instance.settings.repository.path;
|
||||
};
|
||||
resultPath = "/run/secrets_borgbackup_env/${fullName name instance.settings.repository}";
|
||||
generator = lib.shb.toEnvVar;
|
||||
generator = shb.toEnvVar;
|
||||
user = instance.request.user;
|
||||
}
|
||||
);
|
||||
|
|
|
|||
|
|
@ -118,7 +118,7 @@ Here we will only highlight the differences with the previous configuration.
|
|||
This assumes you have access to such a remote S3 store, for example by using [Backblaze](https://www.backblaze.com/).
|
||||
|
||||
```diff
|
||||
shb.backup.instances.myservice = {
|
||||
shb.test.backup.instances.myservice = {
|
||||
|
||||
repository = {
|
||||
- path = "/srv/pool1/backups/myfolder";
|
||||
|
|
@ -211,15 +211,15 @@ backupcfg = repositories: name: sourceDirectories {
|
|||
Now, we can define multiple backup jobs to backup different folders:
|
||||
|
||||
```nix
|
||||
shb.backup.instances.myfolder1 = backupcfg repos ["/var/lib/myfolder1"];
|
||||
shb.backup.instances.myfolder2 = backupcfg repos ["/var/lib/myfolder2"];
|
||||
shb.test.backup.instances.myfolder1 = backupcfg repos ["/var/lib/myfolder1"];
|
||||
shb.test.backup.instances.myfolder2 = backupcfg repos ["/var/lib/myfolder2"];
|
||||
```
|
||||
|
||||
The difference between the above snippet and putting all the folders into one configuration (shown
|
||||
below) is the former splits the backups into sub-folders on the repositories.
|
||||
|
||||
```nix
|
||||
shb.backup.instances.all = backupcfg repos ["/var/lib/myfolder1" "/var/lib/myfolder2"];
|
||||
shb.test.backup.instances.all = backupcfg repos ["/var/lib/myfolder1" "/var/lib/myfolder2"];
|
||||
```
|
||||
|
||||
## Monitoring {#blocks-borgbackup-monitoring}
|
||||
|
|
|
|||
|
|
@ -2,13 +2,12 @@
|
|||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.shb.hardcodedsecret;
|
||||
|
||||
contracts = pkgs.callPackage ../contracts { };
|
||||
|
||||
inherit (lib) mapAttrs' mkOption nameValuePair;
|
||||
inherit (lib.types)
|
||||
attrsOf
|
||||
|
|
@ -19,6 +18,10 @@ let
|
|||
inherit (pkgs) writeText;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
../../lib/module.nix
|
||||
];
|
||||
|
||||
options.shb.hardcodedsecret = mkOption {
|
||||
default = { };
|
||||
description = ''
|
||||
|
|
@ -40,7 +43,7 @@ in
|
|||
submodule (
|
||||
{ name, ... }:
|
||||
{
|
||||
options = contracts.secret.mkProvider {
|
||||
options = shb.contracts.secret.mkProvider {
|
||||
settings = mkOption {
|
||||
description = ''
|
||||
Settings specific to the hardcoded secret module.
|
||||
|
|
|
|||
|
|
@ -2,14 +2,13 @@
|
|||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.shb.lldap;
|
||||
|
||||
contracts = pkgs.callPackage ../contracts { };
|
||||
|
||||
fqdn = "${cfg.subdomain}.${cfg.domain}";
|
||||
|
||||
inherit (lib) mkOption types;
|
||||
|
|
@ -54,6 +53,7 @@ let
|
|||
in
|
||||
{
|
||||
imports = [
|
||||
../../lib/module.nix
|
||||
./mitmdump.nix
|
||||
|
||||
(lib.mkRenamedOptionModule [ "shb" "ldap" ] [ "shb" "lldap" ])
|
||||
|
|
@ -88,7 +88,7 @@ in
|
|||
|
||||
ssl = lib.mkOption {
|
||||
description = "Path to SSL files";
|
||||
type = lib.types.nullOr contracts.ssl.certs;
|
||||
type = lib.types.nullOr shb.contracts.ssl.certs;
|
||||
default = null;
|
||||
};
|
||||
|
||||
|
|
@ -101,7 +101,7 @@ in
|
|||
ldapUserPassword = lib.mkOption {
|
||||
description = "LDAP admin user secret.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0440";
|
||||
owner = "lldap";
|
||||
group = "lldap";
|
||||
|
|
@ -113,7 +113,7 @@ in
|
|||
jwtSecret = lib.mkOption {
|
||||
description = "JWT secret.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0440";
|
||||
owner = "lldap";
|
||||
group = "lldap";
|
||||
|
|
@ -136,7 +136,7 @@ in
|
|||
};
|
||||
|
||||
mount = lib.mkOption {
|
||||
type = contracts.mount;
|
||||
type = shb.contracts.mount;
|
||||
description = ''
|
||||
Mount configuration. This is an output option.
|
||||
|
||||
|
|
@ -160,7 +160,7 @@ in
|
|||
Backup configuration.
|
||||
'';
|
||||
type = lib.types.submodule {
|
||||
options = contracts.backup.mkRequester {
|
||||
options = shb.contracts.backup.mkRequester {
|
||||
# TODO: is there a workaround that avoid needing to use root?
|
||||
# root because otherwise we cannot access the private StateDiretory
|
||||
user = "root";
|
||||
|
|
@ -203,7 +203,7 @@ in
|
|||
password = mkOption {
|
||||
description = "Password.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0440";
|
||||
owner = "lldap";
|
||||
group = "lldap";
|
||||
|
|
|
|||
|
|
@ -2,14 +2,13 @@
|
|||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.shb.monitoring;
|
||||
|
||||
contracts = pkgs.callPackage ../contracts { };
|
||||
|
||||
fqdn = "${cfg.subdomain}.${cfg.domain}";
|
||||
|
||||
commonLabels = {
|
||||
|
|
@ -49,7 +48,7 @@ in
|
|||
|
||||
ssl = lib.mkOption {
|
||||
description = "Path to SSL files";
|
||||
type = lib.types.nullOr contracts.ssl.certs;
|
||||
type = lib.types.nullOr shb.contracts.ssl.certs;
|
||||
default = null;
|
||||
};
|
||||
|
||||
|
|
@ -112,7 +111,7 @@ in
|
|||
adminPassword = lib.mkOption {
|
||||
description = "Initial admin password.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
owner = "grafana";
|
||||
group = "grafana";
|
||||
|
|
@ -124,7 +123,7 @@ in
|
|||
secretKey = lib.mkOption {
|
||||
description = "Secret key used for signing.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
owner = "grafana";
|
||||
group = "grafana";
|
||||
|
|
@ -226,7 +225,7 @@ in
|
|||
sharedSecret = lib.mkOption {
|
||||
description = "OIDC shared secret for Grafana.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
owner = "grafana";
|
||||
restartUnits = [
|
||||
"grafana.service"
|
||||
|
|
@ -238,7 +237,7 @@ in
|
|||
sharedSecretForAuthelia = lib.mkOption {
|
||||
description = "OIDC shared secret for Authelia. Must be the same as `sharedSecret`";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
ownerText = "config.shb.authelia.autheliaUser";
|
||||
owner = config.shb.authelia.autheliaUser;
|
||||
|
|
|
|||
|
|
@ -1,15 +1,13 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.shb.nginx;
|
||||
|
||||
contracts = pkgs.callPackage ../contracts { };
|
||||
|
||||
fqdn = c: "${c.subdomain}.${c.domain}";
|
||||
|
||||
vhostConfig = lib.types.submodule {
|
||||
|
|
@ -28,7 +26,7 @@ let
|
|||
|
||||
ssl = lib.mkOption {
|
||||
description = "Path to SSL files";
|
||||
type = lib.types.nullOr contracts.ssl.certs;
|
||||
type = lib.types.nullOr shb.contracts.ssl.certs;
|
||||
default = null;
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -2,11 +2,11 @@
|
|||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.shb.postgresql;
|
||||
contracts = pkgs.callPackage ../contracts { };
|
||||
|
||||
upgrade-script =
|
||||
old: new:
|
||||
|
|
@ -39,6 +39,10 @@ let
|
|||
'';
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
../../lib/module.nix
|
||||
];
|
||||
|
||||
options.shb.postgresql = {
|
||||
debug = lib.mkOption {
|
||||
type = lib.types.bool;
|
||||
|
|
@ -63,7 +67,7 @@ in
|
|||
|
||||
default = { };
|
||||
type = lib.types.submodule {
|
||||
options = contracts.databasebackup.mkRequester {
|
||||
options = shb.contracts.databasebackup.mkRequester {
|
||||
user = "postgres";
|
||||
|
||||
backupName = "postgres.sql";
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
utils,
|
||||
...
|
||||
}:
|
||||
|
|
@ -9,8 +10,6 @@
|
|||
let
|
||||
cfg = config.shb.restic;
|
||||
|
||||
contracts = pkgs.callPackage ../contracts { };
|
||||
|
||||
inherit (lib)
|
||||
concatStringsSep
|
||||
filterAttrs
|
||||
|
|
@ -60,7 +59,7 @@ let
|
|||
passphrase = lib.mkOption {
|
||||
description = "Encryption key for the backup repository.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
owner = config.request.user;
|
||||
ownerText = "[shb.restic.${prefix}.<name>.request.user](#blocks-restic-options-shb.restic.${prefix}._name_.request.user)";
|
||||
|
|
@ -80,7 +79,7 @@ let
|
|||
};
|
||||
|
||||
secrets = mkOption {
|
||||
type = attrsOf lib.shb.secretFileType;
|
||||
type = attrsOf shb.secretFileType;
|
||||
default = { };
|
||||
description = ''
|
||||
Secrets needed to access the repository where the backups will be stored.
|
||||
|
|
@ -148,15 +147,19 @@ let
|
|||
fullName = name: repository: "restic-backups-${name}_${repoSlugName repository.path}";
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
../../lib/module.nix
|
||||
];
|
||||
|
||||
options.shb.restic = {
|
||||
instances = mkOption {
|
||||
description = "Files to backup following the [backup contract](./contracts-backup.html).";
|
||||
description = "Files to backup following the [backup contract](./shb.contracts-backup.html).";
|
||||
default = { };
|
||||
type = attrsOf (
|
||||
submodule (
|
||||
{ name, config, ... }:
|
||||
{
|
||||
options = contracts.backup.mkProvider {
|
||||
options = shb.contracts.backup.mkProvider {
|
||||
settings = mkOption {
|
||||
description = ''
|
||||
Settings specific to the Restic provider.
|
||||
|
|
@ -184,13 +187,13 @@ in
|
|||
};
|
||||
|
||||
databases = mkOption {
|
||||
description = "Databases to backup following the [database backup contract](./contracts-databasebackup.html).";
|
||||
description = "Databases to backup following the [database backup contract](./shb.contracts-databasebackup.html).";
|
||||
default = { };
|
||||
type = attrsOf (
|
||||
submodule (
|
||||
{ name, config, ... }:
|
||||
{
|
||||
options = contracts.databasebackup.mkProvider {
|
||||
options = shb.contracts.databasebackup.mkProvider {
|
||||
settings = mkOption {
|
||||
description = ''
|
||||
Settings specific to the Restic provider.
|
||||
|
|
@ -380,10 +383,10 @@ in
|
|||
|
||||
"${serviceName}-pre" = mkIf (instance.settings.repository.secrets != { }) (
|
||||
let
|
||||
script = lib.shb.genConfigOutOfBandSystemd {
|
||||
script = shb.genConfigOutOfBandSystemd {
|
||||
config = instance.settings.repository.secrets;
|
||||
configLocation = "/run/secrets_restic/${serviceName}";
|
||||
generator = lib.shb.toEnvVar;
|
||||
generator = shb.toEnvVar;
|
||||
user = instance.request.user;
|
||||
};
|
||||
in
|
||||
|
|
@ -407,13 +410,13 @@ in
|
|||
wantedBy = [ "multi-user.target" ];
|
||||
serviceConfig.Type = "oneshot";
|
||||
script = (
|
||||
lib.shb.replaceSecrets {
|
||||
shb.replaceSecrets {
|
||||
userConfig = instance.settings.repository.secrets // {
|
||||
RESTIC_PASSWORD_FILE = toString instance.settings.passphrase.result.path;
|
||||
RESTIC_REPOSITORY = instance.settings.repository.path;
|
||||
};
|
||||
resultPath = "/run/secrets_restic_env/${fullName name instance.settings.repository}";
|
||||
generator = lib.shb.toEnvVar;
|
||||
generator = shb.toEnvVar;
|
||||
user = instance.request.user;
|
||||
}
|
||||
);
|
||||
|
|
|
|||
|
|
@ -118,7 +118,7 @@ Here we will only highlight the differences with the previous configuration.
|
|||
This assumes you have access to such a remote S3 store, for example by using [Backblaze](https://www.backblaze.com/).
|
||||
|
||||
```diff
|
||||
shb.backup.instances.myservice = {
|
||||
shb.test.backup.instances.myservice = {
|
||||
|
||||
repository = {
|
||||
- path = "/srv/pool1/backups/myfolder";
|
||||
|
|
@ -211,15 +211,15 @@ backupcfg = repositories: name: sourceDirectories {
|
|||
Now, we can define multiple backup jobs to backup different folders:
|
||||
|
||||
```nix
|
||||
shb.backup.instances.myfolder1 = backupcfg repos ["/var/lib/myfolder1"];
|
||||
shb.backup.instances.myfolder2 = backupcfg repos ["/var/lib/myfolder2"];
|
||||
shb.test.backup.instances.myfolder1 = backupcfg repos ["/var/lib/myfolder1"];
|
||||
shb.test.backup.instances.myfolder2 = backupcfg repos ["/var/lib/myfolder2"];
|
||||
```
|
||||
|
||||
The difference between the above snippet and putting all the folders into one configuration (shown
|
||||
below) is the former splits the backups into sub-folders on the repositories.
|
||||
|
||||
```nix
|
||||
shb.backup.instances.all = backupcfg repos ["/var/lib/myfolder1" "/var/lib/myfolder2"];
|
||||
shb.test.backup.instances.all = backupcfg repos ["/var/lib/myfolder1" "/var/lib/myfolder2"];
|
||||
```
|
||||
|
||||
## Monitoring {#blocks-restic-monitoring}
|
||||
|
|
|
|||
|
|
@ -1,18 +1,20 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
let
|
||||
inherit (lib) mapAttrs mkOption;
|
||||
inherit (lib.types) attrsOf anything submodule;
|
||||
|
||||
contracts = pkgs.callPackage ../contracts { };
|
||||
|
||||
cfg = config.shb.sops;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
../../lib/module.nix
|
||||
];
|
||||
|
||||
options.shb.sops = {
|
||||
secret = mkOption {
|
||||
description = "Secret following the [secret contract](./contracts-secret.html).";
|
||||
|
|
@ -21,7 +23,7 @@ in
|
|||
submodule (
|
||||
{ name, options, ... }:
|
||||
{
|
||||
options = contracts.secret.mkProvider {
|
||||
options = shb.contracts.secret.mkProvider {
|
||||
settings = mkOption {
|
||||
description = ''
|
||||
Settings specific to the Sops provider.
|
||||
|
|
|
|||
|
|
@ -2,14 +2,13 @@
|
|||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.shb.certs;
|
||||
|
||||
contracts = pkgs.callPackage ../contracts { };
|
||||
|
||||
inherit (builtins) dirOf;
|
||||
inherit (lib)
|
||||
flatten
|
||||
|
|
@ -20,6 +19,10 @@ let
|
|||
;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
../../lib/module.nix
|
||||
];
|
||||
|
||||
options.shb.certs = {
|
||||
systemdService = lib.mkOption {
|
||||
description = ''
|
||||
|
|
@ -51,7 +54,7 @@ in
|
|||
|
||||
This option implements the SSL Generator contract.
|
||||
'';
|
||||
type = contracts.ssl.certs-paths;
|
||||
type = shb.contracts.ssl.certs-paths;
|
||||
default = {
|
||||
key = "/var/lib/certs/cas/${config._module.args.name}.key";
|
||||
cert = "/var/lib/certs/cas/${config._module.args.name}.cert";
|
||||
|
|
@ -81,7 +84,7 @@ in
|
|||
{
|
||||
options = {
|
||||
ca = lib.mkOption {
|
||||
type = lib.types.nullOr contracts.ssl.cas;
|
||||
type = lib.types.nullOr shb.contracts.ssl.cas;
|
||||
description = ''
|
||||
CA used to generate this certificate. Only used for self-signed.
|
||||
|
||||
|
|
@ -128,7 +131,7 @@ in
|
|||
|
||||
This option implements the SSL Generator contract.
|
||||
'';
|
||||
type = contracts.ssl.certs-paths;
|
||||
type = shb.contracts.ssl.certs-paths;
|
||||
default = {
|
||||
key = "/var/lib/certs/selfsigned/${config._module.args.name}.key";
|
||||
cert = "/var/lib/certs/selfsigned/${config._module.args.name}.cert";
|
||||
|
|
@ -196,7 +199,7 @@ in
|
|||
|
||||
This option implements the SSL Generator contract.
|
||||
'';
|
||||
type = contracts.ssl.certs-paths;
|
||||
type = shb.contracts.ssl.certs-paths;
|
||||
default = {
|
||||
key = "/var/lib/acme/${config._module.args.name}/key.pem";
|
||||
cert = "/var/lib/acme/${config._module.args.name}/cert.pem";
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, ... }:
|
||||
{ lib, shb, ... }:
|
||||
let
|
||||
inherit (lib)
|
||||
concatStringsSep
|
||||
|
|
@ -13,7 +13,7 @@ let
|
|||
submodule
|
||||
str
|
||||
;
|
||||
inherit (lib.shb) anyNotNull;
|
||||
inherit (shb) anyNotNull;
|
||||
in
|
||||
{
|
||||
mkRequest =
|
||||
|
|
|
|||
|
|
@ -1,11 +1,13 @@
|
|||
{ pkgs, lib, ... }:
|
||||
{ lib, shb, ... }:
|
||||
let
|
||||
contracts = pkgs.callPackage ../. { };
|
||||
|
||||
inherit (lib) mkOption;
|
||||
inherit (lib.types) submodule;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
../../../lib/module.nix
|
||||
];
|
||||
|
||||
options.shb.contracts.backup = mkOption {
|
||||
description = ''
|
||||
Contract for backing up files
|
||||
|
|
@ -23,7 +25,7 @@ in
|
|||
'';
|
||||
|
||||
type = submodule {
|
||||
options = contracts.backup.contract;
|
||||
options = shb.contracts.backup.contract;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,8 @@
|
|||
{ pkgs, lib }:
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
}:
|
||||
let
|
||||
inherit (lib)
|
||||
concatMapStringsSep
|
||||
|
|
@ -20,13 +24,13 @@ in
|
|||
settings, # { repository, config } -> attrset
|
||||
extraConfig ? null, # { username, config } -> attrset
|
||||
}:
|
||||
lib.shb.runNixOSTest {
|
||||
shb.test.runNixOSTest {
|
||||
inherit name;
|
||||
|
||||
nodes.machine =
|
||||
{ config, ... }:
|
||||
{
|
||||
imports = [ lib.shb.baseImports ] ++ modules;
|
||||
imports = [ shb.test.baseImports ] ++ modules;
|
||||
|
||||
config = lib.mkMerge [
|
||||
(setAttrByPath providerRoot {
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, ... }:
|
||||
{ lib, shb, ... }:
|
||||
let
|
||||
inherit (lib)
|
||||
mkOption
|
||||
|
|
@ -8,7 +8,7 @@ let
|
|||
optionalString
|
||||
;
|
||||
inherit (lib.types) submodule str;
|
||||
inherit (lib.shb) anyNotNull;
|
||||
inherit (shb) anyNotNull;
|
||||
in
|
||||
{
|
||||
mkRequest =
|
||||
|
|
|
|||
|
|
@ -1,11 +1,13 @@
|
|||
{ pkgs, lib, ... }:
|
||||
{ lib, shb, ... }:
|
||||
let
|
||||
contracts = pkgs.callPackage ../. { };
|
||||
|
||||
inherit (lib) mkOption;
|
||||
inherit (lib.types) submodule;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
../../../lib/module.nix
|
||||
];
|
||||
|
||||
options.shb.contracts.databasebackup = mkOption {
|
||||
description = ''
|
||||
Contract for database backup between a requester module
|
||||
|
|
@ -23,7 +25,7 @@ in
|
|||
'';
|
||||
|
||||
type = submodule {
|
||||
options = contracts.databasebackup.contract;
|
||||
options = shb.contracts.databasebackup.contract;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,8 @@
|
|||
{ pkgs, lib }:
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
}:
|
||||
let
|
||||
inherit (lib)
|
||||
getAttrFromPath
|
||||
|
|
@ -16,13 +20,13 @@ in
|
|||
database ? "me",
|
||||
settings, # { repository, config } -> attrset
|
||||
}:
|
||||
lib.shb.runNixOSTest {
|
||||
shb.test.runNixOSTest {
|
||||
inherit name;
|
||||
|
||||
nodes.machine =
|
||||
{ config, ... }:
|
||||
{
|
||||
imports = [ lib.shb.baseImports ] ++ modules;
|
||||
imports = [ shb.test.baseImports ] ++ modules;
|
||||
config = lib.mkMerge [
|
||||
(setAttrByPath providerRoot {
|
||||
request = (getAttrFromPath requesterRoot config).request;
|
||||
|
|
|
|||
|
|
@ -1,4 +1,8 @@
|
|||
{ pkgs, lib }:
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
}:
|
||||
let
|
||||
inherit (lib) mkOption optionalAttrs;
|
||||
inherit (lib.types) anything;
|
||||
|
|
@ -44,7 +48,7 @@ let
|
|||
importContract =
|
||||
module:
|
||||
let
|
||||
importedModule = pkgs.callPackage module { };
|
||||
importedModule = pkgs.callPackage module { inherit shb; };
|
||||
in
|
||||
mkContractFunctions {
|
||||
inherit (importedModule) mkRequest mkResult;
|
||||
|
|
@ -57,8 +61,8 @@ in
|
|||
secret = importContract ./secret.nix;
|
||||
ssl = pkgs.callPackage ./ssl.nix { };
|
||||
test = {
|
||||
secret = pkgs.callPackage ./secret/test.nix { };
|
||||
databasebackup = pkgs.callPackage ./databasebackup/test.nix { };
|
||||
backup = pkgs.callPackage ./backup/test.nix { };
|
||||
secret = pkgs.callPackage ./secret/test.nix { inherit shb; };
|
||||
databasebackup = pkgs.callPackage ./databasebackup/test.nix { inherit shb; };
|
||||
backup = pkgs.callPackage ./backup/test.nix { inherit shb; };
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, ... }:
|
||||
{ lib, shb, ... }:
|
||||
let
|
||||
inherit (lib)
|
||||
concatStringsSep
|
||||
|
|
@ -8,7 +8,7 @@ let
|
|||
optionalString
|
||||
;
|
||||
inherit (lib.types) listOf submodule str;
|
||||
inherit (lib.shb) anyNotNull;
|
||||
inherit (shb) anyNotNull;
|
||||
in
|
||||
{
|
||||
mkRequest =
|
||||
|
|
|
|||
|
|
@ -1,11 +1,13 @@
|
|||
{ pkgs, lib, ... }:
|
||||
{ lib, shb, ... }:
|
||||
let
|
||||
contracts = pkgs.callPackage ../. { };
|
||||
|
||||
inherit (lib) mkOption;
|
||||
inherit (lib.types) submodule;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
../../../lib/module.nix
|
||||
];
|
||||
|
||||
options.shb.contracts.secret = mkOption {
|
||||
description = ''
|
||||
Contract for secrets between a requester module
|
||||
|
|
@ -21,7 +23,7 @@ in
|
|||
through the `result.*` options.
|
||||
'';
|
||||
type = submodule {
|
||||
options = contracts.secret.contract;
|
||||
options = shb.contracts.secret.contract;
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,4 +1,8 @@
|
|||
{ pkgs, lib }:
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
}:
|
||||
let
|
||||
inherit (lib) getAttrFromPath setAttrByPath;
|
||||
inherit (lib) mkIf;
|
||||
|
|
@ -13,13 +17,13 @@ in
|
|||
mode ? "0400",
|
||||
restartUnits ? [ "myunit.service" ],
|
||||
}:
|
||||
lib.shb.runNixOSTest {
|
||||
shb.test.runNixOSTest {
|
||||
name = "secret_${name}_${owner}_${group}_${mode}";
|
||||
|
||||
nodes.machine =
|
||||
{ config, ... }:
|
||||
{
|
||||
imports = [ lib.shb.baseImports ] ++ modules;
|
||||
imports = [ shb.test.baseImports ] ++ modules;
|
||||
config = lib.mkMerge [
|
||||
(setAttrByPath configRoot {
|
||||
A = {
|
||||
|
|
|
|||
|
|
@ -1,10 +1,11 @@
|
|||
{ pkgs, lib, ... }:
|
||||
let
|
||||
contracts = pkgs.callPackage ../. { };
|
||||
in
|
||||
{ lib, shb, ... }:
|
||||
{
|
||||
imports = [
|
||||
../../../lib/module.nix
|
||||
];
|
||||
|
||||
options.shb.contracts.ssl = lib.mkOption {
|
||||
description = "Contract for SSL Certificate generator.";
|
||||
type = contracts.ssl.certs;
|
||||
type = shb.contracts.ssl.certs;
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,17 +2,16 @@
|
|||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.shb.arr;
|
||||
|
||||
contracts = pkgs.callPackage ../contracts { };
|
||||
|
||||
apps = {
|
||||
radarr = {
|
||||
settingsFormat = lib.shb.formatXML { enclosingRoot = "Config"; };
|
||||
settingsFormat = shb.formatXML { enclosingRoot = "Config"; };
|
||||
moreOptions = {
|
||||
settings = lib.mkOption {
|
||||
description = "Specific options for radarr.";
|
||||
|
|
@ -21,7 +20,7 @@ let
|
|||
freeformType = apps.radarr.settingsFormat.type;
|
||||
options = {
|
||||
ApiKey = lib.mkOption {
|
||||
type = lib.shb.secretFileType;
|
||||
type = shb.secretFileType;
|
||||
description = "Path to api key secret file.";
|
||||
};
|
||||
LogLevel = lib.mkOption {
|
||||
|
|
@ -73,7 +72,7 @@ let
|
|||
};
|
||||
};
|
||||
sonarr = {
|
||||
settingsFormat = lib.shb.formatXML { enclosingRoot = "Config"; };
|
||||
settingsFormat = shb.formatXML { enclosingRoot = "Config"; };
|
||||
moreOptions = {
|
||||
settings = lib.mkOption {
|
||||
description = "Specific options for sonarr.";
|
||||
|
|
@ -82,7 +81,7 @@ let
|
|||
freeformType = apps.sonarr.settingsFormat.type;
|
||||
options = {
|
||||
ApiKey = lib.mkOption {
|
||||
type = lib.shb.secretFileType;
|
||||
type = shb.secretFileType;
|
||||
description = "Path to api key secret file.";
|
||||
};
|
||||
LogLevel = lib.mkOption {
|
||||
|
|
@ -129,7 +128,7 @@ let
|
|||
};
|
||||
};
|
||||
bazarr = {
|
||||
settingsFormat = lib.shb.formatXML { enclosingRoot = "Config"; };
|
||||
settingsFormat = shb.formatXML { enclosingRoot = "Config"; };
|
||||
moreOptions = {
|
||||
settings = lib.mkOption {
|
||||
description = "Specific options for bazarr.";
|
||||
|
|
@ -157,7 +156,7 @@ let
|
|||
};
|
||||
};
|
||||
readarr = {
|
||||
settingsFormat = lib.shb.formatXML { enclosingRoot = "Config"; };
|
||||
settingsFormat = shb.formatXML { enclosingRoot = "Config"; };
|
||||
moreOptions = {
|
||||
settings = lib.mkOption {
|
||||
description = "Specific options for readarr.";
|
||||
|
|
@ -184,7 +183,7 @@ let
|
|||
};
|
||||
};
|
||||
lidarr = {
|
||||
settingsFormat = lib.shb.formatXML { enclosingRoot = "Config"; };
|
||||
settingsFormat = shb.formatXML { enclosingRoot = "Config"; };
|
||||
moreOptions = {
|
||||
settings = lib.mkOption {
|
||||
description = "Specific options for lidarr.";
|
||||
|
|
@ -220,7 +219,7 @@ let
|
|||
freeformType = apps.jackett.settingsFormat.type;
|
||||
options = {
|
||||
ApiKey = lib.mkOption {
|
||||
type = lib.shb.secretFileType;
|
||||
type = shb.secretFileType;
|
||||
description = "Path to api key secret file.";
|
||||
};
|
||||
FlareSolverrUrl = lib.mkOption {
|
||||
|
|
@ -229,7 +228,7 @@ let
|
|||
default = null;
|
||||
};
|
||||
OmdbApiKey = lib.mkOption {
|
||||
type = lib.types.nullOr lib.shb.secretFileType;
|
||||
type = lib.types.nullOr shb.secretFileType;
|
||||
description = "File containing the Open Movie Database API key.";
|
||||
default = null;
|
||||
};
|
||||
|
|
@ -341,7 +340,7 @@ let
|
|||
|
||||
ssl = lib.mkOption {
|
||||
description = "Path to SSL files";
|
||||
type = lib.types.nullOr contracts.ssl.certs;
|
||||
type = lib.types.nullOr shb.contracts.ssl.certs;
|
||||
default = null;
|
||||
};
|
||||
|
||||
|
|
@ -358,7 +357,7 @@ let
|
|||
'';
|
||||
default = { };
|
||||
type = lib.types.submodule {
|
||||
options = contracts.backup.mkRequester {
|
||||
options = shb.contracts.backup.mkRequester {
|
||||
user = name;
|
||||
sourceDirectories = [
|
||||
cfg.${name}.dataDir
|
||||
|
|
@ -379,6 +378,7 @@ let
|
|||
in
|
||||
{
|
||||
imports = [
|
||||
../../lib/module.nix
|
||||
../blocks/nginx.nix
|
||||
];
|
||||
|
||||
|
|
@ -398,7 +398,7 @@ in
|
|||
dataDir = "/var/lib/radarr";
|
||||
};
|
||||
|
||||
systemd.services.radarr.preStart = lib.shb.replaceSecrets {
|
||||
systemd.services.radarr.preStart = shb.replaceSecrets {
|
||||
userConfig =
|
||||
cfg'.settings
|
||||
// (lib.optionalAttrs isSSOEnabled {
|
||||
|
|
@ -406,7 +406,7 @@ in
|
|||
AuthenticationMethod = "External";
|
||||
});
|
||||
resultPath = "${config.services.radarr.dataDir}/config.xml";
|
||||
generator = lib.shb.replaceSecretsFormatAdapter apps.radarr.settingsFormat;
|
||||
generator = shb.replaceSecretsFormatAdapter apps.radarr.settingsFormat;
|
||||
};
|
||||
|
||||
shb.nginx.vhosts = [ (vhosts { } cfg') ];
|
||||
|
|
@ -429,7 +429,7 @@ in
|
|||
extraGroups = [ "media" ];
|
||||
};
|
||||
|
||||
systemd.services.sonarr.preStart = lib.shb.replaceSecrets {
|
||||
systemd.services.sonarr.preStart = shb.replaceSecrets {
|
||||
userConfig =
|
||||
cfg'.settings
|
||||
// (lib.optionalAttrs isSSOEnabled {
|
||||
|
|
@ -457,7 +457,7 @@ in
|
|||
users.users.bazarr = {
|
||||
extraGroups = [ "media" ];
|
||||
};
|
||||
systemd.services.bazarr.preStart = lib.shb.replaceSecrets {
|
||||
systemd.services.bazarr.preStart = shb.replaceSecrets {
|
||||
userConfig =
|
||||
cfg'.settings
|
||||
// (lib.optionalAttrs isSSOEnabled {
|
||||
|
|
@ -484,7 +484,7 @@ in
|
|||
users.users.readarr = {
|
||||
extraGroups = [ "media" ];
|
||||
};
|
||||
systemd.services.readarr.preStart = lib.shb.replaceSecrets {
|
||||
systemd.services.readarr.preStart = shb.replaceSecrets {
|
||||
userConfig = cfg'.settings;
|
||||
resultPath = "${config.services.readarr.dataDir}/config.xml";
|
||||
generator = apps.readarr.settingsFormat.generate;
|
||||
|
|
@ -507,7 +507,7 @@ in
|
|||
users.users.lidarr = {
|
||||
extraGroups = [ "media" ];
|
||||
};
|
||||
systemd.services.lidarr.preStart = lib.shb.replaceSecrets {
|
||||
systemd.services.lidarr.preStart = shb.replaceSecrets {
|
||||
userConfig =
|
||||
cfg'.settings
|
||||
// (lib.optionalAttrs isSSOEnabled {
|
||||
|
|
@ -535,8 +535,8 @@ in
|
|||
users.users.jackett = {
|
||||
extraGroups = [ "media" ];
|
||||
};
|
||||
systemd.services.jackett.preStart = lib.shb.replaceSecrets {
|
||||
userConfig = lib.shb.renameAttrName cfg'.settings "ApiKey" "APIKey";
|
||||
systemd.services.jackett.preStart = shb.replaceSecrets {
|
||||
userConfig = shb.renameAttrName cfg'.settings "ApiKey" "APIKey";
|
||||
resultPath = "${config.services.jackett.dataDir}/ServerConfig.json";
|
||||
generator = apps.jackett.settingsFormat.generate;
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,15 +1,13 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.shb.audiobookshelf;
|
||||
|
||||
contracts = pkgs.callPackage ../contracts { };
|
||||
|
||||
fqdn = "${cfg.subdomain}.${cfg.domain}";
|
||||
|
||||
roleClaim = "audiobookshelf_groups";
|
||||
|
|
@ -38,7 +36,7 @@ in
|
|||
|
||||
ssl = lib.mkOption {
|
||||
description = "Path to SSL files";
|
||||
type = lib.types.nullOr contracts.ssl.certs;
|
||||
type = lib.types.nullOr shb.contracts.ssl.certs;
|
||||
default = null;
|
||||
};
|
||||
|
||||
|
|
@ -103,7 +101,7 @@ in
|
|||
sharedSecret = lib.mkOption {
|
||||
description = "OIDC shared secret for Audiobookshelf.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0440";
|
||||
owner = "audiobookshelf";
|
||||
group = "audiobookshelf";
|
||||
|
|
@ -115,7 +113,7 @@ in
|
|||
sharedSecretForAuthelia = lib.mkOption {
|
||||
description = "OIDC shared secret for Authelia.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
ownerText = "config.shb.authelia.autheliaUser";
|
||||
owner = config.shb.authelia.autheliaUser;
|
||||
|
|
@ -131,7 +129,7 @@ in
|
|||
Backup configuration.
|
||||
'';
|
||||
type = lib.types.submodule {
|
||||
options = contracts.backup.mkRequester {
|
||||
options = shb.contracts.backup.mkRequester {
|
||||
user = "audiobookshelf";
|
||||
sourceDirectories = [
|
||||
"/var/lib/audiobookshelf"
|
||||
|
|
|
|||
|
|
@ -2,14 +2,13 @@
|
|||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.shb.deluge;
|
||||
|
||||
contracts = pkgs.callPackage ../contracts { };
|
||||
|
||||
fqdn = "${cfg.subdomain}.${cfg.domain}";
|
||||
|
||||
authGenerator =
|
||||
|
|
@ -29,6 +28,7 @@ let
|
|||
in
|
||||
{
|
||||
imports = [
|
||||
../../lib/module.nix
|
||||
../blocks/nginx.nix
|
||||
];
|
||||
|
||||
|
|
@ -49,7 +49,7 @@ in
|
|||
|
||||
ssl = lib.mkOption {
|
||||
description = "Path to SSL files";
|
||||
type = lib.types.nullOr contracts.ssl.certs;
|
||||
type = lib.types.nullOr shb.contracts.ssl.certs;
|
||||
default = null;
|
||||
};
|
||||
|
||||
|
|
@ -194,7 +194,7 @@ in
|
|||
lib.types.submodule {
|
||||
options = {
|
||||
password = lib.mkOption {
|
||||
type = lib.shb.secretFileType;
|
||||
type = shb.secretFileType;
|
||||
description = "File containing the user password.";
|
||||
};
|
||||
};
|
||||
|
|
@ -205,7 +205,7 @@ in
|
|||
localclientPassword = lib.mkOption {
|
||||
description = "Password for mandatory localclient user.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
owner = "deluge";
|
||||
restartUnits = [ "deluged.service" ];
|
||||
};
|
||||
|
|
@ -216,7 +216,7 @@ in
|
|||
description = "Password for prometheus scraper. Setting this option will activate the prometheus deluge exporter.";
|
||||
type = lib.types.nullOr (
|
||||
lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
owner = "deluge";
|
||||
restartUnits = [
|
||||
"deluged.service"
|
||||
|
|
@ -273,7 +273,7 @@ in
|
|||
'';
|
||||
default = { };
|
||||
type = lib.types.submodule {
|
||||
options = contracts.backup.mkRequester {
|
||||
options = shb.contracts.backup.mkRequester {
|
||||
user = "deluge";
|
||||
sourceDirectories = [
|
||||
cfg.dataDir
|
||||
|
|
@ -361,7 +361,7 @@ in
|
|||
};
|
||||
|
||||
systemd.services.deluged.preStart = lib.mkBefore (
|
||||
lib.shb.replaceSecrets {
|
||||
shb.replaceSecrets {
|
||||
userConfig =
|
||||
cfg.extraUsers
|
||||
// {
|
||||
|
|
|
|||
|
|
@ -3,14 +3,13 @@
|
|||
options,
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.shb.forgejo;
|
||||
|
||||
contracts = pkgs.callPackage ../contracts { };
|
||||
|
||||
inherit (lib)
|
||||
all
|
||||
attrNames
|
||||
|
|
@ -87,7 +86,7 @@ in
|
|||
|
||||
ssl = mkOption {
|
||||
description = "Path to SSL files";
|
||||
type = nullOr contracts.ssl.certs;
|
||||
type = nullOr shb.contracts.ssl.certs;
|
||||
default = null;
|
||||
};
|
||||
|
||||
|
|
@ -137,7 +136,7 @@ in
|
|||
adminPassword = mkOption {
|
||||
description = "LDAP admin password.";
|
||||
type = submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0440";
|
||||
owner = "forgejo";
|
||||
group = "forgejo";
|
||||
|
|
@ -210,7 +209,7 @@ in
|
|||
sharedSecret = mkOption {
|
||||
description = "OIDC shared secret for Forgejo.";
|
||||
type = submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0440";
|
||||
owner = "forgejo";
|
||||
group = "forgejo";
|
||||
|
|
@ -222,7 +221,7 @@ in
|
|||
sharedSecretForAuthelia = mkOption {
|
||||
description = "OIDC shared secret for Authelia.";
|
||||
type = submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
owner = "authelia";
|
||||
};
|
||||
|
|
@ -254,7 +253,7 @@ in
|
|||
password = mkOption {
|
||||
description = "Forgejo admin user password.";
|
||||
type = submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0440";
|
||||
owner = "forgejo";
|
||||
group = "forgejo";
|
||||
|
|
@ -269,7 +268,7 @@ in
|
|||
databasePassword = mkOption {
|
||||
description = "File containing the Forgejo database password.";
|
||||
type = submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0440";
|
||||
owner = "forgejo";
|
||||
group = "forgejo";
|
||||
|
|
@ -329,7 +328,7 @@ in
|
|||
'';
|
||||
default = { };
|
||||
type = lib.types.submodule {
|
||||
options = contracts.backup.mkRequester {
|
||||
options = shb.contracts.backup.mkRequester {
|
||||
user = options.services.forgejo.user.value;
|
||||
sourceDirectories = [
|
||||
options.services.forgejo.dump.backupDir.value
|
||||
|
|
@ -342,7 +341,7 @@ in
|
|||
};
|
||||
|
||||
mount = mkOption {
|
||||
type = contracts.mount;
|
||||
type = shb.contracts.mount;
|
||||
description = ''
|
||||
Mount configuration. This is an output option.
|
||||
|
||||
|
|
|
|||
|
|
@ -1,15 +1,13 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.shb.grocy;
|
||||
|
||||
contracts = pkgs.callPackage ../contracts { };
|
||||
|
||||
fqdn = "${cfg.subdomain}.${cfg.domain}";
|
||||
in
|
||||
{
|
||||
|
|
@ -68,7 +66,7 @@ in
|
|||
|
||||
ssl = lib.mkOption {
|
||||
description = "Path to SSL files";
|
||||
type = lib.types.nullOr contracts.ssl.certs;
|
||||
type = lib.types.nullOr shb.contracts.ssl.certs;
|
||||
default = null;
|
||||
};
|
||||
|
||||
|
|
@ -90,7 +88,7 @@ in
|
|||
'';
|
||||
readOnly = true;
|
||||
type = lib.types.submodule {
|
||||
options = contracts.backup.mkRequester {
|
||||
options = shb.contracts.backup.mkRequester {
|
||||
user = "grocy";
|
||||
sourceDirectories = [
|
||||
cfg.dataDir
|
||||
|
|
|
|||
|
|
@ -1,15 +1,13 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.shb.hledger;
|
||||
|
||||
contracts = pkgs.callPackage ../contracts { };
|
||||
|
||||
fqdn = "${cfg.subdomain}.${cfg.domain}";
|
||||
in
|
||||
{
|
||||
|
|
@ -40,7 +38,7 @@ in
|
|||
|
||||
ssl = lib.mkOption {
|
||||
description = "Path to SSL files";
|
||||
type = lib.types.nullOr contracts.ssl.certs;
|
||||
type = lib.types.nullOr shb.contracts.ssl.certs;
|
||||
default = null;
|
||||
};
|
||||
|
||||
|
|
@ -70,7 +68,7 @@ in
|
|||
'';
|
||||
default = { };
|
||||
type = lib.types.submodule {
|
||||
options = contracts.backup.mkRequester {
|
||||
options = shb.contracts.backup.mkRequester {
|
||||
user = "hledger";
|
||||
sourceDirectories = [
|
||||
cfg.dataDir
|
||||
|
|
|
|||
|
|
@ -2,14 +2,13 @@
|
|||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.shb.home-assistant;
|
||||
|
||||
contracts = pkgs.callPackage ../contracts { };
|
||||
|
||||
fqdn = "${cfg.subdomain}.${cfg.domain}";
|
||||
|
||||
ldap_auth_script_repo = pkgs.fetchFromGitHub {
|
||||
|
|
@ -32,6 +31,10 @@ let
|
|||
configWithSecretsIncludes = nonSecrets // (lib.attrsets.mapAttrs (k: v: "!secret ${k}") secrets);
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
../../lib/module.nix
|
||||
];
|
||||
|
||||
options.shb.home-assistant = {
|
||||
enable = lib.mkEnableOption "selfhostblocks.home-assistant";
|
||||
|
||||
|
|
@ -49,7 +52,7 @@ in
|
|||
|
||||
ssl = lib.mkOption {
|
||||
description = "Path to SSL files";
|
||||
type = lib.types.nullOr contracts.ssl.certs;
|
||||
type = lib.types.nullOr shb.contracts.ssl.certs;
|
||||
default = null;
|
||||
};
|
||||
|
||||
|
|
@ -61,35 +64,35 @@ in
|
|||
name = lib.mkOption {
|
||||
type = lib.types.oneOf [
|
||||
lib.types.str
|
||||
lib.shb.secretFileType
|
||||
shb.secretFileType
|
||||
];
|
||||
description = "Name of the Home Assistant instance.";
|
||||
};
|
||||
country = lib.mkOption {
|
||||
type = lib.types.oneOf [
|
||||
lib.types.str
|
||||
lib.shb.secretFileType
|
||||
shb.secretFileType
|
||||
];
|
||||
description = "Two letter country code where this instance is located.";
|
||||
};
|
||||
latitude = lib.mkOption {
|
||||
type = lib.types.oneOf [
|
||||
lib.types.str
|
||||
lib.shb.secretFileType
|
||||
shb.secretFileType
|
||||
];
|
||||
description = "Latitude where this instance is located.";
|
||||
};
|
||||
longitude = lib.mkOption {
|
||||
type = lib.types.oneOf [
|
||||
lib.types.str
|
||||
lib.shb.secretFileType
|
||||
shb.secretFileType
|
||||
];
|
||||
description = "Longitude where this instance is located.";
|
||||
};
|
||||
time_zone = lib.mkOption {
|
||||
type = lib.types.oneOf [
|
||||
lib.types.str
|
||||
lib.shb.secretFileType
|
||||
shb.secretFileType
|
||||
];
|
||||
description = "Timezone of this instance.";
|
||||
example = "America/Los_Angeles";
|
||||
|
|
@ -206,7 +209,7 @@ in
|
|||
'';
|
||||
default = { };
|
||||
type = lib.types.submodule {
|
||||
options = contracts.backup.mkRequester {
|
||||
options = shb.contracts.backup.mkRequester {
|
||||
user = "hass";
|
||||
# No need for backup hooks as we use an hourly automation job in home assistant directly with a cron job.
|
||||
sourceDirectories = [
|
||||
|
|
@ -383,10 +386,10 @@ in
|
|||
fi
|
||||
''
|
||||
)
|
||||
+ (lib.shb.replaceSecrets {
|
||||
+ (shb.replaceSecrets {
|
||||
userConfig = cfg.config;
|
||||
resultPath = "${config.services.home-assistant.configDir}/secrets.yaml";
|
||||
generator = lib.shb.replaceSecretsGeneratorAdapter (lib.generators.toYAML { });
|
||||
generator = shb.replaceSecretsGeneratorAdapter (lib.generators.toYAML { });
|
||||
});
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
|
|
|
|||
|
|
@ -2,14 +2,13 @@
|
|||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.shb.immich;
|
||||
|
||||
contracts = pkgs.callPackage ../contracts { };
|
||||
|
||||
fqdn = "${cfg.subdomain}.${cfg.domain}";
|
||||
protocol = if !(isNull cfg.ssl) then "https" else "http";
|
||||
|
||||
|
|
@ -76,10 +75,10 @@ let
|
|||
|
||||
# Use SHB's replaceSecrets function for loading secrets at runtime
|
||||
configSetupScript = lib.optionalString (cfg.sso.enable || cfg.smtp != null) (
|
||||
lib.shb.replaceSecrets {
|
||||
shb.replaceSecrets {
|
||||
userConfig = shbManagedSettings;
|
||||
resultPath = configFile;
|
||||
generator = lib.shb.replaceSecretsFormatAdapter (pkgs.formats.json { });
|
||||
generator = shb.replaceSecretsFormatAdapter (pkgs.formats.json { });
|
||||
user = "immich";
|
||||
permissions = "u=r,g=,o=";
|
||||
}
|
||||
|
|
@ -106,6 +105,7 @@ let
|
|||
in
|
||||
{
|
||||
imports = [
|
||||
../../lib/module.nix
|
||||
../blocks/nginx.nix
|
||||
];
|
||||
|
||||
|
|
@ -146,7 +146,7 @@ in
|
|||
|
||||
ssl = mkOption {
|
||||
description = "Path to SSL files";
|
||||
type = nullOr contracts.ssl.certs;
|
||||
type = nullOr shb.contracts.ssl.certs;
|
||||
default = null;
|
||||
};
|
||||
|
||||
|
|
@ -162,7 +162,7 @@ in
|
|||
This is required for secure session management.
|
||||
'';
|
||||
type = nullOr (submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
owner = "immich";
|
||||
restartUnits = [ "immich-server.service" ];
|
||||
|
|
@ -172,7 +172,7 @@ in
|
|||
};
|
||||
|
||||
mount = mkOption {
|
||||
type = contracts.mount;
|
||||
type = shb.contracts.mount;
|
||||
description = ''
|
||||
Mount configuration. This is an output option.
|
||||
|
||||
|
|
@ -197,7 +197,7 @@ in
|
|||
'';
|
||||
default = { };
|
||||
type = submodule {
|
||||
options = contracts.backup.mkRequester {
|
||||
options = shb.contracts.backup.mkRequester {
|
||||
user = "immich";
|
||||
sourceDirectories = [
|
||||
dataFolder
|
||||
|
|
@ -328,7 +328,7 @@ in
|
|||
sharedSecret = mkOption {
|
||||
description = "OIDC shared secret for Immich.";
|
||||
type = submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
owner = "immich";
|
||||
group = "immich";
|
||||
|
|
@ -340,7 +340,7 @@ in
|
|||
sharedSecretForAuthelia = mkOption {
|
||||
description = "OIDC shared secret for Authelia. Content must be the same as `sharedSecret` option.";
|
||||
type = submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
owner = "authelia";
|
||||
};
|
||||
|
|
@ -420,7 +420,7 @@ in
|
|||
password = mkOption {
|
||||
description = "File containing the password to connect to the SMTP host.";
|
||||
type = submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
owner = "immich";
|
||||
restartUnits = [ "immich-server.service" ];
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
|
||||
|
|
@ -10,8 +11,6 @@ let
|
|||
|
||||
cfg = config.shb.jellyfin;
|
||||
|
||||
contracts = pkgs.callPackage ../contracts { };
|
||||
|
||||
fqdn = "${cfg.subdomain}.${cfg.domain}";
|
||||
|
||||
jellyfin-cli = pkgs.buildDotnetModule rec {
|
||||
|
|
@ -83,7 +82,7 @@ in
|
|||
|
||||
ssl = lib.mkOption {
|
||||
description = "Path to SSL files";
|
||||
type = types.nullOr contracts.ssl.certs;
|
||||
type = types.nullOr shb.contracts.ssl.certs;
|
||||
default = null;
|
||||
};
|
||||
|
||||
|
|
@ -107,7 +106,7 @@ in
|
|||
password = lib.mkOption {
|
||||
description = "Password of the default admin user.";
|
||||
type = types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0440";
|
||||
owner = "jellyfin";
|
||||
group = "jellyfin";
|
||||
|
|
@ -160,7 +159,7 @@ in
|
|||
adminPassword = lib.mkOption {
|
||||
description = "LDAP admin password.";
|
||||
type = types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0440";
|
||||
owner = "jellyfin";
|
||||
group = "jellyfin";
|
||||
|
|
@ -221,7 +220,7 @@ in
|
|||
sharedSecret = lib.mkOption {
|
||||
description = "OIDC shared secret for Jellyfin.";
|
||||
type = types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0440";
|
||||
owner = "jellyfin";
|
||||
group = "jellyfin";
|
||||
|
|
@ -233,7 +232,7 @@ in
|
|||
sharedSecretForAuthelia = lib.mkOption {
|
||||
description = "OIDC shared secret for Authelia.";
|
||||
type = types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
ownerText = "config.shb.authelia.autheliaUser";
|
||||
owner = config.shb.authelia.autheliaUser;
|
||||
|
|
@ -250,7 +249,7 @@ in
|
|||
'';
|
||||
default = { };
|
||||
type = types.submodule {
|
||||
options = contracts.backup.mkRequester {
|
||||
options = shb.contracts.backup.mkRequester {
|
||||
user = "jellyfin";
|
||||
sourceDirectories = [
|
||||
config.services.jellyfin.dataDir
|
||||
|
|
@ -265,6 +264,8 @@ in
|
|||
};
|
||||
|
||||
imports = [
|
||||
../../lib/module.nix
|
||||
|
||||
(lib.mkRenamedOptionModule
|
||||
[ "shb" "jellyfin" "adminPassword" ]
|
||||
[ "shb" "jellyfin" "admin" "password" ]
|
||||
|
|
@ -586,7 +587,7 @@ in
|
|||
fi
|
||||
ln -fs "${debugLogging}" "${config.services.jellyfin.configDir}/logging.json"
|
||||
''
|
||||
+ (lib.shb.replaceSecretsScript {
|
||||
+ (shb.replaceSecretsScript {
|
||||
file = networkConfig;
|
||||
# Write permissions are needed otherwise the jellyfin-cli tool will not work correctly.
|
||||
permissions = "u=rw,g=rw,o=";
|
||||
|
|
@ -595,7 +596,7 @@ in
|
|||
];
|
||||
})
|
||||
+ lib.strings.optionalString cfg.ldap.enable (
|
||||
lib.shb.replaceSecretsScript {
|
||||
shb.replaceSecretsScript {
|
||||
file = ldapConfig;
|
||||
resultPath = "${config.services.jellyfin.dataDir}/plugins/configurations/LDAP-Auth.xml";
|
||||
replacements = [
|
||||
|
|
@ -607,7 +608,7 @@ in
|
|||
}
|
||||
)
|
||||
+ lib.strings.optionalString cfg.sso.enable (
|
||||
lib.shb.replaceSecretsScript {
|
||||
shb.replaceSecretsScript {
|
||||
file = ssoConfig;
|
||||
resultPath = "${config.services.jellyfin.dataDir}/plugins/configurations/SSO-Auth.xml";
|
||||
replacements = [
|
||||
|
|
@ -619,7 +620,7 @@ in
|
|||
}
|
||||
)
|
||||
+ lib.strings.optionalString cfg.sso.enable (
|
||||
lib.shb.replaceSecretsScript {
|
||||
shb.replaceSecretsScript {
|
||||
file = brandingConfig;
|
||||
resultPath = "${config.services.jellyfin.dataDir}/config/branding.xml";
|
||||
replacements = [
|
||||
|
|
|
|||
|
|
@ -1,16 +1,15 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.shb.karakeep;
|
||||
|
||||
contracts = pkgs.callPackage ../contracts { };
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
../../lib/module.nix
|
||||
../blocks/nginx.nix
|
||||
];
|
||||
|
||||
|
|
@ -31,7 +30,7 @@ in
|
|||
|
||||
ssl = lib.mkOption {
|
||||
description = "Path to SSL files";
|
||||
type = lib.types.nullOr contracts.ssl.certs;
|
||||
type = lib.types.nullOr shb.contracts.ssl.certs;
|
||||
default = null;
|
||||
};
|
||||
|
||||
|
|
@ -106,7 +105,7 @@ in
|
|||
sharedSecret = lib.mkOption {
|
||||
description = "OIDC shared secret for Karakeep.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
owner = "karakeep";
|
||||
# These services are the ones relying on the environment file containing the secrets.
|
||||
restartUnits = [
|
||||
|
|
@ -121,7 +120,7 @@ in
|
|||
sharedSecretForAuthelia = lib.mkOption {
|
||||
description = "OIDC shared secret for Authelia. Must be the same as `sharedSecret`";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
ownerText = "config.shb.authelia.autheliaUser";
|
||||
owner = config.shb.authelia.autheliaUser;
|
||||
|
|
@ -138,7 +137,7 @@ in
|
|||
'';
|
||||
default = { };
|
||||
type = lib.types.submodule {
|
||||
options = contracts.backup.mkRequester {
|
||||
options = shb.contracts.backup.mkRequester {
|
||||
user = "karakeep";
|
||||
sourceDirectories = [
|
||||
"/var/lib/karakeep"
|
||||
|
|
@ -150,7 +149,7 @@ in
|
|||
nextauthSecret = lib.mkOption {
|
||||
description = "NextAuth secret.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
owner = "karakeep";
|
||||
# These services are the ones relying on the environment file containing the secrets.
|
||||
restartUnits = [
|
||||
|
|
@ -165,7 +164,7 @@ in
|
|||
meilisearchMasterKey = lib.mkOption {
|
||||
description = "Master key used to secure communication with Meilisearch.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
owner = "karakeep";
|
||||
# These services are the ones relying on the environment file containing the secrets.
|
||||
restartUnits = [
|
||||
|
|
@ -204,7 +203,7 @@ in
|
|||
# instead of using the value from the cfg.meilisearchMasterKey option.
|
||||
systemd.services.karakeep-init = {
|
||||
script = lib.mkForce (
|
||||
(lib.shb.replaceSecrets {
|
||||
(shb.replaceSecrets {
|
||||
userConfig = {
|
||||
MEILI_MASTER_KEY.source = cfg.meilisearchMasterKey.result.path;
|
||||
NEXTAUTH_SECRET.source = cfg.nextauthSecret.result.path;
|
||||
|
|
@ -213,7 +212,7 @@ in
|
|||
OAUTH_CLIENT_SECRET.source = cfg.sso.sharedSecret.result.path;
|
||||
};
|
||||
resultPath = "/var/lib/karakeep/settings.env";
|
||||
generator = lib.shb.toEnvVar;
|
||||
generator = shb.toEnvVar;
|
||||
})
|
||||
+ ''
|
||||
export DATA_DIR="$STATE_DIRECTORY"
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
|
||||
|
|
@ -18,8 +19,6 @@ let
|
|||
else
|
||||
"${cfg.apps.sso.endpoint}:${toString cfg.apps.sso.port}";
|
||||
|
||||
contracts = pkgs.callPackage ../contracts { };
|
||||
|
||||
nextcloudPkg = builtins.getAttr ("nextcloud" + builtins.toString cfg.version) pkgs;
|
||||
nextcloudApps =
|
||||
(builtins.getAttr ("nextcloud" + builtins.toString cfg.version + "Packages") pkgs).apps;
|
||||
|
|
@ -27,6 +26,10 @@ let
|
|||
occ = "${config.services.nextcloud.occ}/bin/nextcloud-occ";
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
../../lib/module.nix
|
||||
];
|
||||
|
||||
options.shb.nextcloud = {
|
||||
enable = lib.mkEnableOption "selfhostblocks.nextcloud-server";
|
||||
|
||||
|
|
@ -68,7 +71,7 @@ in
|
|||
|
||||
ssl = lib.mkOption {
|
||||
description = "Path to SSL files";
|
||||
type = lib.types.nullOr contracts.ssl.certs;
|
||||
type = lib.types.nullOr shb.contracts.ssl.certs;
|
||||
default = null;
|
||||
};
|
||||
|
||||
|
|
@ -110,7 +113,7 @@ in
|
|||
adminPass = lib.mkOption {
|
||||
description = "Nextcloud admin password.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
owner = "nextcloud";
|
||||
restartUnits = [ "phpfpm-nextcloud.service" ];
|
||||
|
|
@ -251,7 +254,7 @@ in
|
|||
|
||||
ssl = lib.mkOption {
|
||||
description = "Path to SSL files";
|
||||
type = lib.types.nullOr contracts.ssl.certs;
|
||||
type = lib.types.nullOr shb.contracts.ssl.certs;
|
||||
default = null;
|
||||
};
|
||||
|
||||
|
|
@ -424,7 +427,7 @@ in
|
|||
adminPassword = lib.mkOption {
|
||||
description = "LDAP server admin password.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
owner = "nextcloud";
|
||||
restartUnits = [ "phpfpm-nextcloud.service" ];
|
||||
|
|
@ -505,7 +508,7 @@ in
|
|||
secret = lib.mkOption {
|
||||
description = "OIDC shared secret.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
owner = "nextcloud";
|
||||
restartUnits = [ "phpfpm-nextcloud.service" ];
|
||||
|
|
@ -516,7 +519,7 @@ in
|
|||
secretForAuthelia = lib.mkOption {
|
||||
description = "OIDC shared secret. Content must be the same as `secretFile` option.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
owner = "authelia";
|
||||
};
|
||||
|
|
@ -625,7 +628,7 @@ in
|
|||
'';
|
||||
default = { };
|
||||
type = lib.types.submodule {
|
||||
options = contracts.backup.mkRequester {
|
||||
options = shb.contracts.backup.mkRequester {
|
||||
user = "nextcloud";
|
||||
sourceDirectories = [
|
||||
cfg.dataDir
|
||||
|
|
|
|||
|
|
@ -2,13 +2,12 @@
|
|||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.shb.open-webui;
|
||||
|
||||
contracts = pkgs.callPackage ../contracts { };
|
||||
|
||||
roleClaim = "openwebui_groups";
|
||||
oauthScopes = [
|
||||
"openid"
|
||||
|
|
@ -20,6 +19,7 @@ let
|
|||
in
|
||||
{
|
||||
imports = [
|
||||
../../lib/module.nix
|
||||
../blocks/nginx.nix
|
||||
];
|
||||
|
||||
|
|
@ -40,7 +40,7 @@ in
|
|||
|
||||
ssl = lib.mkOption {
|
||||
description = "Path to SSL files";
|
||||
type = lib.types.nullOr contracts.ssl.certs;
|
||||
type = lib.types.nullOr shb.contracts.ssl.certs;
|
||||
default = null;
|
||||
};
|
||||
|
||||
|
|
@ -124,7 +124,7 @@ in
|
|||
sharedSecret = lib.mkOption {
|
||||
description = "OIDC shared secret for Open-WebUI.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
owner = "open-webui";
|
||||
restartUnits = [ "open-webui.service" ];
|
||||
};
|
||||
|
|
@ -134,7 +134,7 @@ in
|
|||
sharedSecretForAuthelia = lib.mkOption {
|
||||
description = "OIDC shared secret for Authelia. Must be the same as `sharedSecret`";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
ownerText = "config.shb.authelia.autheliaUser";
|
||||
owner = config.shb.authelia.autheliaUser;
|
||||
|
|
@ -151,7 +151,7 @@ in
|
|||
'';
|
||||
default = { };
|
||||
type = lib.types.submodule {
|
||||
options = contracts.backup.mkRequester {
|
||||
options = shb.contracts.backup.mkRequester {
|
||||
user = "open-webui";
|
||||
sourceDirectories = [
|
||||
config.services.open-webui.stateDir
|
||||
|
|
@ -270,12 +270,12 @@ in
|
|||
"d '/run/open-webui' 0750 root root - -"
|
||||
];
|
||||
systemd.services.open-webui-pre = {
|
||||
script = lib.shb.replaceSecrets {
|
||||
script = shb.replaceSecrets {
|
||||
userConfig = {
|
||||
OAUTH_CLIENT_SECRET.source = cfg.sso.sharedSecret.result.path;
|
||||
};
|
||||
resultPath = "/run/open-webui/secrets.env";
|
||||
generator = lib.shb.toEnvVar;
|
||||
generator = shb.toEnvVar;
|
||||
};
|
||||
serviceConfig.Type = "oneshot";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
|
|
|||
|
|
@ -2,12 +2,12 @@
|
|||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.shb.paperless;
|
||||
contracts = pkgs.callPackage ../contracts { };
|
||||
dataFolder = cfg.dataDir;
|
||||
fqdn = "${cfg.subdomain}.${cfg.domain}";
|
||||
protocol = if !(isNull cfg.ssl) then "https" else "http";
|
||||
|
|
@ -48,7 +48,7 @@ let
|
|||
source = cfg.sso.sharedSecret.result.path;
|
||||
}
|
||||
];
|
||||
replaceSecretsScript = lib.shb.replaceSecretsScript {
|
||||
replaceSecretsScript = shb.replaceSecretsScript {
|
||||
file = ssoClientSettingsFile;
|
||||
resultPath = "/run/paperless/paperless-sso-client.env";
|
||||
inherit replacements;
|
||||
|
|
@ -77,6 +77,7 @@ let
|
|||
in
|
||||
{
|
||||
imports = [
|
||||
../../lib/module.nix
|
||||
../blocks/nginx.nix
|
||||
];
|
||||
|
||||
|
|
@ -117,7 +118,7 @@ in
|
|||
|
||||
ssl = mkOption {
|
||||
description = "Path to SSL files";
|
||||
type = nullOr contracts.ssl.certs;
|
||||
type = nullOr shb.contracts.ssl.certs;
|
||||
default = null;
|
||||
};
|
||||
|
||||
|
|
@ -152,7 +153,7 @@ in
|
|||
adminPassword = mkOption {
|
||||
description = "Secret containing the superuser (admin) password.";
|
||||
type = submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
owner = "paperless";
|
||||
group = "paperless";
|
||||
|
|
@ -208,7 +209,7 @@ in
|
|||
};
|
||||
|
||||
mount = mkOption {
|
||||
type = contracts.mount;
|
||||
type = shb.contracts.mount;
|
||||
description = ''
|
||||
Mount configuration. This is an output option.
|
||||
|
||||
|
|
@ -233,7 +234,7 @@ in
|
|||
'';
|
||||
default = { };
|
||||
type = submodule {
|
||||
options = contracts.backup.mkRequester {
|
||||
options = shb.contracts.backup.mkRequester {
|
||||
user = "paperless";
|
||||
sourceDirectories = [
|
||||
dataFolder
|
||||
|
|
@ -314,7 +315,7 @@ in
|
|||
sharedSecret = mkOption {
|
||||
description = "OIDC shared secret for paperless.";
|
||||
type = submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
owner = "paperless";
|
||||
group = "paperless";
|
||||
|
|
@ -326,7 +327,7 @@ in
|
|||
sharedSecretForAuthelia = mkOption {
|
||||
description = "OIDC shared secret for Authelia. Content must be the same as `sharedSecret` option.";
|
||||
type = submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
owner = "authelia";
|
||||
};
|
||||
|
|
|
|||
|
|
@ -2,17 +2,17 @@
|
|||
config,
|
||||
lib,
|
||||
pkgs,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
let
|
||||
cfg = config.shb.pinchflat;
|
||||
|
||||
inherit (lib) types;
|
||||
|
||||
contracts = pkgs.callPackage ../contracts { };
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
../../lib/module.nix
|
||||
../blocks/nginx.nix
|
||||
];
|
||||
|
||||
|
|
@ -33,7 +33,7 @@ in
|
|||
|
||||
ssl = lib.mkOption {
|
||||
description = "Path to SSL files";
|
||||
type = lib.types.nullOr contracts.ssl.certs;
|
||||
type = lib.types.nullOr shb.contracts.ssl.certs;
|
||||
default = null;
|
||||
};
|
||||
|
||||
|
|
@ -50,7 +50,7 @@ in
|
|||
Make sure the secret is at least 64 characters long.
|
||||
'';
|
||||
type = types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
restartUnits = [ "pinchflat.service" ];
|
||||
};
|
||||
};
|
||||
|
|
@ -64,7 +64,7 @@ in
|
|||
timeZone = lib.mkOption {
|
||||
type = lib.types.oneOf [
|
||||
lib.types.str
|
||||
lib.shb.secretFileType
|
||||
shb.secretFileType
|
||||
];
|
||||
description = "Timezone of this instance.";
|
||||
example = "America/Los_Angeles";
|
||||
|
|
@ -123,7 +123,7 @@ in
|
|||
'';
|
||||
default = { };
|
||||
type = lib.types.submodule {
|
||||
options = contracts.backup.mkRequester {
|
||||
options = shb.contracts.backup.mkRequester {
|
||||
user = "pinchflat";
|
||||
sourceDirectories = [
|
||||
cfg.mediaDir
|
||||
|
|
@ -158,13 +158,13 @@ in
|
|||
};
|
||||
|
||||
systemd.services.pinchflat-pre = {
|
||||
script = lib.shb.replaceSecrets {
|
||||
script = shb.replaceSecrets {
|
||||
userConfig = {
|
||||
SECRET_KEY_BASE.source = cfg.secretKeyBase.result.path;
|
||||
# TZ = cfg.secretKeyBase.result.path; # Uncomment when PR is merged.
|
||||
};
|
||||
resultPath = "/run/pinchflat/secrets.env";
|
||||
generator = lib.shb.toEnvVar;
|
||||
generator = shb.toEnvVar;
|
||||
};
|
||||
serviceConfig.Type = "oneshot";
|
||||
wantedBy = [ "multi-user.target" ];
|
||||
|
|
|
|||
|
|
@ -1,15 +1,13 @@
|
|||
{
|
||||
config,
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
|
||||
let
|
||||
cfg = config.shb.vaultwarden;
|
||||
|
||||
contracts = pkgs.callPackage ../contracts { };
|
||||
|
||||
fqdn = "${cfg.subdomain}.${cfg.domain}";
|
||||
|
||||
dataFolder =
|
||||
|
|
@ -20,6 +18,7 @@ let
|
|||
in
|
||||
{
|
||||
imports = [
|
||||
../../lib/module.nix
|
||||
../blocks/nginx.nix
|
||||
];
|
||||
|
||||
|
|
@ -40,7 +39,7 @@ in
|
|||
|
||||
ssl = lib.mkOption {
|
||||
description = "Path to SSL files";
|
||||
type = lib.types.nullOr contracts.ssl.certs;
|
||||
type = lib.types.nullOr shb.contracts.ssl.certs;
|
||||
default = null;
|
||||
};
|
||||
|
||||
|
|
@ -60,7 +59,7 @@ in
|
|||
databasePassword = lib.mkOption {
|
||||
description = "File containing the Vaultwarden database password.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0440";
|
||||
owner = "vaultwarden";
|
||||
group = "postgres";
|
||||
|
|
@ -118,7 +117,7 @@ in
|
|||
password = lib.mkOption {
|
||||
description = "File containing the password to connect to the SMTP host.";
|
||||
type = lib.types.submodule {
|
||||
options = contracts.secret.mkRequester {
|
||||
options = shb.contracts.secret.mkRequester {
|
||||
mode = "0400";
|
||||
owner = "vaultwarden";
|
||||
restartUnits = [ "vaultwarden.service" ];
|
||||
|
|
@ -131,7 +130,7 @@ in
|
|||
};
|
||||
|
||||
mount = lib.mkOption {
|
||||
type = contracts.mount;
|
||||
type = shb.contracts.mount;
|
||||
description = ''
|
||||
Mount configuration. This is an output option.
|
||||
|
||||
|
|
@ -156,7 +155,7 @@ in
|
|||
'';
|
||||
default = { };
|
||||
type = lib.types.submodule {
|
||||
options = contracts.backup.mkRequester {
|
||||
options = shb.contracts.backup.mkRequester {
|
||||
user = "vaultwarden";
|
||||
sourceDirectories = [
|
||||
dataFolder
|
||||
|
|
@ -210,7 +209,7 @@ in
|
|||
];
|
||||
# Needed to be able to write template config.
|
||||
systemd.services.vaultwarden.serviceConfig.ProtectHome = lib.mkForce false;
|
||||
systemd.services.vaultwarden.preStart = lib.shb.replaceSecrets {
|
||||
systemd.services.vaultwarden.preStart = shb.replaceSecrets {
|
||||
userConfig = {
|
||||
DATABASE_URL.source = cfg.databasePassword.result.path;
|
||||
DATABASE_URL.transform = v: "postgresql://vaultwarden:${v}@127.0.0.1:5432/vaultwarden";
|
||||
|
|
@ -219,7 +218,7 @@ in
|
|||
SMTP_PASSWORD.source = cfg.smtp.password.result.path;
|
||||
};
|
||||
resultPath = "${dataFolder}/vaultwarden.env";
|
||||
generator = lib.shb.toEnvVar;
|
||||
generator = shb.toEnvVar;
|
||||
};
|
||||
|
||||
shb.nginx.vhosts = [
|
||||
|
|
|
|||
|
|
@ -1,11 +1,11 @@
|
|||
{ pkgs, lib, ... }:
|
||||
{ pkgs, shb, ... }:
|
||||
let
|
||||
pkgs' = pkgs;
|
||||
|
||||
ldapAdminPassword = "ldapAdminPassword";
|
||||
in
|
||||
{
|
||||
basic = lib.shb.runNixOSTest {
|
||||
basic = shb.test.runNixOSTest {
|
||||
name = "authelia-basic";
|
||||
|
||||
nodes.machine =
|
||||
|
|
|
|||
|
|
@ -1,15 +1,15 @@
|
|||
{ lib, ... }:
|
||||
{ shb, ... }:
|
||||
let
|
||||
commonTest =
|
||||
user:
|
||||
lib.shb.runNixOSTest {
|
||||
shb.test.runNixOSTest {
|
||||
name = "borgbackup_backupAndRestore_${user}";
|
||||
|
||||
nodes.machine =
|
||||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseImports
|
||||
shb.test.baseImports
|
||||
|
||||
../../modules/blocks/hardcodedsecret.nix
|
||||
../../modules/blocks/borgbackup.nix
|
||||
|
|
|
|||
|
|
@ -1,4 +1,9 @@
|
|||
{ pkgs, lib, ... }:
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
let
|
||||
pkgs' = pkgs;
|
||||
in
|
||||
|
|
@ -22,39 +27,39 @@ in
|
|||
d.d = "not secret D";
|
||||
};
|
||||
|
||||
configWithTemplates = lib.shb.withReplacements userConfig;
|
||||
configWithTemplates = shb.withReplacements userConfig;
|
||||
|
||||
nonSecretConfigFile = pkgs.writeText "config.yaml.template" (
|
||||
lib.generators.toJSON { } configWithTemplates
|
||||
);
|
||||
|
||||
replacements = lib.shb.getReplacements userConfig;
|
||||
replacements = shb.getReplacements userConfig;
|
||||
|
||||
replaceInTemplate = lib.shb.replaceSecretsScript {
|
||||
replaceInTemplate = shb.replaceSecretsScript {
|
||||
file = nonSecretConfigFile;
|
||||
resultPath = "/var/lib/config.yaml";
|
||||
inherit replacements;
|
||||
};
|
||||
|
||||
replaceInTemplateJSON = lib.shb.replaceSecrets {
|
||||
replaceInTemplateJSON = shb.replaceSecrets {
|
||||
inherit userConfig;
|
||||
resultPath = "/var/lib/config.json";
|
||||
generator = lib.shb.replaceSecretsFormatAdapter (pkgs.formats.json { });
|
||||
generator = shb.replaceSecretsFormatAdapter (pkgs.formats.json { });
|
||||
};
|
||||
|
||||
replaceInTemplateJSONGen = lib.shb.replaceSecrets {
|
||||
replaceInTemplateJSONGen = shb.replaceSecrets {
|
||||
inherit userConfig;
|
||||
resultPath = "/var/lib/config_gen.json";
|
||||
generator = lib.shb.replaceSecretsGeneratorAdapter (lib.generators.toJSON { });
|
||||
generator = shb.replaceSecretsGeneratorAdapter (lib.generators.toJSON { });
|
||||
};
|
||||
|
||||
replaceInTemplateXML = lib.shb.replaceSecrets {
|
||||
replaceInTemplateXML = shb.replaceSecrets {
|
||||
inherit userConfig;
|
||||
resultPath = "/var/lib/config.xml";
|
||||
generator = lib.shb.replaceSecretsFormatAdapter (lib.shb.formatXML { enclosingRoot = "Root"; });
|
||||
generator = shb.replaceSecretsFormatAdapter (shb.formatXML { enclosingRoot = "Root"; });
|
||||
};
|
||||
in
|
||||
lib.shb.runNixOSTest {
|
||||
shb.test.runNixOSTest {
|
||||
name = "lib-template";
|
||||
nodes.machine =
|
||||
{ config, pkgs, ... }:
|
||||
|
|
|
|||
|
|
@ -1,4 +1,9 @@
|
|||
{ pkgs, lib, ... }:
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
let
|
||||
pkgs' = pkgs;
|
||||
|
||||
|
|
@ -6,7 +11,7 @@ let
|
|||
charliePassword = "CharliePassword";
|
||||
in
|
||||
{
|
||||
auth = lib.shb.runNixOSTest {
|
||||
auth = shb.test.runNixOSTest {
|
||||
name = "ldap-auth";
|
||||
|
||||
nodes.server =
|
||||
|
|
|
|||
|
|
@ -1,4 +1,9 @@
|
|||
{ pkgs, lib, ... }:
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
let
|
||||
serve =
|
||||
port: text:
|
||||
|
|
@ -45,7 +50,7 @@ let
|
|||
);
|
||||
in
|
||||
{
|
||||
default = lib.shb.runNixOSTest {
|
||||
default = shb.test.runNixOSTest {
|
||||
name = "mitmdump-default";
|
||||
|
||||
nodes.machine =
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
{ lib, ... }:
|
||||
{ lib, shb, ... }:
|
||||
let
|
||||
password = "securepw";
|
||||
oidcSecret = "oidcSecret";
|
||||
|
||||
commonTestScript = lib.shb.accessScript {
|
||||
commonTestScript = shb.test.accessScript {
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.monitoring.ssl);
|
||||
waitForServices =
|
||||
{ ... }:
|
||||
|
|
@ -21,7 +21,7 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
shb.test.baseModule
|
||||
../../modules/blocks/monitoring.nix
|
||||
];
|
||||
|
||||
|
|
@ -71,8 +71,8 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
lib.shb.clientLoginModule
|
||||
shb.test.baseModule
|
||||
shb.test.clientLoginModule
|
||||
];
|
||||
test = {
|
||||
subdomain = "g";
|
||||
|
|
@ -161,7 +161,7 @@ let
|
|||
};
|
||||
in
|
||||
{
|
||||
basic = lib.shb.runNixOSTest {
|
||||
basic = shb.test.runNixOSTest {
|
||||
name = "monitoring_basic";
|
||||
|
||||
nodes.server = {
|
||||
|
|
@ -175,13 +175,13 @@ in
|
|||
testScript = commonTestScript;
|
||||
};
|
||||
|
||||
https = lib.shb.runNixOSTest {
|
||||
https = shb.test.runNixOSTest {
|
||||
name = "monitoring_https";
|
||||
|
||||
nodes.server = {
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
];
|
||||
};
|
||||
|
|
@ -191,7 +191,7 @@ in
|
|||
testScript = commonTestScript;
|
||||
};
|
||||
|
||||
sso = lib.shb.runNixOSTest {
|
||||
sso = shb.test.runNixOSTest {
|
||||
name = "monitoring_sso";
|
||||
|
||||
nodes.client = {
|
||||
|
|
@ -206,11 +206,11 @@ in
|
|||
{
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
lib.shb.ldap
|
||||
shb.test.ldap
|
||||
ldap
|
||||
(lib.shb.sso config.shb.certs.certs.selfsigned.n)
|
||||
(shb.test.sso config.shb.certs.certs.selfsigned.n)
|
||||
sso
|
||||
];
|
||||
|
||||
|
|
|
|||
|
|
@ -1,9 +1,14 @@
|
|||
{ pkgs, lib, ... }:
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
let
|
||||
pkgs' = pkgs;
|
||||
in
|
||||
{
|
||||
peerWithoutUser = lib.shb.runNixOSTest {
|
||||
peerWithoutUser = shb.test.runNixOSTest {
|
||||
name = "postgresql-peerWithoutUser";
|
||||
|
||||
nodes.machine =
|
||||
|
|
@ -44,7 +49,7 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
peerAuth = lib.shb.runNixOSTest {
|
||||
peerAuth = shb.test.runNixOSTest {
|
||||
name = "postgresql-peerAuth";
|
||||
|
||||
nodes.machine =
|
||||
|
|
@ -98,7 +103,7 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
tcpIPWithoutPasswordAuth = lib.shb.runNixOSTest {
|
||||
tcpIPWithoutPasswordAuth = shb.test.runNixOSTest {
|
||||
name = "postgresql-tcpIpWithoutPasswordAuth";
|
||||
|
||||
nodes.machine =
|
||||
|
|
@ -140,7 +145,7 @@ in
|
|||
'';
|
||||
};
|
||||
|
||||
tcpIPPasswordAuth = lib.shb.runNixOSTest {
|
||||
tcpIPPasswordAuth = shb.test.runNixOSTest {
|
||||
name = "postgresql-tcpIPPasswordAuth";
|
||||
|
||||
nodes.machine =
|
||||
|
|
|
|||
|
|
@ -1,15 +1,15 @@
|
|||
{ lib, ... }:
|
||||
{ lib, shb, ... }:
|
||||
let
|
||||
commonTest =
|
||||
user:
|
||||
lib.shb.runNixOSTest {
|
||||
shb.test.runNixOSTest {
|
||||
name = "restic_backupAndRestore_${user}";
|
||||
|
||||
nodes.machine =
|
||||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseImports
|
||||
shb.test.baseImports
|
||||
|
||||
../../modules/blocks/hardcodedsecret.nix
|
||||
../../modules/blocks/restic.nix
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
{ pkgs, lib, ... }:
|
||||
{ pkgs, shb, ... }:
|
||||
let
|
||||
pkgs' = pkgs;
|
||||
in
|
||||
{
|
||||
test = lib.shb.runNixOSTest {
|
||||
test = shb.test.runNixOSTest {
|
||||
name = "ssl-test";
|
||||
|
||||
nodes.server =
|
||||
|
|
|
|||
|
|
@ -1,9 +1,6 @@
|
|||
{ pkgs, ... }:
|
||||
let
|
||||
contracts = pkgs.callPackage ../../modules/contracts { };
|
||||
in
|
||||
{ shb, ... }:
|
||||
{
|
||||
restic_root = contracts.test.backup {
|
||||
restic_root = shb.contracts.test.backup {
|
||||
name = "restic_root";
|
||||
username = "root";
|
||||
providerRoot = [
|
||||
|
|
@ -38,7 +35,7 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
restic_nonroot = contracts.test.backup {
|
||||
restic_nonroot = shb.contracts.test.backup {
|
||||
name = "restic_nonroot";
|
||||
username = "me";
|
||||
providerRoot = [
|
||||
|
|
@ -73,7 +70,7 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
borgbackup_root = contracts.test.backup {
|
||||
borgbackup_root = shb.contracts.test.backup {
|
||||
name = "borgbackup_root";
|
||||
username = "root";
|
||||
providerRoot = [
|
||||
|
|
@ -108,7 +105,7 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
borgbackup_nonroot = contracts.test.backup {
|
||||
borgbackup_nonroot = shb.contracts.test.backup {
|
||||
name = "borgbackup_nonroot";
|
||||
username = "me";
|
||||
providerRoot = [
|
||||
|
|
|
|||
|
|
@ -1,9 +1,6 @@
|
|||
{ pkgs, ... }:
|
||||
let
|
||||
contracts = pkgs.callPackage ../../modules/contracts { };
|
||||
in
|
||||
{ shb, ... }:
|
||||
{
|
||||
restic_postgres = contracts.test.databasebackup {
|
||||
restic_postgres = shb.contracts.test.databasebackup {
|
||||
name = "restic_postgres";
|
||||
requesterRoot = [
|
||||
"shb"
|
||||
|
|
@ -49,7 +46,7 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
borgbackup_postgres = contracts.test.databasebackup {
|
||||
borgbackup_postgres = shb.contracts.test.databasebackup {
|
||||
name = "borgbackup_postgres";
|
||||
requesterRoot = [
|
||||
"shb"
|
||||
|
|
|
|||
|
|
@ -1,9 +1,6 @@
|
|||
{ pkgs, ... }:
|
||||
let
|
||||
contracts = pkgs.callPackage ../../modules/contracts { };
|
||||
in
|
||||
{ shb, ... }:
|
||||
{
|
||||
hardcoded_root_root = contracts.test.secret {
|
||||
hardcoded_root_root = shb.contracts.test.secret {
|
||||
name = "hardcoded";
|
||||
modules = [ ../../modules/blocks/hardcodedsecret.nix ];
|
||||
configRoot = [
|
||||
|
|
@ -15,7 +12,7 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
hardcoded_user_group = contracts.test.secret {
|
||||
hardcoded_user_group = shb.contracts.test.secret {
|
||||
name = "hardcoded";
|
||||
modules = [ ../../modules/blocks/hardcodedsecret.nix ];
|
||||
configRoot = [
|
||||
|
|
@ -31,7 +28,7 @@ in
|
|||
};
|
||||
|
||||
# TODO: how to do this?
|
||||
# sops = contracts.test.secret {
|
||||
# sops = shb.contracts.test.secret {
|
||||
# name = "sops";
|
||||
# configRoot = cfg: name: cfg.sops.secrets.${name};
|
||||
# createContent = content: {
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
{ lib, ... }:
|
||||
{ lib, shb, ... }:
|
||||
let
|
||||
inherit (lib) nameValuePair;
|
||||
in
|
||||
|
|
@ -34,7 +34,7 @@ in
|
|||
c.other = "other";
|
||||
};
|
||||
in
|
||||
lib.shb.withReplacements (
|
||||
shb.withReplacements (
|
||||
item
|
||||
// {
|
||||
nestedAttr = item;
|
||||
|
|
@ -70,7 +70,7 @@ in
|
|||
c.other = "other";
|
||||
};
|
||||
in
|
||||
lib.shb.withReplacements [
|
||||
shb.withReplacements [
|
||||
item
|
||||
item
|
||||
[ item ]
|
||||
|
|
@ -101,8 +101,8 @@ in
|
|||
c.other = "other";
|
||||
};
|
||||
in
|
||||
map lib.shb.genReplacement (
|
||||
lib.shb.getReplacements (
|
||||
map shb.genReplacement (
|
||||
shb.getReplacements (
|
||||
item
|
||||
// {
|
||||
nestedAttr = item;
|
||||
|
|
@ -123,7 +123,7 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
expr = lib.shb.parseXML ''
|
||||
expr = shb.parseXML ''
|
||||
<a>
|
||||
<b>1</b>
|
||||
<c><d>1</d></c>
|
||||
|
|
|
|||
|
|
@ -1,4 +1,9 @@
|
|||
{ pkgs, lib, ... }:
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
let
|
||||
healthUrl = "/health";
|
||||
loginUrl = "/UI/Login";
|
||||
|
|
@ -6,7 +11,7 @@ let
|
|||
# TODO: Test login
|
||||
commonTestScript =
|
||||
appname: cfgPathFn:
|
||||
lib.shb.mkScripts {
|
||||
shb.test.mkScripts {
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.arr.${appname}.ssl);
|
||||
waitForServices =
|
||||
{ ... }:
|
||||
|
|
@ -60,7 +65,7 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
shb.test.baseModule
|
||||
../../modules/services/arr.nix
|
||||
];
|
||||
|
||||
|
|
@ -81,8 +86,8 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
lib.shb.clientLoginModule
|
||||
shb.test.baseModule
|
||||
shb.test.clientLoginModule
|
||||
];
|
||||
|
||||
test = {
|
||||
|
|
@ -106,7 +111,7 @@ let
|
|||
|
||||
basicTest =
|
||||
appname: cfgPathFn:
|
||||
lib.shb.runNixOSTest {
|
||||
shb.test.runNixOSTest {
|
||||
name = "arr_${appname}_basic";
|
||||
|
||||
nodes.client = {
|
||||
|
|
@ -125,7 +130,7 @@ let
|
|||
|
||||
backupTest =
|
||||
appname: cfgPathFn:
|
||||
lib.shb.runNixOSTest {
|
||||
shb.test.runNixOSTest {
|
||||
name = "arr_${appname}_backup";
|
||||
|
||||
nodes.server =
|
||||
|
|
@ -133,7 +138,7 @@ let
|
|||
{
|
||||
imports = [
|
||||
(basic appname)
|
||||
(lib.shb.backup config.shb.arr.${appname}.backup)
|
||||
(shb.test.backup config.shb.arr.${appname}.backup)
|
||||
];
|
||||
};
|
||||
|
||||
|
|
@ -153,7 +158,7 @@ let
|
|||
|
||||
httpsTest =
|
||||
appname: cfgPathFn:
|
||||
lib.shb.runNixOSTest {
|
||||
shb.test.runNixOSTest {
|
||||
name = "arr_${appname}_https";
|
||||
|
||||
nodes.server =
|
||||
|
|
@ -161,7 +166,7 @@ let
|
|||
{
|
||||
imports = [
|
||||
(basic appname)
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
(https appname)
|
||||
];
|
||||
};
|
||||
|
|
@ -182,7 +187,7 @@ let
|
|||
|
||||
ssoTest =
|
||||
appname: cfgPathFn:
|
||||
lib.shb.runNixOSTest {
|
||||
shb.test.runNixOSTest {
|
||||
name = "arr_${appname}_sso";
|
||||
|
||||
nodes.server =
|
||||
|
|
@ -190,10 +195,10 @@ let
|
|||
{
|
||||
imports = [
|
||||
(basic appname)
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
(https appname)
|
||||
lib.shb.ldap
|
||||
(lib.shb.sso config.shb.certs.certs.selfsigned.n)
|
||||
shb.test.ldap
|
||||
(shb.test.sso config.shb.certs.certs.selfsigned.n)
|
||||
(sso appname)
|
||||
];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{ lib, ... }:
|
||||
{ shb, ... }:
|
||||
let
|
||||
commonTestScript = lib.shb.accessScript {
|
||||
commonTestScript = shb.test.accessScript {
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.audiobookshelf.ssl);
|
||||
waitForServices =
|
||||
{ ... }:
|
||||
|
|
@ -22,7 +22,7 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
shb.test.baseModule
|
||||
../../modules/services/audiobookshelf.nix
|
||||
];
|
||||
|
||||
|
|
@ -39,8 +39,8 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
lib.shb.clientLoginModule
|
||||
shb.test.baseModule
|
||||
shb.test.clientLoginModule
|
||||
];
|
||||
virtualisation.memorySize = 4096;
|
||||
|
||||
|
|
@ -104,7 +104,7 @@ let
|
|||
};
|
||||
in
|
||||
{
|
||||
basic = lib.shb.runNixOSTest {
|
||||
basic = shb.test.runNixOSTest {
|
||||
name = "audiobookshelf-basic";
|
||||
|
||||
nodes.client = {
|
||||
|
|
@ -122,13 +122,13 @@ in
|
|||
testScript = commonTestScript;
|
||||
};
|
||||
|
||||
https = lib.shb.runNixOSTest {
|
||||
https = shb.test.runNixOSTest {
|
||||
name = "audiobookshelf-https";
|
||||
|
||||
nodes.server = {
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
];
|
||||
};
|
||||
|
|
@ -138,7 +138,7 @@ in
|
|||
testScript = commonTestScript;
|
||||
};
|
||||
|
||||
sso = lib.shb.runNixOSTest {
|
||||
sso = shb.test.runNixOSTest {
|
||||
name = "audiobookshelf-sso";
|
||||
|
||||
nodes.server =
|
||||
|
|
@ -146,10 +146,10 @@ in
|
|||
{
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
lib.shb.ldap
|
||||
(lib.shb.sso config.shb.certs.certs.selfsigned.n)
|
||||
shb.test.ldap
|
||||
(shb.test.sso config.shb.certs.certs.selfsigned.n)
|
||||
sso
|
||||
];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,6 +1,11 @@
|
|||
{ pkgs, lib, ... }:
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
...
|
||||
}:
|
||||
let
|
||||
commonTestScript = lib.shb.mkScripts {
|
||||
commonTestScript = shb.test.mkScripts {
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.deluge.ssl);
|
||||
waitForServices =
|
||||
{ ... }:
|
||||
|
|
@ -76,7 +81,7 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
shb.test.baseModule
|
||||
../../modules/blocks/hardcodedsecret.nix
|
||||
../../modules/services/deluge.nix
|
||||
];
|
||||
|
|
@ -109,8 +114,8 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
lib.shb.clientLoginModule
|
||||
shb.test.baseModule
|
||||
shb.test.clientLoginModule
|
||||
];
|
||||
test = {
|
||||
subdomain = "d";
|
||||
|
|
@ -167,7 +172,7 @@ let
|
|||
};
|
||||
in
|
||||
{
|
||||
basic = lib.shb.runNixOSTest {
|
||||
basic = shb.test.runNixOSTest {
|
||||
name = "deluge_basic";
|
||||
|
||||
nodes.client = {
|
||||
|
|
@ -184,7 +189,7 @@ in
|
|||
testScript = commonTestScript.access;
|
||||
};
|
||||
|
||||
backup = lib.shb.runNixOSTest {
|
||||
backup = shb.test.runNixOSTest {
|
||||
name = "deluge_backup";
|
||||
|
||||
nodes.server =
|
||||
|
|
@ -192,7 +197,7 @@ in
|
|||
{
|
||||
imports = [
|
||||
basic
|
||||
(lib.shb.backup config.shb.deluge.backup)
|
||||
(shb.test.backup config.shb.deluge.backup)
|
||||
];
|
||||
};
|
||||
|
||||
|
|
@ -201,13 +206,13 @@ in
|
|||
testScript = commonTestScript.backup;
|
||||
};
|
||||
|
||||
https = lib.shb.runNixOSTest {
|
||||
https = shb.test.runNixOSTest {
|
||||
name = "deluge_https";
|
||||
|
||||
nodes.server = {
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
];
|
||||
};
|
||||
|
|
@ -217,7 +222,7 @@ in
|
|||
testScript = commonTestScript.access;
|
||||
};
|
||||
|
||||
sso = lib.shb.runNixOSTest {
|
||||
sso = shb.test.runNixOSTest {
|
||||
name = "deluge_sso";
|
||||
|
||||
nodes.server =
|
||||
|
|
@ -225,10 +230,10 @@ in
|
|||
{
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
lib.shb.ldap
|
||||
(lib.shb.sso config.shb.certs.certs.selfsigned.n)
|
||||
shb.test.ldap
|
||||
(shb.test.sso config.shb.certs.certs.selfsigned.n)
|
||||
sso
|
||||
];
|
||||
};
|
||||
|
|
@ -240,13 +245,13 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
prometheus = lib.shb.runNixOSTest {
|
||||
prometheus = shb.test.runNixOSTest {
|
||||
name = "deluge_https";
|
||||
|
||||
nodes.server = {
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
prometheus
|
||||
];
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
{ lib, ... }:
|
||||
{ shb, ... }:
|
||||
let
|
||||
adminPassword = "AdminPassword";
|
||||
|
||||
commonTestScript = lib.shb.mkScripts {
|
||||
commonTestScript = shb.test.mkScripts {
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.forgejo.ssl);
|
||||
waitForServices =
|
||||
{ ... }:
|
||||
|
|
@ -27,7 +27,7 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
shb.test.baseModule
|
||||
../../modules/blocks/hardcodedsecret.nix
|
||||
../../modules/services/forgejo.nix
|
||||
];
|
||||
|
|
@ -79,8 +79,8 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
lib.shb.clientLoginModule
|
||||
shb.test.baseModule
|
||||
shb.test.clientLoginModule
|
||||
];
|
||||
test = {
|
||||
subdomain = "f";
|
||||
|
|
@ -182,7 +182,7 @@ let
|
|||
};
|
||||
in
|
||||
{
|
||||
basic = lib.shb.runNixOSTest {
|
||||
basic = shb.test.runNixOSTest {
|
||||
name = "forgejo_basic";
|
||||
|
||||
nodes.client = {
|
||||
|
|
@ -199,7 +199,7 @@ in
|
|||
testScript = commonTestScript.access;
|
||||
};
|
||||
|
||||
backup = lib.shb.runNixOSTest {
|
||||
backup = shb.test.runNixOSTest {
|
||||
name = "forgejo_backup";
|
||||
|
||||
nodes.server =
|
||||
|
|
@ -207,7 +207,7 @@ in
|
|||
{
|
||||
imports = [
|
||||
basic
|
||||
(lib.shb.backup config.shb.forgejo.backup)
|
||||
(shb.test.backup config.shb.forgejo.backup)
|
||||
];
|
||||
};
|
||||
|
||||
|
|
@ -216,13 +216,13 @@ in
|
|||
testScript = commonTestScript.backup;
|
||||
};
|
||||
|
||||
https = lib.shb.runNixOSTest {
|
||||
https = shb.test.runNixOSTest {
|
||||
name = "forgejo_https";
|
||||
|
||||
nodes.server = {
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
];
|
||||
};
|
||||
|
|
@ -232,13 +232,13 @@ in
|
|||
testScript = commonTestScript.access;
|
||||
};
|
||||
|
||||
ldap = lib.shb.runNixOSTest {
|
||||
ldap = shb.test.runNixOSTest {
|
||||
name = "forgejo_ldap";
|
||||
|
||||
nodes.server = {
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.ldap
|
||||
shb.test.ldap
|
||||
ldap
|
||||
];
|
||||
};
|
||||
|
|
@ -249,8 +249,8 @@ in
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
lib.shb.clientLoginModule
|
||||
shb.test.baseModule
|
||||
shb.test.clientLoginModule
|
||||
];
|
||||
|
||||
test = {
|
||||
|
|
@ -319,7 +319,7 @@ in
|
|||
testScript = commonTestScript.access;
|
||||
};
|
||||
|
||||
sso = lib.shb.runNixOSTest {
|
||||
sso = shb.test.runNixOSTest {
|
||||
name = "forgejo_sso";
|
||||
|
||||
nodes.server =
|
||||
|
|
@ -327,10 +327,10 @@ in
|
|||
{
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
lib.shb.ldap
|
||||
(lib.shb.sso config.shb.certs.certs.selfsigned.n)
|
||||
shb.test.ldap
|
||||
(shb.test.sso config.shb.certs.certs.selfsigned.n)
|
||||
sso
|
||||
];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{ pkgs, lib, ... }:
|
||||
{ shb, ... }:
|
||||
let
|
||||
commonTestScript = lib.shb.mkScripts {
|
||||
commonTestScript = shb.test.mkScripts {
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.grocy.ssl);
|
||||
waitForServices =
|
||||
{ ... }:
|
||||
|
|
@ -19,7 +19,7 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
shb.test.baseModule
|
||||
../../modules/services/grocy.nix
|
||||
];
|
||||
|
||||
|
|
@ -37,8 +37,8 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
lib.shb.clientLoginModule
|
||||
shb.test.baseModule
|
||||
shb.test.clientLoginModule
|
||||
];
|
||||
virtualisation.memorySize = 4096;
|
||||
|
||||
|
|
@ -81,7 +81,7 @@ let
|
|||
};
|
||||
in
|
||||
{
|
||||
basic = lib.shb.runNixOSTest {
|
||||
basic = shb.test.runNixOSTest {
|
||||
name = "grocy_basic";
|
||||
|
||||
nodes.client = {
|
||||
|
|
@ -98,13 +98,13 @@ in
|
|||
testScript = commonTestScript.access;
|
||||
};
|
||||
|
||||
https = lib.shb.runNixOSTest {
|
||||
https = shb.test.runNixOSTest {
|
||||
name = "grocy_https";
|
||||
|
||||
nodes.server = {
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{ lib, ... }:
|
||||
{ shb, ... }:
|
||||
let
|
||||
commonTestScript = lib.shb.mkScripts {
|
||||
commonTestScript = shb.test.mkScripts {
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.hledger.ssl);
|
||||
waitForServices =
|
||||
{ ... }:
|
||||
|
|
@ -14,7 +14,7 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
shb.test.baseModule
|
||||
../../modules/services/hledger.nix
|
||||
];
|
||||
|
||||
|
|
@ -32,8 +32,8 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
lib.shb.clientLoginModule
|
||||
shb.test.baseModule
|
||||
shb.test.clientLoginModule
|
||||
];
|
||||
|
||||
test = {
|
||||
|
|
@ -69,7 +69,7 @@ let
|
|||
};
|
||||
in
|
||||
{
|
||||
basic = lib.shb.runNixOSTest {
|
||||
basic = shb.test.runNixOSTest {
|
||||
name = "hledger_basic";
|
||||
|
||||
nodes.client = {
|
||||
|
|
@ -87,7 +87,7 @@ in
|
|||
testScript = commonTestScript.access;
|
||||
};
|
||||
|
||||
backup = lib.shb.runNixOSTest {
|
||||
backup = shb.test.runNixOSTest {
|
||||
name = "hledger_backup";
|
||||
|
||||
nodes.server =
|
||||
|
|
@ -95,7 +95,7 @@ in
|
|||
{
|
||||
imports = [
|
||||
basic
|
||||
(lib.shb.backup config.shb.hledger.backup)
|
||||
(shb.test.backup config.shb.hledger.backup)
|
||||
];
|
||||
};
|
||||
|
||||
|
|
@ -104,13 +104,13 @@ in
|
|||
testScript = commonTestScript.backup;
|
||||
};
|
||||
|
||||
https = lib.shb.runNixOSTest {
|
||||
https = shb.test.runNixOSTest {
|
||||
name = "hledger_https";
|
||||
|
||||
nodes.server = {
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
];
|
||||
};
|
||||
|
|
@ -120,7 +120,7 @@ in
|
|||
testScript = commonTestScript.access;
|
||||
};
|
||||
|
||||
sso = lib.shb.runNixOSTest {
|
||||
sso = shb.test.runNixOSTest {
|
||||
name = "hledger_sso";
|
||||
|
||||
nodes.server =
|
||||
|
|
@ -128,10 +128,10 @@ in
|
|||
{
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
lib.shb.ldap
|
||||
(lib.shb.sso config.shb.certs.certs.selfsigned.n)
|
||||
shb.test.ldap
|
||||
(shb.test.sso config.shb.certs.certs.selfsigned.n)
|
||||
sso
|
||||
];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{ pkgs, lib, ... }:
|
||||
{ pkgs, shb, ... }:
|
||||
let
|
||||
commonTestScript = lib.shb.mkScripts {
|
||||
commonTestScript = shb.test.mkScripts {
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.home-assistant.ssl);
|
||||
waitForServices =
|
||||
{ ... }:
|
||||
|
|
@ -19,7 +19,7 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
shb.test.baseModule
|
||||
../../modules/services/home-assistant.nix
|
||||
];
|
||||
|
||||
|
|
@ -46,8 +46,8 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
lib.shb.clientLoginModule
|
||||
shb.test.baseModule
|
||||
shb.test.clientLoginModule
|
||||
];
|
||||
virtualisation.memorySize = 4096;
|
||||
|
||||
|
|
@ -165,7 +165,7 @@ let
|
|||
};
|
||||
in
|
||||
{
|
||||
basic = lib.shb.runNixOSTest {
|
||||
basic = shb.test.runNixOSTest {
|
||||
name = "homeassistant_basic";
|
||||
|
||||
nodes.client = {
|
||||
|
|
@ -182,7 +182,7 @@ in
|
|||
testScript = commonTestScript.access;
|
||||
};
|
||||
|
||||
backup = lib.shb.runNixOSTest {
|
||||
backup = shb.test.runNixOSTest {
|
||||
name = "homeassistant_backup";
|
||||
|
||||
nodes.server =
|
||||
|
|
@ -190,7 +190,7 @@ in
|
|||
{
|
||||
imports = [
|
||||
basic
|
||||
(lib.shb.backup config.shb.home-assistant.backup)
|
||||
(shb.test.backup config.shb.home-assistant.backup)
|
||||
];
|
||||
};
|
||||
|
||||
|
|
@ -199,13 +199,13 @@ in
|
|||
testScript = commonTestScript.backup;
|
||||
};
|
||||
|
||||
https = lib.shb.runNixOSTest {
|
||||
https = shb.test.runNixOSTest {
|
||||
name = "homeassistant_https";
|
||||
|
||||
nodes.server = {
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
];
|
||||
};
|
||||
|
|
@ -215,13 +215,13 @@ in
|
|||
testScript = commonTestScript.access;
|
||||
};
|
||||
|
||||
ldap = lib.shb.runNixOSTest {
|
||||
ldap = shb.test.runNixOSTest {
|
||||
name = "homeassistant_ldap";
|
||||
|
||||
nodes.server = {
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.ldap
|
||||
shb.test.ldap
|
||||
ldap
|
||||
];
|
||||
};
|
||||
|
|
@ -233,16 +233,16 @@ in
|
|||
|
||||
# Not yet supported
|
||||
#
|
||||
# sso = lib.shb.runNixOSTest {
|
||||
# sso = shb.test.runNixOSTest {
|
||||
# name = "vaultwarden_sso";
|
||||
#
|
||||
# nodes.server = lib.mkMerge [
|
||||
# basic
|
||||
# (lib.shb.certs domain)
|
||||
# (shb.certs domain)
|
||||
# https
|
||||
# ldap
|
||||
# (lib.shb.ldap domain pkgs')
|
||||
# (lib.shb.sso domain pkgs' config.shb.certs.certs.selfsigned.n)
|
||||
# (shb.ldap domain pkgs')
|
||||
# (shb.test.sso domain pkgs' config.shb.certs.certs.selfsigned.n)
|
||||
# sso
|
||||
# ];
|
||||
#
|
||||
|
|
@ -251,7 +251,7 @@ in
|
|||
# testScript = commonTestScript.access;
|
||||
# };
|
||||
|
||||
voice = lib.shb.runNixOSTest {
|
||||
voice = shb.test.runNixOSTest {
|
||||
name = "homeassistant_voice";
|
||||
|
||||
nodes.server = {
|
||||
|
|
|
|||
|
|
@ -1,9 +1,13 @@
|
|||
{ pkgs, lib }:
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
}:
|
||||
let
|
||||
subdomain = "i";
|
||||
domain = "example.com";
|
||||
|
||||
commonTestScript = lib.shb.accessScript {
|
||||
commonTestScript = shb.test.accessScript {
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.immich.ssl);
|
||||
waitForServices =
|
||||
{ ... }:
|
||||
|
|
@ -25,7 +29,7 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
shb.test.baseModule
|
||||
../../modules/services/immich.nix
|
||||
];
|
||||
|
||||
|
|
@ -60,7 +64,7 @@ let
|
|||
{
|
||||
imports = [
|
||||
base
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
];
|
||||
|
||||
test.hasSSL = true;
|
||||
|
|
@ -72,7 +76,7 @@ let
|
|||
{
|
||||
imports = [
|
||||
https
|
||||
(lib.shb.backup config.shb.immich.backup)
|
||||
(shb.test.backup config.shb.immich.backup)
|
||||
];
|
||||
};
|
||||
|
||||
|
|
@ -81,8 +85,8 @@ let
|
|||
{
|
||||
imports = [
|
||||
https
|
||||
lib.shb.ldap
|
||||
(lib.shb.sso config.shb.certs.certs.selfsigned.n)
|
||||
shb.test.ldap
|
||||
(shb.test.sso config.shb.certs.certs.selfsigned.n)
|
||||
];
|
||||
|
||||
shb.immich.sso = {
|
||||
|
|
@ -157,7 +161,7 @@ in
|
|||
nodes.client = { };
|
||||
|
||||
testScript =
|
||||
(lib.shb.mkScripts {
|
||||
(shb.test.mkScripts {
|
||||
hasSSL = args: !(isNull args.node.config.shb.immich.ssl);
|
||||
waitForServices = args: [
|
||||
"immich-server.service"
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
{ pkgs, lib, ... }:
|
||||
{ pkgs, shb, ... }:
|
||||
let
|
||||
port = 9096;
|
||||
|
||||
commonTestScript = lib.shb.mkScripts {
|
||||
commonTestScript = shb.test.mkScripts {
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.jellyfin.ssl);
|
||||
waitForServices =
|
||||
{ ... }:
|
||||
|
|
@ -47,7 +47,7 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
shb.test.baseModule
|
||||
../../modules/services/jellyfin.nix
|
||||
];
|
||||
test = {
|
||||
|
|
@ -79,7 +79,7 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.clientLoginModule
|
||||
shb.test.clientLoginModule
|
||||
];
|
||||
virtualisation.memorySize = 4096;
|
||||
|
||||
|
|
@ -171,7 +171,7 @@ let
|
|||
jellyfinTest =
|
||||
name:
|
||||
{ nodes, testScript }:
|
||||
lib.shb.runNixOSTest {
|
||||
shb.test.runNixOSTest {
|
||||
name = "jellyfin_${name}";
|
||||
|
||||
interactive.nodes.server = {
|
||||
|
|
@ -206,7 +206,7 @@ in
|
|||
{
|
||||
imports = [
|
||||
basic
|
||||
(lib.shb.backup config.shb.jellyfin.backup)
|
||||
(shb.test.backup config.shb.jellyfin.backup)
|
||||
];
|
||||
};
|
||||
|
||||
|
|
@ -219,7 +219,7 @@ in
|
|||
nodes.server = {
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
];
|
||||
};
|
||||
|
|
@ -228,7 +228,7 @@ in
|
|||
{ config, lib, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
shb.test.baseModule
|
||||
clientLogin
|
||||
];
|
||||
};
|
||||
|
|
@ -240,7 +240,7 @@ in
|
|||
nodes.server = {
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.ldap
|
||||
shb.test.ldap
|
||||
ldap
|
||||
];
|
||||
};
|
||||
|
|
@ -256,10 +256,10 @@ in
|
|||
{
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
lib.shb.ldap
|
||||
(lib.shb.sso config.shb.certs.certs.selfsigned.n)
|
||||
shb.test.ldap
|
||||
(shb.test.sso config.shb.certs.certs.selfsigned.n)
|
||||
sso
|
||||
];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,9 +1,9 @@
|
|||
{ lib, ... }:
|
||||
{ lib, shb, ... }:
|
||||
let
|
||||
nextauthSecret = "nextauthSecret";
|
||||
oidcSecret = "oidcSecret";
|
||||
|
||||
commonTestScript = lib.shb.mkScripts {
|
||||
commonTestScript = shb.test.mkScripts {
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.karakeep.ssl);
|
||||
waitForServices =
|
||||
{ ... }:
|
||||
|
|
@ -25,7 +25,7 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
shb.test.baseModule
|
||||
../../modules/services/karakeep.nix
|
||||
];
|
||||
|
||||
|
|
@ -77,8 +77,8 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
lib.shb.clientLoginModule
|
||||
shb.test.baseModule
|
||||
shb.test.clientLoginModule
|
||||
];
|
||||
test = {
|
||||
subdomain = "k";
|
||||
|
|
@ -171,7 +171,7 @@ let
|
|||
};
|
||||
in
|
||||
{
|
||||
basic = lib.shb.runNixOSTest {
|
||||
basic = shb.test.runNixOSTest {
|
||||
name = "karakeep_basic";
|
||||
|
||||
nodes.client = { };
|
||||
|
|
@ -184,7 +184,7 @@ in
|
|||
testScript = commonTestScript.access;
|
||||
};
|
||||
|
||||
backup = lib.shb.runNixOSTest {
|
||||
backup = shb.test.runNixOSTest {
|
||||
name = "karakeep_backup";
|
||||
|
||||
nodes.server =
|
||||
|
|
@ -192,7 +192,7 @@ in
|
|||
{
|
||||
imports = [
|
||||
basic
|
||||
(lib.shb.backup config.shb.karakeep.backup)
|
||||
(shb.test.backup config.shb.karakeep.backup)
|
||||
];
|
||||
};
|
||||
|
||||
|
|
@ -201,14 +201,14 @@ in
|
|||
testScript = commonTestScript.backup;
|
||||
};
|
||||
|
||||
https = lib.shb.runNixOSTest {
|
||||
https = shb.test.runNixOSTest {
|
||||
name = "karakeep_https";
|
||||
|
||||
nodes.client = { };
|
||||
nodes.server = {
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
];
|
||||
};
|
||||
|
|
@ -216,7 +216,7 @@ in
|
|||
testScript = commonTestScript.access;
|
||||
};
|
||||
|
||||
sso = lib.shb.runNixOSTest {
|
||||
sso = shb.test.runNixOSTest {
|
||||
name = "karakeep_sso";
|
||||
|
||||
nodes.client = {
|
||||
|
|
@ -231,11 +231,11 @@ in
|
|||
{
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
lib.shb.ldap
|
||||
shb.test.ldap
|
||||
ldap
|
||||
(lib.shb.sso config.shb.certs.certs.selfsigned.n)
|
||||
(shb.test.sso config.shb.certs.certs.selfsigned.n)
|
||||
sso
|
||||
];
|
||||
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
{ lib, ... }:
|
||||
{ lib, shb, ... }:
|
||||
let
|
||||
adminUser = "root";
|
||||
adminPass = "rootpw";
|
||||
oidcSecret = "oidcSecret";
|
||||
|
||||
commonTestScript = lib.shb.mkScripts {
|
||||
commonTestScript = shb.test.mkScripts {
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.nextcloud.ssl);
|
||||
waitForServices =
|
||||
{ ... }:
|
||||
|
|
@ -102,7 +102,7 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
shb.test.baseModule
|
||||
../../modules/services/nextcloud-server.nix
|
||||
];
|
||||
|
||||
|
|
@ -136,8 +136,8 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
lib.shb.clientLoginModule
|
||||
shb.test.baseModule
|
||||
shb.test.clientLoginModule
|
||||
];
|
||||
virtualisation.memorySize = 4096;
|
||||
|
||||
|
|
@ -176,8 +176,8 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
lib.shb.clientLoginModule
|
||||
shb.test.baseModule
|
||||
shb.test.clientLoginModule
|
||||
];
|
||||
virtualisation.memorySize = 4096;
|
||||
|
||||
|
|
@ -231,8 +231,8 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
lib.shb.clientLoginModule
|
||||
shb.test.baseModule
|
||||
shb.test.clientLoginModule
|
||||
];
|
||||
virtualisation.memorySize = 4096;
|
||||
|
||||
|
|
@ -444,7 +444,7 @@ let
|
|||
'';
|
||||
in
|
||||
{
|
||||
basic = lib.shb.runNixOSTest {
|
||||
basic = shb.test.runNixOSTest {
|
||||
name = "nextcloud_basic";
|
||||
|
||||
nodes.client = {
|
||||
|
|
@ -461,7 +461,7 @@ in
|
|||
testScript = commonTestScript.access;
|
||||
};
|
||||
|
||||
cron = lib.shb.runNixOSTest {
|
||||
cron = shb.test.runNixOSTest {
|
||||
name = "nextcloud_cron";
|
||||
|
||||
nodes.server = {
|
||||
|
|
@ -504,7 +504,7 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
backup = lib.shb.runNixOSTest {
|
||||
backup = shb.test.runNixOSTest {
|
||||
name = "nextcloud_backup";
|
||||
|
||||
nodes.server =
|
||||
|
|
@ -512,7 +512,7 @@ in
|
|||
{
|
||||
imports = [
|
||||
basic
|
||||
(lib.shb.backup config.shb.nextcloud.backup)
|
||||
(shb.test.backup config.shb.nextcloud.backup)
|
||||
];
|
||||
};
|
||||
|
||||
|
|
@ -521,13 +521,13 @@ in
|
|||
testScript = commonTestScript.backup;
|
||||
};
|
||||
|
||||
https = lib.shb.runNixOSTest {
|
||||
https = shb.test.runNixOSTest {
|
||||
name = "nextcloud_https";
|
||||
|
||||
nodes.server = {
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
];
|
||||
};
|
||||
|
|
@ -538,13 +538,13 @@ in
|
|||
testScript = commonTestScript.access;
|
||||
};
|
||||
|
||||
previewGenerator = lib.shb.runNixOSTest {
|
||||
previewGenerator = shb.test.runNixOSTest {
|
||||
name = "nextcloud_previewGenerator";
|
||||
|
||||
nodes.server = {
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
previewgenerator
|
||||
];
|
||||
|
|
@ -555,13 +555,13 @@ in
|
|||
testScript = commonTestScript.access;
|
||||
};
|
||||
|
||||
externalStorage = lib.shb.runNixOSTest {
|
||||
externalStorage = shb.test.runNixOSTest {
|
||||
name = "nextcloud_externalStorage";
|
||||
|
||||
nodes.server = {
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
externalstorage
|
||||
];
|
||||
|
|
@ -575,13 +575,13 @@ in
|
|||
# TODO: fix memories app
|
||||
# See https://github.com/ibizaman/selfhostblocks/issues/476
|
||||
|
||||
# memories = lib.shb.runNixOSTest {
|
||||
# memories = shb.test.runNixOSTest {
|
||||
# name = "nextcloud_memories";
|
||||
|
||||
# nodes.server = {
|
||||
# imports = [
|
||||
# basic
|
||||
# lib.shb.certs
|
||||
# shb.test.certs
|
||||
# https
|
||||
# memories
|
||||
# ];
|
||||
|
|
@ -592,13 +592,13 @@ in
|
|||
# testScript = commonTestScript.access;
|
||||
# };
|
||||
|
||||
recognize = lib.shb.runNixOSTest {
|
||||
recognize = shb.test.runNixOSTest {
|
||||
name = "nextcloud_recognize";
|
||||
|
||||
nodes.server = {
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
recognize
|
||||
];
|
||||
|
|
@ -609,7 +609,7 @@ in
|
|||
testScript = commonTestScript.access;
|
||||
};
|
||||
|
||||
ldap = lib.shb.runNixOSTest {
|
||||
ldap = shb.test.runNixOSTest {
|
||||
name = "nextcloud_ldap";
|
||||
|
||||
nodes.server =
|
||||
|
|
@ -617,9 +617,9 @@ in
|
|||
{
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
lib.shb.ldap
|
||||
shb.test.ldap
|
||||
ldap
|
||||
];
|
||||
};
|
||||
|
|
@ -633,7 +633,7 @@ in
|
|||
testScript = commonTestScript.access;
|
||||
};
|
||||
|
||||
sso = lib.shb.runNixOSTest {
|
||||
sso = shb.test.runNixOSTest {
|
||||
name = "nextcloud_sso";
|
||||
|
||||
nodes.server =
|
||||
|
|
@ -641,10 +641,10 @@ in
|
|||
{
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
lib.shb.ldap
|
||||
(lib.shb.sso config.shb.certs.certs.selfsigned.n)
|
||||
shb.test.ldap
|
||||
(shb.test.sso config.shb.certs.certs.selfsigned.n)
|
||||
sso
|
||||
(
|
||||
{ config, ... }:
|
||||
|
|
@ -674,7 +674,7 @@ in
|
|||
testScript = commonTestScript.access;
|
||||
};
|
||||
|
||||
prometheus = lib.shb.runNixOSTest {
|
||||
prometheus = shb.test.runNixOSTest {
|
||||
name = "nextcloud_prometheus";
|
||||
|
||||
nodes.server =
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
{ lib, ... }:
|
||||
{ shb, ... }:
|
||||
let
|
||||
oidcSecret = "oidcSecret";
|
||||
|
||||
commonTestScript = lib.shb.mkScripts {
|
||||
commonTestScript = shb.test.mkScripts {
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.open-webui.ssl);
|
||||
waitForServices =
|
||||
{ ... }:
|
||||
|
|
@ -21,7 +21,7 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
shb.test.baseModule
|
||||
../../modules/blocks/hardcodedsecret.nix
|
||||
../../modules/services/open-webui.nix
|
||||
];
|
||||
|
|
@ -68,8 +68,8 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
lib.shb.clientLoginModule
|
||||
shb.test.baseModule
|
||||
shb.test.clientLoginModule
|
||||
];
|
||||
virtualisation.memorySize = 4096;
|
||||
test = {
|
||||
|
|
@ -163,7 +163,7 @@ let
|
|||
};
|
||||
in
|
||||
{
|
||||
basic = lib.shb.runNixOSTest {
|
||||
basic = shb.test.runNixOSTest {
|
||||
name = "open-webui_basic";
|
||||
|
||||
nodes.client = { };
|
||||
|
|
@ -176,7 +176,7 @@ in
|
|||
testScript = commonTestScript.access;
|
||||
};
|
||||
|
||||
backup = lib.shb.runNixOSTest {
|
||||
backup = shb.test.runNixOSTest {
|
||||
name = "open-webui_backup";
|
||||
|
||||
nodes.server =
|
||||
|
|
@ -184,7 +184,7 @@ in
|
|||
{
|
||||
imports = [
|
||||
basic
|
||||
(lib.shb.backup config.shb.open-webui.backup)
|
||||
(shb.test.backup config.shb.open-webui.backup)
|
||||
];
|
||||
};
|
||||
|
||||
|
|
@ -193,14 +193,14 @@ in
|
|||
testScript = commonTestScript.backup;
|
||||
};
|
||||
|
||||
https = lib.shb.runNixOSTest {
|
||||
https = shb.test.runNixOSTest {
|
||||
name = "open-webui_https";
|
||||
|
||||
nodes.client = { };
|
||||
nodes.server = {
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
];
|
||||
};
|
||||
|
|
@ -208,7 +208,7 @@ in
|
|||
testScript = commonTestScript.access;
|
||||
};
|
||||
|
||||
sso = lib.shb.runNixOSTest {
|
||||
sso = shb.test.runNixOSTest {
|
||||
name = "open-webui_sso";
|
||||
|
||||
nodes.client = {
|
||||
|
|
@ -221,11 +221,11 @@ in
|
|||
{
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
lib.shb.ldap
|
||||
shb.test.ldap
|
||||
ldap
|
||||
(lib.shb.sso config.shb.certs.certs.selfsigned.n)
|
||||
(shb.test.sso config.shb.certs.certs.selfsigned.n)
|
||||
sso
|
||||
];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,9 +1,13 @@
|
|||
{ pkgs, lib }:
|
||||
{
|
||||
pkgs,
|
||||
lib,
|
||||
shb,
|
||||
}:
|
||||
let
|
||||
subdomain = "p";
|
||||
domain = "example.com";
|
||||
|
||||
commonTestScript = lib.shb.accessScript {
|
||||
commonTestScript = shb.test.accessScript {
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.paperless.ssl);
|
||||
waitForServices =
|
||||
{ ... }:
|
||||
|
|
@ -24,7 +28,7 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
shb.test.baseModule
|
||||
../../modules/services/paperless.nix
|
||||
];
|
||||
|
||||
|
|
@ -57,7 +61,7 @@ let
|
|||
{
|
||||
imports = [
|
||||
base
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
];
|
||||
|
||||
test.hasSSL = true;
|
||||
|
|
@ -69,7 +73,7 @@ let
|
|||
{
|
||||
imports = [
|
||||
https
|
||||
(lib.shb.backup config.shb.paperless.backup)
|
||||
(shb.test.backup config.shb.paperless.backup)
|
||||
];
|
||||
};
|
||||
|
||||
|
|
@ -78,8 +82,8 @@ let
|
|||
{
|
||||
imports = [
|
||||
https
|
||||
lib.shb.ldap
|
||||
(lib.shb.sso config.shb.certs.certs.selfsigned.n)
|
||||
shb.test.ldap
|
||||
(shb.test.sso config.shb.certs.certs.selfsigned.n)
|
||||
];
|
||||
|
||||
shb.paperless.sso = {
|
||||
|
|
@ -163,7 +167,7 @@ in
|
|||
nodes.client = { };
|
||||
|
||||
testScript =
|
||||
(lib.shb.mkScripts {
|
||||
(shb.test.mkScripts {
|
||||
hasSSL = args: !(isNull args.node.config.shb.paperless.ssl);
|
||||
waitForServices = args: [
|
||||
"paperless-web.service"
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{ pkgs, lib, ... }:
|
||||
{ pkgs, shb, ... }:
|
||||
let
|
||||
commonTestScript = lib.shb.mkScripts {
|
||||
commonTestScript = shb.test.mkScripts {
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.pinchflat.ssl);
|
||||
waitForServices =
|
||||
{ ... }:
|
||||
|
|
@ -19,7 +19,7 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
shb.test.baseModule
|
||||
../../modules/blocks/hardcodedsecret.nix
|
||||
../../modules/services/pinchflat.nix
|
||||
];
|
||||
|
|
@ -55,8 +55,8 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
lib.shb.clientLoginModule
|
||||
shb.test.baseModule
|
||||
shb.test.clientLoginModule
|
||||
];
|
||||
test = {
|
||||
subdomain = "p";
|
||||
|
|
@ -101,8 +101,8 @@ let
|
|||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
lib.shb.clientLoginModule
|
||||
shb.test.baseModule
|
||||
shb.test.clientLoginModule
|
||||
];
|
||||
test = {
|
||||
subdomain = "p";
|
||||
|
|
@ -176,7 +176,7 @@ let
|
|||
};
|
||||
in
|
||||
{
|
||||
basic = lib.shb.runNixOSTest {
|
||||
basic = shb.test.runNixOSTest {
|
||||
name = "pinchflat_basic";
|
||||
|
||||
nodes.client = {
|
||||
|
|
@ -193,7 +193,7 @@ in
|
|||
testScript = commonTestScript.access;
|
||||
};
|
||||
|
||||
backup = lib.shb.runNixOSTest {
|
||||
backup = shb.test.runNixOSTest {
|
||||
name = "pinchflat_backup";
|
||||
|
||||
nodes.server =
|
||||
|
|
@ -201,7 +201,7 @@ in
|
|||
{
|
||||
imports = [
|
||||
basic
|
||||
(lib.shb.backup config.shb.pinchflat.backup)
|
||||
(shb.test.backup config.shb.pinchflat.backup)
|
||||
];
|
||||
};
|
||||
|
||||
|
|
@ -210,7 +210,7 @@ in
|
|||
testScript = commonTestScript.backup;
|
||||
};
|
||||
|
||||
https = lib.shb.runNixOSTest {
|
||||
https = shb.test.runNixOSTest {
|
||||
name = "pinchflat_https";
|
||||
|
||||
nodes.client = {
|
||||
|
|
@ -221,7 +221,7 @@ in
|
|||
nodes.server = {
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
];
|
||||
};
|
||||
|
|
@ -229,7 +229,7 @@ in
|
|||
testScript = commonTestScript.access;
|
||||
};
|
||||
|
||||
sso = lib.shb.runNixOSTest {
|
||||
sso = shb.test.runNixOSTest {
|
||||
name = "pinchflat_sso";
|
||||
|
||||
nodes.client = {
|
||||
|
|
@ -242,11 +242,11 @@ in
|
|||
{
|
||||
imports = [
|
||||
basic
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
https
|
||||
lib.shb.ldap
|
||||
shb.test.ldap
|
||||
ldap
|
||||
(lib.shb.sso config.shb.certs.certs.selfsigned.n)
|
||||
(shb.test.sso config.shb.certs.certs.selfsigned.n)
|
||||
sso
|
||||
];
|
||||
};
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
{ lib, ... }:
|
||||
{ shb, ... }:
|
||||
let
|
||||
commonTestScript = lib.shb.mkScripts {
|
||||
commonTestScript = shb.test.mkScripts {
|
||||
hasSSL = { node, ... }: !(isNull node.config.shb.vaultwarden.ssl);
|
||||
waitForServices =
|
||||
{ ... }:
|
||||
|
|
@ -97,12 +97,12 @@ let
|
|||
};
|
||||
in
|
||||
{
|
||||
basic = lib.shb.runNixOSTest {
|
||||
basic = shb.test.runNixOSTest {
|
||||
name = "vaultwarden_basic";
|
||||
|
||||
nodes.server = {
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
shb.test.baseModule
|
||||
../../modules/blocks/hardcodedsecret.nix
|
||||
../../modules/services/vaultwarden.nix
|
||||
basic
|
||||
|
|
@ -114,15 +114,15 @@ in
|
|||
testScript = commonTestScript.access;
|
||||
};
|
||||
|
||||
https = lib.shb.runNixOSTest {
|
||||
https = shb.test.runNixOSTest {
|
||||
name = "vaultwarden_https";
|
||||
|
||||
nodes.server = {
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
shb.test.baseModule
|
||||
../../modules/blocks/hardcodedsecret.nix
|
||||
../../modules/services/vaultwarden.nix
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
basic
|
||||
https
|
||||
];
|
||||
|
|
@ -135,11 +135,11 @@ in
|
|||
|
||||
# Not yet supported
|
||||
#
|
||||
# ldap = lib.shb.runNixOSTest {
|
||||
# ldap = shb.test.runNixOSTest {
|
||||
# name = "vaultwarden_ldap";
|
||||
#
|
||||
# nodes.server = lib.mkMerge [
|
||||
# lib.shb.baseModule
|
||||
# shb.test.baseModule
|
||||
# ../../modules/blocks/hardcodedsecret.nix
|
||||
# ../../modules/services/vaultwarden.nix
|
||||
# basic
|
||||
|
|
@ -151,21 +151,21 @@ in
|
|||
# testScript = commonTestScript.access;
|
||||
# };
|
||||
|
||||
sso = lib.shb.runNixOSTest {
|
||||
sso = shb.test.runNixOSTest {
|
||||
name = "vaultwarden_sso";
|
||||
|
||||
nodes.server =
|
||||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
shb.test.baseModule
|
||||
../../modules/blocks/hardcodedsecret.nix
|
||||
../../modules/services/vaultwarden.nix
|
||||
lib.shb.certs
|
||||
shb.test.certs
|
||||
basic
|
||||
https
|
||||
lib.shb.ldap
|
||||
(lib.shb.sso config.shb.certs.certs.selfsigned.n)
|
||||
shb.test.ldap
|
||||
(shb.test.sso config.shb.certs.certs.selfsigned.n)
|
||||
sso
|
||||
];
|
||||
};
|
||||
|
|
@ -196,18 +196,18 @@ in
|
|||
};
|
||||
};
|
||||
|
||||
backup = lib.shb.runNixOSTest {
|
||||
backup = shb.test.runNixOSTest {
|
||||
name = "vaultwarden_backup";
|
||||
|
||||
nodes.server =
|
||||
{ config, ... }:
|
||||
{
|
||||
imports = [
|
||||
lib.shb.baseModule
|
||||
shb.test.baseModule
|
||||
../../modules/blocks/hardcodedsecret.nix
|
||||
../../modules/services/vaultwarden.nix
|
||||
basic
|
||||
(lib.shb.backup config.shb.vaultwarden.backup)
|
||||
(shb.test.backup config.shb.vaultwarden.backup)
|
||||
];
|
||||
};
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue