diff --git a/modules/commands.nix b/modules/commands.nix new file mode 100644 index 00000000..e83e3a95 --- /dev/null +++ b/modules/commands.nix @@ -0,0 +1,100 @@ +{ withSystem, ... }: +{ + flake.modules.nixos.mcl-commands = + { + lib, + pkgs, + flakeArgs, + config, + ... + }: + let + cfg = config.programs.admin-cmds; + + makeSystemctlCommand = + service: command: + pkgs.writeShellApplication { + name = "${service}-${command}"; + text = "systemctl ${command} ${service}.service"; + }; + systemctlCommands = builtins.concatMap ( + service: map (command: (makeSystemctlCommand service command)) cfg.systemctl-commands + ) cfg.services; + + getPackageCommands = + package: + lib.pipe "${lib.getExe package}/.." [ + builtins.readDir + builtins.attrNames + ]; + + server-help = pkgs.writeShellApplication { + name = "server-help"; + text = '' + echo -e "There are a few sudo commands which:\n + * Restart certain services\n + * Get certain services status\n + * Get certain services logs\n\n + + Available commands:\n + ${ + lib.pipe systemctlCommands [ + (map getPackageCommands) + builtins.concatLists + (builtins.concatStringsSep "\n") + ] + }" + ''; + }; + in + { + options.programs.admin-cmds = with lib; { + services = mkOption { + type = types.listOf types.str; + default = [ ]; + example = [ + "nginx" + "grafana" + "nimbus-eth2" + ]; + description = '' + Services for which you have admin commands. + ''; + }; + + systemctl-commands = mkOption { + type = types.listOf types.str; + default = [ + "restart" + "status" + "stop" + ]; + example = [ + "restart" + "start" + "stop" + ]; + description = '' + Systemd commands which you can use for services. + ''; + }; + }; + + config = lib.mkIf (cfg.services != [ ]) { + security.sudo.extraRules = [ + { + groups = [ "metacraft" ]; + commands = [ + (lib.pipe systemctlCommands [ + (map getPackageCommands) + builtins.concatLists + (lib.concatMapStringsSep ", " (n: "/run/current-system/sw/bin/${n}")) + ]) + ]; + } + ]; + + environment.systemPackages = systemctlCommands ++ [ server-help ]; + }; + }; +} diff --git a/modules/default.nix b/modules/default.nix index 09b7bee6..5ebf95cb 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -10,5 +10,6 @@ ./secrets.nix ./mcl-disko ./pharos + ./commands.nix ]; } diff --git a/modules/host-info.nix b/modules/host-info.nix index a0d8b744..7ace7fd7 100644 --- a/modules/host-info.nix +++ b/modules/host-info.nix @@ -9,33 +9,28 @@ { options.mcl.host-info = with lib; { type = mkOption { - type = types.nullOr ( - types.enum [ - "desktop" - "server" - "container" - ] - ); - default = null; - example = [ "desktop" ]; + type = types.enum [ + "notebook" + "desktop" + "server" + "container" + ]; + example = "desktop"; description = '' Whether this host is a desktop or a server. ''; }; isDebugVM = mkOption { - type = types.nullOr types.bool; - default = null; - example = [ "false" ]; + type = types.bool; + example = false; description = '' - Whether this configuration is a VM variant with extra debug - functionality. + Whether this configuration is a VM variant with extra debug functionality. ''; }; configPath = mkOption { - type = types.nullOr types.path; - default = null; + type = types.path; example = [ "machines/server/solunska-server" ]; description = '' The configuration path for this host relative to the repo root. @@ -44,28 +39,12 @@ sshKey = mkOption { type = types.nullOr types.str; - default = ""; + default = null; example = "ssh-ed25519 AAAAC3Nza"; description = '' The public ssh key for this host. ''; }; }; - config = { - assertions = [ - { - assertion = config.mcl.host-info.type != null; - message = "mcl.host-info.type must be defined for every host"; - } - { - assertion = config.mcl.host-info.isDebugVM != null; - message = "mcl.host-info.isDebugVM must be defined for every host"; - } - { - assertion = config.mcl.host-info.configPath != null; - message = "mcl.host-info.configPath must be defined for every host"; - } - ]; - }; }; }