From 030519413d00869555821ff78d29b3d926e6644f Mon Sep 17 00:00:00 2001 From: pinpox Date: Wed, 14 May 2025 11:47:38 +0200 Subject: [PATCH 1/2] Add warning for deprecated admin module --- clanModules/admin/default.nix | 12 ++++++++++++ clanModules/flake-module.nix | 1 + 2 files changed, 13 insertions(+) create mode 100644 clanModules/admin/default.nix diff --git a/clanModules/admin/default.nix b/clanModules/admin/default.nix new file mode 100644 index 000000000..a53791e1d --- /dev/null +++ b/clanModules/admin/default.nix @@ -0,0 +1,12 @@ +{ config, ... }: +{ + config.assertions = [ + { + assertion = config.clan.inventory.services.admin != { }; + message = '' + The admin module has been migrated from `clan.services` to `clan.instances` + See https://docs.clan.lol/TODO for updated usage. + ''; + } + ]; +} diff --git a/clanModules/flake-module.nix b/clanModules/flake-module.nix index 7d12cdef8..d83d96b95 100644 --- a/clanModules/flake-module.nix +++ b/clanModules/flake-module.nix @@ -9,6 +9,7 @@ in # only import available files, as this allows to filter the files for tests. flake.clanModules = filterAttrs (_name: pathExists) { auto-upgrade = ./auto-upgrade; + admin = ./admin; borgbackup = ./borgbackup; borgbackup-static = ./borgbackup-static; deltachat = ./deltachat; From 857950d3738230a7555b244d1dee1f907aa6445b Mon Sep 17 00:00:00 2001 From: pinpox Date: Wed, 14 May 2025 15:21:11 +0200 Subject: [PATCH 2/2] add back old module for compatibility --- clanModules/admin/README.md | 5 +++++ clanModules/admin/default.nix | 11 +--------- clanModules/admin/roles/default.nix | 31 +++++++++++++++++++++++++++++ docs/mkdocs.yml | 2 +- 4 files changed, 38 insertions(+), 11 deletions(-) create mode 100644 clanModules/admin/README.md create mode 100644 clanModules/admin/roles/default.nix diff --git a/clanModules/admin/README.md b/clanModules/admin/README.md new file mode 100644 index 000000000..c27c8d19b --- /dev/null +++ b/clanModules/admin/README.md @@ -0,0 +1,5 @@ +--- +description = "Convenient Administration for the Clan App" +categories = ["Utility"] +features = [ "inventory", "deprecated" ] +--- diff --git a/clanModules/admin/default.nix b/clanModules/admin/default.nix index a53791e1d..8fdf356eb 100644 --- a/clanModules/admin/default.nix +++ b/clanModules/admin/default.nix @@ -1,12 +1,3 @@ -{ config, ... }: { - config.assertions = [ - { - assertion = config.clan.inventory.services.admin != { }; - message = '' - The admin module has been migrated from `clan.services` to `clan.instances` - See https://docs.clan.lol/TODO for updated usage. - ''; - } - ]; + imports = [ ./roles/default.nix ]; } diff --git a/clanModules/admin/roles/default.nix b/clanModules/admin/roles/default.nix new file mode 100644 index 000000000..cc236459b --- /dev/null +++ b/clanModules/admin/roles/default.nix @@ -0,0 +1,31 @@ +{ lib, config, ... }: +{ + + options.clan.admin = { + allowedKeys = lib.mkOption { + default = { }; + type = lib.types.attrsOf lib.types.str; + description = "The allowed public keys for ssh access to the admin user"; + example = { + "key_1" = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQD..."; + }; + }; + }; + # Bad practice. + # Should we add 'clanModules' to specialArgs? + imports = [ + ../../sshd + ../../root-password + ]; + config = { + + warnings = [ + '' + The admin module has been migrated from `clan.services` to `clan.instances` + See https://docs.clan.lol/manual/distributed-services for usage. + '' + ]; + + users.users.root.openssh.authorizedKeys.keys = builtins.attrValues config.clan.admin.allowedKeys; + }; +} diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index 8407c4977..7512e3578 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -90,7 +90,7 @@ nav: - reference/clanModules/index.md - reference/clanModules/frontmatter/index.md # TODO: display the docs of the clan.service modules - # - reference/clanServices/admin.md + - reference/clanModules/admin.md # This is the module overview and should stay at the top - reference/clanModules/borgbackup-static.md - reference/clanModules/data-mesher.md