diff --git a/clanModules/admin/README.md b/clanModules/admin/README.md new file mode 100644 index 000000000..e9cfbb04f --- /dev/null +++ b/clanModules/admin/README.md @@ -0,0 +1,4 @@ +--- +description = "Convenient Administration for the Clan App" +categories = ["administration"] +--- diff --git a/clanModules/admin/default.nix b/clanModules/admin/default.nix new file mode 100644 index 000000000..cfe59e11c --- /dev/null +++ b/clanModules/admin/default.nix @@ -0,0 +1,17 @@ +{ lib, config, ... }: +{ + options.clan.admin = { + allowedKeys = lib.mkOption { + default = [ ]; + type = lib.types.listOf lib.types.str; + description = "The allowed public keys for ssh access to the admin user"; + }; + }; + imports = [ + ../sshd + ../root-password + ]; + config = { + users.users.root.openssh.authorizedKeys.keys = config.clan.admin.allowedKeys; + }; +} diff --git a/clanModules/admin/roles/default.nix b/clanModules/admin/roles/default.nix new file mode 100644 index 000000000..ffcd4415b --- /dev/null +++ b/clanModules/admin/roles/default.nix @@ -0,0 +1 @@ +{ } diff --git a/clanModules/flake-module.nix b/clanModules/flake-module.nix index fb5f63f85..648e91b47 100644 --- a/clanModules/flake-module.nix +++ b/clanModules/flake-module.nix @@ -1,6 +1,7 @@ { ... }: { flake.clanModules = { + admin = ./admin; borgbackup = ./borgbackup; borgbackup-static = ./borgbackup-static; deltachat = ./deltachat; diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index 4050bee54..eaee14bac 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -55,6 +55,7 @@ nav: - Reference: - reference/index.md - Clan Modules: + - reference/clanModules/admin.md - reference/clanModules/borgbackup-static.md - reference/clanModules/borgbackup.md - reference/clanModules/deltachat.md diff --git a/pkgs/clan-cli/clan_cli/inventory/classes.py b/pkgs/clan-cli/clan_cli/inventory/classes.py index 60c9107b9..7501a3e74 100644 --- a/pkgs/clan-cli/clan_cli/inventory/classes.py +++ b/pkgs/clan-cli/clan_cli/inventory/classes.py @@ -30,6 +30,45 @@ class Meta: icon: None | str = field(default = None) +@dataclass +class AdminConfig: + allowedKeys: list[str] = field(default_factory = list) + + +@dataclass +class ServiceAdminMachine: + config: AdminConfig = field(default_factory = AdminConfig) + imports: list[str] = field(default_factory = list) + + +@dataclass +class ServiceMeta: + name: str + description: None | str = field(default = None) + icon: None | str = field(default = None) + + +@dataclass +class ServiceAdminRoleDefault: + config: AdminConfig = field(default_factory = AdminConfig) + imports: list[str] = field(default_factory = list) + machines: list[str] = field(default_factory = list) + tags: list[str] = field(default_factory = list) + + +@dataclass +class ServiceAdminRole: + default: ServiceAdminRoleDefault + + +@dataclass +class ServiceAdmin: + meta: ServiceMeta + roles: ServiceAdminRole + config: AdminConfig = field(default_factory = AdminConfig) + machines: dict[str, ServiceAdminMachine] = field(default_factory = dict) + + @dataclass class BorgbackupConfigDestination: name: str @@ -48,13 +87,6 @@ class ServiceBorgbackupMachine: imports: list[str] = field(default_factory = list) -@dataclass -class ServiceMeta: - name: str - description: None | str = field(default = None) - icon: None | str = field(default = None) - - @dataclass class ServiceBorgbackupRoleClient: config: BorgbackupConfig = field(default_factory = BorgbackupConfig) @@ -151,6 +183,7 @@ class ServiceSingleDisk: @dataclass class Service: + admin: dict[str, ServiceAdmin] = field(default_factory = dict) borgbackup: dict[str, ServiceBorgbackup] = field(default_factory = dict) packages: dict[str, ServicePackage] = field(default_factory = dict) single_disk: dict[str, ServiceSingleDisk] = field(default_factory = dict, metadata = {"alias": "single-disk"})