Compare commits
2 Commits
check
...
push-unvrq
| Author | SHA1 | Date | |
|---|---|---|---|
|
2ef7864c9f | ||
|
|
9c426dad76 |
@@ -32,17 +32,15 @@
|
||||
};
|
||||
perInstance =
|
||||
{
|
||||
roles,
|
||||
lib,
|
||||
instanceName,
|
||||
settings,
|
||||
machine,
|
||||
...
|
||||
}:
|
||||
{
|
||||
exports.networking = {
|
||||
# TODO add user space network support to clan-cli
|
||||
peers = lib.mapAttrs (_name: machine: {
|
||||
host.plain = machine.settings.host;
|
||||
SSHOptions = map (_x: "-J x") machine.settings.jumphosts;
|
||||
}) roles.default.machines;
|
||||
|
||||
exports."internet/${instanceName}/default/${machine.name}".networking = {
|
||||
hosts = [ settings.host ];
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
1
clanServices/ssl/README.md
Normal file
1
clanServices/ssl/README.md
Normal file
@@ -0,0 +1 @@
|
||||
This a test README just to appease the eval warnings if we don't have one
|
||||
111
clanServices/ssl/default.nix
Normal file
111
clanServices/ssl/default.nix
Normal file
@@ -0,0 +1,111 @@
|
||||
/*
|
||||
Set up a CA chain for the clan. There will be one root CA for each instance
|
||||
of the ssl service, then each host has its own host CA that is signed by the
|
||||
instance-wide root CA.
|
||||
|
||||
Trusting the root CA, will result in also trusting the individual host CAs,
|
||||
as they are signed by it.
|
||||
|
||||
Hosts can then use their respective host CAs to expose SSL secured services.
|
||||
*/
|
||||
{
|
||||
exports,
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
{
|
||||
_class = "clan.service";
|
||||
manifest.name = "clan-core/ssl";
|
||||
manifest.description = "Set up a CA infrastucture for your clan";
|
||||
manifest.readme = builtins.readFile ./README.md;
|
||||
|
||||
# Generate a root CA for each instances of the ssl module.
|
||||
exports = lib.mapAttrs' (instanceName: _: {
|
||||
"ssl/${instanceName}///".vars.generators.ssl-root-ca =
|
||||
{ config, ... }:
|
||||
{
|
||||
|
||||
files.key = { };
|
||||
files.cert.secret = false;
|
||||
|
||||
runtimeInputs = [
|
||||
config.pkgs.pkgs.openssl
|
||||
];
|
||||
|
||||
script = ''
|
||||
# Generate CA private key (4096-bit RSA)
|
||||
openssl genrsa -out "$out/key" 4096
|
||||
|
||||
# Generate self-signed CA certificate (valid for 10 years)
|
||||
openssl req -new -x509 \
|
||||
-key "$out/key" \
|
||||
-out "$out/cert" \
|
||||
-days 3650 \
|
||||
-subj "/C=US/ST=State/L=City/O=Organization/OU=IT/CN=Root CA" \
|
||||
-sha256
|
||||
'';
|
||||
};
|
||||
}) config.instances;
|
||||
|
||||
roles.default = {
|
||||
description = "Generate a host CA, signed by the root CA and trust the root CA";
|
||||
perInstance =
|
||||
{
|
||||
instanceName,
|
||||
machine,
|
||||
...
|
||||
}:
|
||||
{
|
||||
# Generate a host CA, which depends on (is signed by) the root CA
|
||||
exports = {
|
||||
"ssl/${instanceName}/default/${machine.name}/".vars.generators.ssl-host-ca =
|
||||
{ config, ... }:
|
||||
{
|
||||
|
||||
dependencies = {
|
||||
ssl-root-ca = exports."ssl/${instanceName}///".vars.generators.ssl-root-ca;
|
||||
};
|
||||
|
||||
files.key = { };
|
||||
files.cert.secret = false;
|
||||
|
||||
runtimeInputs = [
|
||||
config.pkgs.pkgs.openssl
|
||||
];
|
||||
|
||||
script = ''
|
||||
# Generate intermediate CA private key (4096-bit RSA)
|
||||
openssl genrsa -out "$out/key" 4096
|
||||
|
||||
# Generate Certificate Signing Request (CSR) for intermediate CA
|
||||
openssl req -new \
|
||||
-key "$out/key" \
|
||||
-out "$out/csr" \
|
||||
-subj "/C=US/ST=State/L=City/O=Organization/OU=IT/CN=Host CA"
|
||||
|
||||
# Sign the CSR with the root CA to create the intermediate certificate
|
||||
openssl x509 -req \
|
||||
-in "$out/csr" \
|
||||
-CA "$dependencies/ssl-root-ca/cert" \
|
||||
-CAkey "$dependencies/ssl-root-ca/key" \
|
||||
-CAcreateserial \
|
||||
-out "$out/cert" \
|
||||
-days 3650 \
|
||||
-sha256 \
|
||||
-extfile <(printf "basicConstraints=CA:TRUE\nkeyUsage=keyCertSign,cRLSign")
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
||||
nixosModule =
|
||||
{ ... }:
|
||||
{
|
||||
# We trust the (public) root CA certificate on all machines with this role
|
||||
security.pki.certificateFiles = [
|
||||
exports."ssl/${instanceName}///".vars.generators.ssl-root-ca.files.cert.path
|
||||
];
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
47
clanServices/ssl/flake-module.nix
Normal file
47
clanServices/ssl/flake-module.nix
Normal file
@@ -0,0 +1,47 @@
|
||||
{
|
||||
self,
|
||||
inputs,
|
||||
lib,
|
||||
...
|
||||
}:
|
||||
let
|
||||
module = ./default.nix;
|
||||
in
|
||||
{
|
||||
clan.modules = {
|
||||
ssl = module;
|
||||
};
|
||||
perSystem =
|
||||
{ ... }:
|
||||
let
|
||||
# Module that contains the tests
|
||||
# This module adds:
|
||||
# - legacyPackages.<system>.eval-tests-ssl
|
||||
# - checks.<system>.eval-tests-ssl
|
||||
# unit-test-module = (
|
||||
# self.clanLib.test.flakeModules.makeEvalChecks {
|
||||
# inherit module;
|
||||
# inherit inputs;
|
||||
# fileset = lib.fileset.unions [
|
||||
# # The ssl service being tested
|
||||
# ../../clanServices/ssl
|
||||
# # Required modules
|
||||
# ../../nixosModules/clanCore
|
||||
# ];
|
||||
# testName = "ssl";
|
||||
# tests = ./tests/eval-tests.nix;
|
||||
# # Optional arguments passed to the test
|
||||
# testArgs = { };
|
||||
# }
|
||||
# );
|
||||
in
|
||||
{
|
||||
# imports = [ unit-test-module ];
|
||||
|
||||
clan.nixosTests.ssl = {
|
||||
imports = [ ./tests/vm/default.nix ];
|
||||
|
||||
clan.modules.ssl = module;
|
||||
};
|
||||
};
|
||||
}
|
||||
23
clanServices/ssl/tests/vm/default.nix
Normal file
23
clanServices/ssl/tests/vm/default.nix
Normal file
@@ -0,0 +1,23 @@
|
||||
{
|
||||
name = "ssl";
|
||||
|
||||
clan = {
|
||||
directory = ./.;
|
||||
inventory = {
|
||||
machines.peer1 = { };
|
||||
machines.peer2 = { };
|
||||
|
||||
instances."test" = {
|
||||
module.name = "ssl";
|
||||
module.input = "self";
|
||||
roles.default.machines.peer1 = { };
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
testScript =
|
||||
{ ... }:
|
||||
''
|
||||
start_all()
|
||||
'';
|
||||
}
|
||||
@@ -74,13 +74,20 @@
|
||||
|
||||
# TODO make it nicer @lassulus, @picnoir wants microlens
|
||||
# Get a list of all exported IPs from all VPN modules
|
||||
exportedPeerIPs = builtins.foldl' (
|
||||
acc: e:
|
||||
if e == { } then
|
||||
acc
|
||||
else
|
||||
acc ++ (lib.flatten (builtins.filter (s: s != "") (lib.attrValues (select' "peers.*.plain" e))))
|
||||
) [ ] (lib.attrValues (select' "instances.*.networking.?peers.*.host.?plain" exports));
|
||||
# exportedPeerIPs = builtins.foldl' (
|
||||
# acc: e:
|
||||
# if e == { } then
|
||||
# acc
|
||||
# else
|
||||
# acc ++ (lib.flatten (builtins.filter (s: s != "") (lib.attrValues (select' "peers.*.plain" e))))
|
||||
# ) [ ] (lib.attrValues (select' "*.networking.?peers.*.host.?plain" exports));
|
||||
|
||||
# exports."internet/${instanceName}/default/${machine.name}".networking = {
|
||||
# hosts = [ settings.host ];
|
||||
# };
|
||||
|
||||
# exportedPeerIPs = (select' "*".networking.hosts exports);
|
||||
exportedPeerIPs = lib.flatten (builtins.attrValues (select' "*.networking.hosts" exports));
|
||||
|
||||
# Construct a list of peers in yggdrasil format
|
||||
exportedPeers = lib.flatten (map mkPeers exportedPeerIPs);
|
||||
|
||||
@@ -21,9 +21,16 @@
|
||||
# Peers are set form exports of the internet service
|
||||
instances."internet" = {
|
||||
module.name = "internet";
|
||||
roles.default.machines.peer1.settings.host = "peer1";
|
||||
roles.default.machines.peer2.settings.host = "peer2";
|
||||
roles.default.machines.peer1.settings.host = "peer1-internet";
|
||||
roles.default.machines.peer2.settings.host = "peer2-internet";
|
||||
};
|
||||
|
||||
instances."zerotier" = {
|
||||
module.name = "zerotier";
|
||||
roles.controller.machines.peer1 = { };
|
||||
roles.peer.machines.peer2 = { };
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
|
||||
|
||||
@@ -0,0 +1 @@
|
||||
../../../../../../sops/machines/peer1
|
||||
@@ -0,0 +1,18 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:ZkirPKTvLpV3+aMklbRIkafGCMISIRrqgFu8B0A1nQEdeqRR0bexoRuzLopuj95mqPKYHWT9ArF8zDqVW9t4UgazTgprK/coFlKk/2wO8dO2JmVcFlGZou2Hz6JVvt8xuELU350lpF+o4k1xmAqswqaRQyqgAIvVDnym/jZPj9hBZpSXr/IcUnH4cXcNv51Xt82Zvo132RoaU1warlNk1p3dr1DRHU56KtEwhkj9YxoIcS4K4BaEl9L87REXnFEBu5p8FeO1f3bp/ZFOxL7bYKROFHYhK4mIlSTVmYJg4a1CP0M7v842xm83C37Y6xgN8SltC/ld9TuxBNVhfzmHHotpBXvAbwxkCJE6ChJI,iv:M4jqMRvbjODcWGjJUMc3ys4Tra0KBwVXOVMoeXcAXuQ=,tag:irDJqWEeXlIXOv/DMZWlGQ==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age1p8trv2dmpanl3gnzj294c4t5uysu7d6rfjncp5lmn6redyda8fns6p7kca",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwVGJGWlZOb05QL3AzSzFM\nUG4vV3RFK2RjVEhVd2QzQ3pTMUl0UmFLaURnCkRORDBuK0xUM1pYSFRFZXlpK1Na\nUHp6b3pWeEl0SkF2ZERaa3gyczh0RlkKLS0tIHFoanBkS1Jhc3ovQlJFV0lCQVpY\nUEUrcmZlbkhQa0lac3pqenBXWkpDZTgKNQ6Lu4L6zHKTN4pe2T3eg7lvTeZQ2/mf\nD33YfN15W/yuOb+LzVTwSj6wPgQuSaVRlgbCm/t1adzTnUZmruWxuA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1YVMrSEkybzJpdXVHQWtP\nMzQ2QXZmQXJNL05ORDRobWZmQmdrTWtiVDJZCk9Wckg4eVJiU21BcFQ4MDhjTzlw\nVnh6b25NM3ZSNXRIQUEwd0RaSjg1MW8KLS0tICtqVWxpN09CSC9kcUdvRmw1RmRh\nOHlWQXEwYWFPY2VsM0Q0RzJyL2FWNUUK3f7t64UBdGtzxo0upCugNvA2vKUXL6gb\n0CJq4MG1s+lgFpvenRlozsaG3I8IxPHkFWuTA6OuUCCwaJqb0eT4ZA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-10-31T14:34:48Z",
|
||||
"mac": "ENC[AES256_GCM,data:+mMvTo1+4f9rQm1U6td5Sx7NYeuKJQeXcTpFOooAV8wt75XX2VhX059/S3krFJ8vIsMUqQ0PqPLipCNTaTi8cxkqHfsVQEGCcALGtisk5bnHWgipnFoaO6Ao9TKkmFBcQo9za9+Z40stNIzThOHWaZonvp9KWIVj92CFic62UT8=,iv:HhVf1rhN6Ocp6Bif1oXQScJUe4ndFw3Rv/obVYDx5aA=,tag:9M5iMVcj3ore3DQtwdJuMQ==,type:str]",
|
||||
"version": "3.11.0"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
../../../../../../sops/users/admin
|
||||
@@ -0,0 +1 @@
|
||||
fd06:8020:2351:b57:2899:9306:8020:2351
|
||||
@@ -0,0 +1 @@
|
||||
06802023510b5728
|
||||
@@ -0,0 +1 @@
|
||||
../../../../../../sops/machines/peer2
|
||||
@@ -0,0 +1,18 @@
|
||||
{
|
||||
"data": "ENC[AES256_GCM,data:gzHNCz/yRXD9sXRvqpGC18ZUF1JLvpBO44klfRjl6WzCPHLrC9Mp6cGFa+U3CZL2i/0JGKOtQGH+82Ra6oAkOiWEcSRN/xmAmcZaoVPTnvZ2tF7vvlRfR5hq+p/ZQw4+Y4V1TIuYj2dLNrVIIGYmWSabqI0mgVTTjyRsDJSB4YgqGTYismvZ9QXICSDxwROIrC2xl0Xx+MYWhxR1PVJ3B1HbJ8KEQCuBVq46Wki/INe0bD+ODlxCv9GCGPgaNjMwACOwQXo5WGP9zSDq2HEkTeg5YUmX1o1G6LwkG2fY/Hr5XMiLGU6G0remP/WbCOoLRXdB/Luevg/rTlQ/dNDawPARsbZZSjLmk/BHUOUJ,iv:zPeIyZi2ckbEcbX4FFhyN3ryWf4eoRu4XIafeAje28E=,tag:8/Vn0m+/wMGY706fYX55Vg==,type:str]",
|
||||
"sops": {
|
||||
"age": [
|
||||
{
|
||||
"recipient": "age107mprppm3r9u7f26e6t5mhtdny0h5ugfmfjy8kac2tw9nrh9a3ksex0xca",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDYlU4cG1KYXZodFJYYXNo\ndjhNbUFzNEhySzI2NmduR0EwOUhENFRZN3o4CmtSNG5ObkM2bDJXaXk1QlFVWURK\nV1lRa1VVV0hNZlh0eVJpVHFqU3FXMzgKLS0tIFhtUjZnZVdMczNFVUMrL2Q0b1Rz\nRFlzTUFXVWZwM2gwRW1LTzd0a2lhQTAKHyakwS8kB4Gg4Vjs3PJsbF3VHzJjAbOR\nR+y6op3zPjQpr5QfsRn4MoES/ViGDPZWLYxXUSMctGVDxIfgdZxP9A==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
},
|
||||
{
|
||||
"recipient": "age1qm0p4vf9jvcnn43s6l4prk8zn6cx0ep9gzvevxecv729xz540v8qa742eg",
|
||||
"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1dHBaY015Q2J2NlRyRGEy\nRGtRcm1YckhYSm5mbU5GaGFaTjhRa1UraWpRCnFWSDBSYURFS21QYUYxVXdKdGVi\nY1hiN3c3eTlJUWo2dXZXUk9TN3g3ZVkKLS0tIGJneUlaMU1KeVVBcXN5L3FIMjNP\nYkpWTVA3d2k1a3Y5Yk9kUUF3SFo2V2sKGLQYVmX8HnDqX5K/tdbfgYnpVmaTArIY\nuhw+CtrXmEHhksZqgGCcjEoCz7cDMzMA42kVdqh/OfFzJNxrRfJjPA==\n-----END AGE ENCRYPTED FILE-----\n"
|
||||
}
|
||||
],
|
||||
"lastmodified": "2025-10-31T14:59:28Z",
|
||||
"mac": "ENC[AES256_GCM,data:MWpzOKUYXkmw2DX6YsN5pPIF9Y6GZ4rPnwq3uaOnFm40SOXPN2/JXSL7E9bGgaBeboUbChNwiGmBBRQX+7d2Te/NoItJAPw4YJTtquA+Rb7+sgPUoL6kYP7YZfjw1Z2hi61YMYXZH0/q4tBx6SNukt7o/uRYLu2LjyO09251uO4=,iv:YVXr5u2xwVEOlG+xYguAO1ZsCXvMx6rhXBV24CkFPv8=,tag:AOK4Pi2YYx4w0je9gALDLw==,type:str]",
|
||||
"version": "3.11.0"
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1 @@
|
||||
../../../../../../sops/users/admin
|
||||
@@ -0,0 +1 @@
|
||||
fd06:8020:2351:b57:2899:9340:7f3b:e1b3
|
||||
@@ -1,5 +1,6 @@
|
||||
{
|
||||
clanLib,
|
||||
directory,
|
||||
...
|
||||
}:
|
||||
{
|
||||
@@ -16,21 +17,23 @@
|
||||
instanceName,
|
||||
roles,
|
||||
lib,
|
||||
machine,
|
||||
...
|
||||
}:
|
||||
{
|
||||
exports.networking = {
|
||||
priority = lib.mkDefault 900;
|
||||
# TODO add user space network support to clan-cli
|
||||
module = "clan_lib.network.zerotier";
|
||||
peers = lib.mapAttrs (name: _machine: {
|
||||
host.var = {
|
||||
machine = name;
|
||||
|
||||
exports."internet/${instanceName}/peer/${machine.name}".networking = {
|
||||
hosts = lib.flatten [
|
||||
(clanLib.vars.getPublicValue {
|
||||
flake = directory;
|
||||
machine = machine.name;
|
||||
generator = "zerotier";
|
||||
file = "zerotier-ip";
|
||||
};
|
||||
}) roles.peer.machines;
|
||||
# default = throw "kaputt";
|
||||
})
|
||||
];
|
||||
};
|
||||
|
||||
nixosModule =
|
||||
{
|
||||
config,
|
||||
|
||||
@@ -118,84 +118,86 @@ in
|
||||
visible = false;
|
||||
type = types.deferredModule;
|
||||
default = {
|
||||
options.networking = lib.mkOption {
|
||||
default = null;
|
||||
type = lib.types.nullOr (
|
||||
lib.types.submodule {
|
||||
options = {
|
||||
priority = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
default = 1000;
|
||||
description = ''
|
||||
priority with which this network should be tried.
|
||||
higher priority means it gets used earlier in the chain
|
||||
'';
|
||||
};
|
||||
module = lib.mkOption {
|
||||
# type = lib.types.enum [
|
||||
# "clan_lib.network.direct"
|
||||
# "clan_lib.network.tor"
|
||||
# ];
|
||||
type = lib.types.str;
|
||||
default = "clan_lib.network.direct";
|
||||
description = ''
|
||||
the technology this network uses to connect to the target
|
||||
This is used for userspace networking with socks proxies.
|
||||
'';
|
||||
};
|
||||
# should we call this machines? hosts?
|
||||
peers = lib.mkOption {
|
||||
# <name>
|
||||
type = lib.types.attrsOf (
|
||||
lib.types.submodule (
|
||||
{ name, ... }:
|
||||
{
|
||||
options = {
|
||||
name = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
default = name;
|
||||
};
|
||||
SSHOptions = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
default = [ ];
|
||||
};
|
||||
host = lib.mkOption {
|
||||
description = '''';
|
||||
type = lib.types.attrTag {
|
||||
plain = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
description = ''
|
||||
a plain value, which can be read directly from the config
|
||||
'';
|
||||
};
|
||||
var = lib.mkOption {
|
||||
type = lib.types.submodule {
|
||||
options = {
|
||||
machine = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
example = "jon";
|
||||
};
|
||||
generator = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
example = "tor-ssh";
|
||||
};
|
||||
file = lib.mkOption {
|
||||
type = lib.types.str;
|
||||
example = "hostname";
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
)
|
||||
);
|
||||
};
|
||||
};
|
||||
}
|
||||
);
|
||||
options.networking = {
|
||||
|
||||
priority = lib.mkOption {
|
||||
type = lib.types.int;
|
||||
default = 1000;
|
||||
description = ''
|
||||
priority with which this network should be tried.
|
||||
higher priority means it gets used earlier in the chain
|
||||
'';
|
||||
};
|
||||
module = lib.mkOption {
|
||||
# type = lib.types.enum [
|
||||
# "clan_lib.network.direct"
|
||||
# "clan_lib.network.tor"
|
||||
# ];
|
||||
type = lib.types.str;
|
||||
default = "clan_lib.network.direct";
|
||||
description = ''
|
||||
the technology this network uses to connect to the target
|
||||
This is used for userspace networking with socks proxies.
|
||||
'';
|
||||
};
|
||||
# should we call this machines? hosts?
|
||||
|
||||
hosts = lib.mkOption {
|
||||
type = lib.types.listOf lib.types.str;
|
||||
default = [ ];
|
||||
};
|
||||
|
||||
# peers = lib.mkOption {
|
||||
#
|
||||
# # <name>
|
||||
# type = lib.types.attrsOf (
|
||||
# lib.types.submodule (
|
||||
# { name, ... }:
|
||||
# {
|
||||
# options = {
|
||||
# name = lib.mkOption {
|
||||
# type = lib.types.str;
|
||||
# default = name;
|
||||
# };
|
||||
# SSHOptions = lib.mkOption {
|
||||
# type = lib.types.listOf lib.types.str;
|
||||
# default = [ ];
|
||||
# };
|
||||
#
|
||||
# host = lib.mkOption {
|
||||
# description = '''';
|
||||
# type = lib.types.attrTag {
|
||||
# plain = lib.mkOption {
|
||||
# type = lib.types.str;
|
||||
# description = ''
|
||||
# a plain value, which can be read directly from the config
|
||||
# '';
|
||||
# };
|
||||
# var = lib.mkOption {
|
||||
# type = lib.types.submodule {
|
||||
# options = {
|
||||
# machine = lib.mkOption {
|
||||
# type = lib.types.str;
|
||||
# example = "jon";
|
||||
# };
|
||||
# generator = lib.mkOption {
|
||||
# type = lib.types.str;
|
||||
# example = "tor-ssh";
|
||||
# };
|
||||
# file = lib.mkOption {
|
||||
# type = lib.types.str;
|
||||
# example = "hostname";
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
# }
|
||||
# )
|
||||
# );
|
||||
# };
|
||||
};
|
||||
};
|
||||
description = ''
|
||||
|
||||
Reference in New Issue
Block a user