Merge pull request flyingcircusio#713 from PhilTaken/flake

Flake-Info patches

Author: dpausp

doc/src/mailserver.md

@@ -257,7 +257,7 @@ HELO name
 
 Frontend IP addresses
 
-: Public IPv4 and/or IPv6 adresses. **A** and **AAAA** queries of the HELO name
+: Public IPv4 and/or IPv6 addresses. **A** and **AAAA** queries of the HELO name
   must resolve to the frontend IP addresses. Each address must have a **PTR**
   record which must resolve exactly to the HELO name.
 

flake.lock

@@ -0,0 +1,86 @@
+{
+  outputs = { self, ...}: let
+    versions = builtins.fromJSON (builtins.readFile ./versions.json);
+    nixpkgs = let
+      inherit (versions.nixpkgs) owner repo rev;
+    in builtins.getFlake "github:${owner}/${repo}/${rev}";
+
+    inherit (nixpkgs) lib;
+    nixpkgsConfig = import ./nixpkgs-config.nix;
+
+    pkgsFor = system: import nixpkgs {
+      inherit system;
+      overlays = [ self.overlays.default ];
+      config = {
+        inherit (nixpkgsConfig) permittedInsecurePackages;
+      };
+    };
+
+    forAllSystems = lib.genAttrs lib.systems.flakeExposed;
+  in {
+    overlays.default = import ./pkgs/overlay.nix;
+    nixosModules.default = import ./nixos/default.nix;
+
+    legacyPackages = forAllSystems (system: import ./. {
+      inherit nixpkgs system;
+      overlays = [ self.overlays.default ];
+      config = {
+        inherit (nixpkgsConfig) permittedInsecurePackages;
+      };
+    });
+
+    packages = forAllSystems (system: let
+      pkgs = pkgsFor system;
+    in {
+      options = let
+        testConfigFor = system: let
+          pkgs = pkgsFor system;
+          versions = import ./versions.nix { inherit pkgs; };
+          testlib = import ./tests/testlib.nix { inherit  (pkgs) lib; };
+        in lib.nixosSystem {
+          inherit pkgs system;
+          specialArgs.nixos-mailserver = versions.nixos-mailserver;
+
+          modules = [
+            {
+              options.virtualisation.vlans = lib.mkOption {
+                type = lib.types.anything;
+                default = [];
+              };
+
+              config.networking.domain = "test.fcio.net";
+
+              imports = [
+                (testlib.fcConfig {
+                  id = 1;
+                  net.fe = true;
+                  extraEncParameters.environment_url = "test.fcio.net";
+                })
+              ];
+            }
+          ];
+        };
+
+        rawOpts = lib.optionAttrSetToDocList (testConfigFor system).options;
+
+        substSpecial = x:
+          if lib.isDerivation x then { _type = "derivation"; name = x.name; }
+          else if builtins.isAttrs x then lib.mapAttrs (name: substSpecial) x
+          else if builtins.isList x then map substSpecial x
+          else if lib.isFunction x then "<function>"
+          else x;
+
+        filteredOpts = lib.filter (opt: opt.visible && !opt.internal) rawOpts;
+        optionsList = lib.flip map filteredOpts
+          (opt: opt
+            // lib.optionalAttrs (opt ? example) { example = substSpecial opt.example; }
+            // lib.optionalAttrs (opt ? default) { default = substSpecial opt.default; }
+            // lib.optionalAttrs (opt ? type) { type = substSpecial opt.type; }
+          );
+
+        optionsNix = builtins.listToAttrs (map (o: { name = o.name; value = removeAttrs o ["name" "visible" "internal"]; }) optionsList);
+        finalOptions = lib.mapAttrsToList (name: option: option // { inherit name; }) optionsNix;
+      in pkgs.writeText "options.json" (builtins.unsafeDiscardStringContext (builtins.toJSON finalOptions));
+    });
+  };
+}

flake.nix

@@ -13,7 +13,7 @@ in
       type = types.package;
       default = pkgs.auditbeat7-oss;
       defaultText = "pkgs.auditbeat7-oss";
-      example = literalExample "pkgs.auditbeat7";
+      example = literalExpression "pkgs.auditbeat7";
       description = ''
         The auditbeat package to use.
       '';

nixos/platform/auditbeat.nix

@@ -82,6 +82,7 @@ in {
     };
 
     flyingcircus.enc_services_path = mkOption {
+      defaultText = "/etc/nixos/services.json";
       default = /etc/nixos/services.json;
       type = path;
       description = "Where to find the ENC services json file.";
@@ -168,7 +169,7 @@ in {
       '';
       type = types.path;
       default = "/etc/local";
-      example = ./test_cfg;
+      example = "./test_cfg";
     };
 
     flyingcircus.platform = {

nixos/platform/default.nix

@@ -35,6 +35,7 @@ with lib;
     };
 
     encAddressesPath = mkOption {
+      defaultText = "/etc/nixos/addresses_srv.json";
       default = /etc/nixos/addresses_srv.json;
       type = path;
       description = "Where to find the address list json file.";
@@ -46,6 +47,7 @@ with lib;
     };
 
     encServicesPath = mkOption {
+      defaultText = "/etc/nixos/services.json";
       default = /etc/nixos/services.json;
       type = path;
       description = "Where to find the ENC services json file.";
@@ -59,6 +61,7 @@ with lib;
     };
 
     encServiceClientsPath = mkOption {
+      defaultText = "/etc/nixos/service_clients.json";
       default = /etc/nixos/service_clients.json;
       type = path;
       description = "Where to find the ENC service clients json file.";
@@ -71,6 +74,7 @@ with lib;
       description = "Where to find the releases json file.";
     };
     systemStatePath = mkOption {
+      defaultText = "/etc/nixos/system_state.json";
       default = /etc/nixos/system_state.json;
       type = path;
       description = "Where to find the system state json file.";

nixos/platform/enc.nix

@@ -118,7 +118,7 @@ in
         type = types.package;
         default = pkgs.filebeat7-oss;
         defaultText = "pkgs.filebeat7-oss";
-        example = literalExample "pkgs.filebeat7";
+        example = literalExpression "pkgs.filebeat7";
         description = ''
           The filebeat package to use.
         '';

nixos/platform/filebeat.nix

@@ -125,7 +125,7 @@ in
           type = types.package;
           default = pkgs.filebeat7-oss;
           defaultText = "pkgs.filebeat7-oss";
-          example = literalExample "pkgs.filebeat7";
+          example = literalExpression "pkgs.filebeat7";
           description = ''
             The filebeat package to use.
           '';

nixos/platform/journalbeat.nix

@@ -21,6 +21,7 @@ with lib;
       };
 
       ceph.fsids = {
+        "testloc"."testrg" = "7d3bdc42-1d8e-4fcd-952d-e968d4f0cde4";
         # These are needed once per cluster.
         # Generate a new one via: `uuidgen -t` and record
         # it here with the ${location}.${resourcegroup} key

nixos/platform/static.nix

@@ -126,6 +126,7 @@ in
     };
 
     userDataPath = lib.mkOption {
+      defaultText = "/etc/nixos/users.json";
       default = /etc/nixos/users.json;
       type = path;
       description = "Where to find the user json file.";
@@ -137,6 +138,7 @@ in
     };
 
     permissionsPath = lib.mkOption {
+      defaultText = "/etc/nixos/permissions.json";
       default = /etc/nixos/permissions.json;
       type = path;
       description = ''

nixos/platform/users.nix

@@ -16,6 +16,7 @@ in
 
       listenAddresses = lib.mkOption {
         type = lib.types.listOf lib.types.str;
+        defaultText = "addresses of the interfaces `lo` and `srv`";
         default = fclib.network.lo.dualstack.addresses ++
                   fclib.network.srv.dualstack.addresses;
       };

nixos/roles/antivirus.nix

@@ -50,7 +50,20 @@ in
       config = mkOption {
         description = "Platform-configured options";
         type = types.attrs;
-        default =  {
+        defaultText = {
+          hostname = "\${cfg.hostName}";
+          alt-listening-port = 3479;
+          alt-tls-listening-port = 5350;
+          listening-ips = "the addresses of networks `lo`, `srv` and `fe`";
+          listening-port = 3478;
+          lt-cred-mech = false;
+          no-cli = true;
+          realm = "\${cfg.hostName}";
+          tls-listening-port = 5349;
+          use-auth-secret = true;
+          extraConfig = [];
+        };
+        default = {
           hostname = cfg.hostName;
           alt-listening-port = 3479;
           alt-tls-listening-port = 5350;

nixos/roles/coturn.nix

@@ -34,7 +34,7 @@ in
   options = {
     flyingcircus.roles.external_net = {
 
-      enable = lib.mkEnableOption { };
+      enable = lib.mkEnableOption "fcio external_net role";
       supportsContainers = fclib.mkDisableContainerSupport;
 
       vxlan4 = lib.mkOption {
@@ -59,6 +59,7 @@ in
 
       frontendName = lib.mkOption {
         type = lib.types.str;
+        defaultText = "reverse name of the frontend's address";
         default = defaultFrontendName;
         description = ''
           DNS host name for the external network gateway. This is also the name

nixos/roles/external_net/default.nix

@@ -208,7 +208,7 @@ in
 {
   options = {
     flyingcircus.roles.openvpn = {
-      enable = lib.mkEnableOption { };
+      enable = lib.mkEnableOption "fcio openvpn role";
       supportsContainers = fclib.mkDisableContainerSupport;
 
       accessNets = lib.mkOption {

nixos/roles/external_net/openvpn.nix

@@ -106,7 +106,7 @@ in
 {
   options = with lib; {
     flyingcircus.roles.vxlan =  {
-      gateway = mkEnableOption { };
+      gateway = mkEnableOption "fcio vxlan gateway";
 
       supportsContainers = fclib.mkDisableContainerSupport;
 

nixos/roles/external_net/vxlan.nix

@@ -26,7 +26,7 @@ let
         then "${hostName}.fe.${params.location}.${domain}"
         else if domain != null then "${hostName}.${domain}" else hostName;
       description = ''
-        FQDN of the mail server's frontend address. IP adresses and
+        FQDN of the mail server's frontend address. IP addresses and
         forward/reverse DNS must match exactly.
       '';
       example = "mail.example.com";

nixos/roles/mailserver.nix

@@ -34,6 +34,7 @@ in
 
       listenAddresses = lib.mkOption {
         type = lib.types.listOf lib.types.str;
+        defaultText = "the addresses of the networks `lo` and `srv`";
         default = fclib.network.lo.dualstack.addresses ++
                   fclib.network.srv.dualstack.addresses;
       };

nixos/roles/memcached.nix

@@ -37,6 +37,7 @@ in
 
         listenAddresses = lib.mkOption {
           type = lib.types.listOf lib.types.str;
+          defaultText = "the addresses of the networks `lo` and `srv`";
           default = fclib.network.lo.dualstack.addresses ++
                     fclib.network.srv.dualstack.addresses;
         };

nixos/roles/mysql.nix

@@ -191,6 +191,7 @@ in
 
       prometheusListenAddress = mkOption {
         type = types.str;
+        defaultText = "\${head fclib.network.srv.dualstack.addressQuoted}:9090";
         default = "${head fclib.network.srv.dualstack.addressesQuoted}:9090";
         description = "Prometheus listen address";
       };

nixos/roles/statshost/default.nix

@@ -48,6 +48,7 @@ in
 
       listenAddresses = lib.mkOption {
         type = lib.types.listOf lib.types.str;
+        defaultText = "the addresses of the networks `srv` and `lo`";
         default = fclib.network.srv.dualstack.addressesQuoted ++
                   fclib.network.lo.dualstack.addressesQuoted;
       };

nixos/roles/webproxy.nix

@@ -21,6 +21,37 @@ in
     flyingcircus.services.ceph = {
       config = lib.mkOption {
         type = lib.types.lines;
+        defaultText = ''
+          [global]
+          pid file = /run/ceph/$type-$id.pid
+          admin socket = /run/ceph/$cluster-$name.asok
+
+          # Needs to correspond with daemon startup ulimit
+          max open files = 262144
+
+          osd pool default min size = 2
+          osd pool default size = 3
+
+          osd pool default pg num = 64
+          osd pool default pgp num = 64
+
+          setuser match path = /srv/ceph/$type/ceph-$id
+
+          debug filestore = 4
+          debug mon = 4
+          debug osd = 4
+          debug journal = 4
+          debug throttle = 4
+
+          mon compact on start = true     # Keep leveldb small
+          mon osd down out interval = 900  # Allow 15 min for reboots to happen without backfilling.
+          mon osd nearfull ratio = .9
+
+          mon data = /srv/ceph/mon/$cluster-$id
+          mon osd allow primary affinity = true
+          mon pg warn max per osd = 3000
+          mon pg warn max object skew = 20
+        '';
         default = ''
           [global]
           fsid = ${fs_id}

nixos/services/ceph/client.nix

@@ -298,7 +298,7 @@ in {
   };
   listen = mkOption {
     default = {};
-    example = literalExample ''{
+    example = literalExpression ''{
       http-in = {
         binds = [
           "127.0.0.1:8002"
@@ -325,7 +325,7 @@ in {
   };
   backend = mkOption {
     default = {};
-    example = literalExample ''{
+    example = literalExpression ''{
       be = {
         servers = [
           "localhost localhost:8080"

nixos/services/haproxy/config-options.nix

@@ -162,6 +162,7 @@ in
 
     configFile = mkOption {
       type = types.path;
+      defaultText = "jibri.conf";
       default = "${pkgs.writeText "jibri.conf" (toHOCON cfg.settings)}";
       description = ''
         Jibri main config file path.
@@ -171,6 +172,7 @@ in
 
     settings = mkOption {
       type = types.attrs;
+      defaultText = {};
       default = settings;
       description = "Settings used to generate the default config file";
     };

nixos/services/jitsi/jibri.nix

@@ -62,7 +62,7 @@ in
     config = mkOption {
       type = attrsOf str;
       default = { };
-      example = literalExample ''
+      example = literalExpression ''
         {
           "org.jitsi.jicofo.auth.URL" = "XMPP:jitsi-meet.example.com";
         }