From 7222254c22ded4c0c5c8a0c4268ea4e91ce1ac49 Mon Sep 17 00:00:00 2001
From: Pim Kunis <pim@kunis.nl>
Date: Fri, 29 Dec 2023 13:46:12 +0100
Subject: [PATCH] cleanup nixos modules a bit

---
 nixos/machines/default.nix           |  6 +--
 nixos/modules/backups.nix            |  6 +--
 nixos/modules/data-disk.nix          | 48 ++++++++----------
 nixos/modules/disko.nix              | 16 +++---
 nixos/modules/k3s/default.nix        | 22 ++++----
 nixos/modules/ssh-certificates.nix   | 76 +++++++++++++---------------
 nixos/modules/terraform-database.nix | 26 ++++------
 7 files changed, 90 insertions(+), 110 deletions(-)

diff --git a/nixos/machines/default.nix b/nixos/machines/default.nix
index 8679aa1..934fe2e 100644
--- a/nixos/machines/default.nix
+++ b/nixos/machines/default.nix
@@ -3,7 +3,7 @@
     name = "jefke";
     hostName = "jefke.hyp";
 
-    nixosModule.custom = {
+    nixosModule.lab = {
       dataDisk.enable = true;
       terraformDatabase.enable = true;
       # k3s.enable = true;
@@ -21,7 +21,7 @@
     name = "atlas";
     hostName = "atlas.hyp";
 
-    nixosModule.custom = {
+    nixosModule.lab = {
       disko.osDiskDevice = "/dev/nvme0n1";
 
       ssh = {
@@ -36,7 +36,7 @@
     name = "lewis";
     hostName = "lewis.hyp";
 
-    nixosModule.custom = {
+    nixosModule.lab = {
       disko.osDiskDevice = "/dev/sda";
       backups.enable = true;
 
diff --git a/nixos/modules/backups.nix b/nixos/modules/backups.nix
index 9ff21c8..331deaa 100644
--- a/nixos/modules/backups.nix
+++ b/nixos/modules/backups.nix
@@ -1,6 +1,6 @@
 { pkgs, lib, config, ... }:
 let
-  cfg = config.custom.backups;
+  cfg = config.lab.backups;
   snapshotFile = "/tmp/snapshot.qcow2";
   snapshotMount = "/tmp/snapshot";
   beforeEverything = pkgs.writeShellScriptBin "beforeEverything" ''
@@ -38,7 +38,7 @@ let
   };
 in
 {
-  options.custom.backups = {
+  options.lab.backups = {
     enable = lib.mkOption {
       default = false;
       type = lib.types.bool;
@@ -48,7 +48,7 @@ in
     };
 
     repoLocation = lib.mkOption {
-      default = "${config.custom.dataDisk.mountPoint}/backups/thecloud-data.borg";
+      default = "${config.lab.dataDisk.mountPoint}/backups/thecloud-data.borg";
       type = lib.types.str;
       description = ''
         Location of the Borg repository to back up to.
diff --git a/nixos/modules/data-disk.nix b/nixos/modules/data-disk.nix
index 99fa46d..e4bb6d3 100644
--- a/nixos/modules/data-disk.nix
+++ b/nixos/modules/data-disk.nix
@@ -1,33 +1,29 @@
 { lib, config, ... }:
-let cfg = config.custom.dataDisk;
+let cfg = config.lab.dataDisk;
 in {
-  options = {
-    custom = {
-      dataDisk = {
-        enable = lib.mkOption {
-          default = false;
-          type = lib.types.bool;
-          description = ''
-            Whether to automatically mount a disk to be used as a data disk.
-          '';
-        };
+  options.lab.dataDisk = {
+    enable = lib.mkOption {
+      default = false;
+      type = lib.types.bool;
+      description = ''
+        Whether to automatically mount a disk to be used as a data disk.
+      '';
+    };
 
-        mountPoint = lib.mkOption {
-          default = "/mnt/data";
-          type = lib.types.str;
-          description = ''
-            Mount point of the data disk (if enabled).
-          '';
-        };
+    mountPoint = lib.mkOption {
+      default = "/mnt/data";
+      type = lib.types.str;
+      description = ''
+        Mount point of the data disk (if enabled).
+      '';
+    };
 
-        devicePath = lib.mkOption {
-          default = "/dev/sda1";
-          type = lib.types.str;
-          description = ''
-            Path of the device to be used as a data disk.
-          '';
-        };
-      };
+    devicePath = lib.mkOption {
+      default = "/dev/sda1";
+      type = lib.types.str;
+      description = ''
+        Path of the device to be used as a data disk.
+      '';
     };
   };
 
diff --git a/nixos/modules/disko.nix b/nixos/modules/disko.nix
index 4e609c9..58f5cc6 100644
--- a/nixos/modules/disko.nix
+++ b/nixos/modules/disko.nix
@@ -1,15 +1,11 @@
 { lib, config, ... }:
-let cfg = config.custom.disko;
+let cfg = config.lab.disko;
 in {
-  options = {
-    custom = {
-      disko.osDiskDevice = lib.mkOption {
-        type = lib.types.str;
-        description = ''
-          The disk device to be used for the operating system.
-        '';
-      };
-    };
+  options.lab.disko.osDiskDevice = lib.mkOption {
+    type = lib.types.str;
+    description = ''
+      The disk device to be used for the operating system.
+    '';
   };
 
   # TODO: rename this to 'osDisk'. Unfortunately, we would need to run nixos-anywhere again then
diff --git a/nixos/modules/k3s/default.nix b/nixos/modules/k3s/default.nix
index 1f0ee0c..4dbafd9 100644
--- a/nixos/modules/k3s/default.nix
+++ b/nixos/modules/k3s/default.nix
@@ -1,16 +1,12 @@
 { pkgs, lib, config, kubenix, ... }:
-let cfg = config.custom.k3s;
+let cfg = config.lab.k3s;
 in {
-  options = {
-    custom = {
-      k3s.enable = lib.mkOption {
-        default = false;
-        type = lib.types.bool;
-        description = ''
-          Whether to start k3s with custom configuration.
-        '';
-      };
-    };
+  options.lab.k3s.enable = lib.mkOption {
+    default = false;
+    type = lib.types.bool;
+    description = ''
+      Whether to start k3s with custom configuration.
+    '';
   };
 
   config = lib.mkIf cfg.enable {
@@ -20,7 +16,7 @@ in {
     services.k3s = {
       enable = true;
       role = "server";
-      extraFlags = "--tls-san ${config.networking.fqdn} --data-dir ${config.custom.dataDisk.mountPoint}/k3s";
+      extraFlags = "--tls-san ${config.networking.fqdn} --data-dir ${config.lab.dataDisk.mountPoint}/k3s";
     };
 
     system.activationScripts.k3s-bootstrap.text =
@@ -30,7 +26,7 @@ in {
         }).config.kubernetes.result;
       in
       ''
-        ln -sf ${k3sBootstrapFile} ${config.custom.dataDisk.mountPoint}/k3s/server/manifests/k3s-bootstrap.json
+        ln -sf ${k3sBootstrapFile} ${config.lab.dataDisk.mountPoint}/k3s/server/manifests/k3s-bootstrap.json
       '';
   };
 }
diff --git a/nixos/modules/ssh-certificates.nix b/nixos/modules/ssh-certificates.nix
index 79d28bf..a145f9d 100644
--- a/nixos/modules/ssh-certificates.nix
+++ b/nixos/modules/ssh-certificates.nix
@@ -1,53 +1,49 @@
 { lib, config, ... }:
 let
-  cfg = config.custom.ssh;
+  cfg = config.lab.ssh;
   hostCert = builtins.toFile "host_ed25519-cert.pub" cfg.hostCert;
   userCert = builtins.toFile "user_ed25519-cert.pub" cfg.userCert;
 in
 {
-  options = {
-    custom = {
-      ssh = {
-        useCertificates = lib.mkOption {
-          type = lib.types.bool;
-          default = false;
-          description = ''
-            Whether to use certificates at all.
-          '';
-        };
+  options.lab.ssh = {
+    useCertificates = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Whether to use certificates at all.
+      '';
+    };
 
-        hostCert = lib.mkOption {
-          type = lib.types.str;
-          description = ''
-            SSH host certificate
-          '';
-        };
+    hostCert = lib.mkOption {
+      type = lib.types.str;
+      description = ''
+        SSH host certificate
+      '';
+    };
 
-        userCert = lib.mkOption {
-          type = lib.types.str;
-          description = ''
-            SSH user certificate
-          '';
-        };
+    userCert = lib.mkOption {
+      type = lib.types.str;
+      description = ''
+        SSH user certificate
+      '';
+    };
 
-        hostKey = lib.mkOption {
-          default =
-            ../secrets/${config.networking.hostName}_host_ed25519.age;
-          type = lib.types.path;
-          description = ''
-            SSH host key
-          '';
-        };
+    hostKey = lib.mkOption {
+      default =
+        ../secrets/${config.networking.hostName}_host_ed25519.age;
+      type = lib.types.path;
+      description = ''
+        SSH host key
+      '';
+    };
 
-        userKey = lib.mkOption {
-          default =
-            ../secrets/${config.networking.hostName}_user_ed25519.age;
-          type = lib.types.path;
-          description = ''
-            SSH user key
-          '';
-        };
-      };
+    userKey = lib.mkOption {
+      default =
+        ../secrets/${config.networking.hostName}_user_ed25519.age;
+      type = lib.types.path;
+      description = ''
+        SSH user key
+      '';
     };
   };
 
diff --git a/nixos/modules/terraform-database.nix b/nixos/modules/terraform-database.nix
index fd0ab9b..7f3f685 100644
--- a/nixos/modules/terraform-database.nix
+++ b/nixos/modules/terraform-database.nix
@@ -1,27 +1,25 @@
 { pkgs, lib, config, ... }:
-let cfg = config.custom.terraformDatabase;
+let cfg = config.lab.terraformDatabase;
 in {
-  options = {
-    custom = {
-      terraformDatabase.enable = lib.mkOption {
-        default = false;
-        type = lib.types.bool;
-        description = ''
-          Whether to start a postgreSQL database for Terraform states
-        '';
-      };
-    };
+  options.lab.terraformDatabase.enable = lib.mkOption {
+    default = false;
+    type = lib.types.bool;
+    description = ''
+      Whether to start a postgreSQL database for Terraform states
+    '';
   };
 
   config = lib.mkIf cfg.enable {
+    networking.firewall.allowedTCPPorts = [ 5432 ];
+
     services.postgresql = {
       enable = true;
       ensureDatabases = [ "terraformstates" ];
       package = pkgs.postgresql_15;
       enableTCPIP = true;
 
-      dataDir = lib.mkIf config.custom.dataDisk.enable
-        "${config.custom.dataDisk.mountPoint}/postgresql/${config.services.postgresql.package.psqlSchema}";
+      dataDir = lib.mkIf config.lab.dataDisk.enable
+        "${config.lab.dataDisk.mountPoint}/postgresql/${config.services.postgresql.package.psqlSchema}";
 
       authentication = ''
         hostssl terraformstates terraform all cert
@@ -45,8 +43,6 @@ in {
       }];
     };
 
-    networking.firewall.allowedTCPPorts = [ 5432 ];
-
     age.secrets."postgresql_server.key" = {
       file = ../secrets/postgresql_server.key.age;
       mode = "400";