From a217f55231e256ad7b2dfbfb1cbbd477c560955f Mon Sep 17 00:00:00 2001
From: Jonas Juselius <jonas.juselius@itpartner.no>
Date: Thu, 29 Oct 2020 17:40:13 +0100
Subject: [PATCH] WIP: nixos modules

---
 lib/base.nix | 53 +++++++++++++++++++++++++++++++++++++++-------------
 lib/k8s.nix  |  2 +-
 2 files changed, 41 insertions(+), 14 deletions(-)

diff --git a/lib/base.nix b/lib/base.nix
index 627bf15..9fdb5a5 100644
--- a/lib/base.nix
+++ b/lib/base.nix
@@ -1,11 +1,13 @@
-{ pkgs, lib, settings, here ? "", ...}:
+{ pkgs, config, lib, ... }:
 with lib;
-rec {
-  pki = import ./pki.nix { inherit pkgs; ca = settings.initca; };
+let
+  cfg = config.k8s;
+
+  pki = import ./pki.nix { inherit pkgs; ca = cfg.initca; };
 
   baseNixos = name: {
     users.extraUsers.admin.openssh.authorizedKeys.keys =
-     settings.adminAuthorizedKeys;
+     cfg.adminAuthorizedKeys;
 
     boot.kernel.sysctl = {
       "kernel.mm.transparent_hugepage.enabled" = "never";
@@ -14,7 +16,6 @@ rec {
 
     imports = [
       ./nixos/configuration.nix
-      (here + "/${name}.nix")
     ];
 
     security.pki.certificateFiles = [
@@ -23,7 +24,7 @@ rec {
 
     networking = {
       hostName = name;
-      extraHosts = settings.clusterHosts;
+      extraHosts = cfg.clusterHosts;
       firewall.allowedTCPPortRanges = [ { from = 5000; to = 50000; } ];
       firewall.allowedTCPPorts = [ 80 443 111 ];
       firewall.allowedUDPPorts = [ 111 24007 24008 ];
@@ -33,18 +34,16 @@ rec {
     ];
   };
 
-  hostCerts =
-    builtins.foldl'
+  hostCerts = builtins.foldl'
     (a: x: a // { ${x.name} = pki.gencert {
         cn = x.name;
         ca = x.ca;
-        o = settings.clusterName;
+        o = cfg.clusterName;
       };
-    }) {} settings.hosts;
+    }) {} cfg.hosts;
 
 
-  mkHost = host: self:
-    {
+  mkHost = host: self: {
       deployment.targetHost = host.address;
       require = [
         (baseNixos host.name)
@@ -55,9 +54,37 @@ rec {
     let
       hosts =
         builtins.foldl'
-          (a: x: a // { ${x.name} = mkHost x _; }) {} settings.hosts;
+          (a: x: a // { ${x.name} = mkHost x _; }) {} cfg.hosts;
       hosts' = lib.recursiveUpdate hosts attrs;
       names = builtins.attrNames hosts;
     in
       builtins.foldl' (a: x: a // { ${x} = self: hosts'.${x}; }) {} names;
+in
+{
+  options.k8s = {
+    initca = mkOption {
+      type = types.path;
+    };
+
+    clusterName = mkOption {
+      type = types.str;
+    };
+
+    hosts = mkOption {
+      type = types.listOf types.set;
+      default = [];
+    };
+
+    clusterHosts = mkOption {
+      type = types.str;
+    };
+
+    adminAuthorizedKeys = mkOption {
+      type = types.listOf types.str;
+      default = [];
+    };
+  };
+
+  config = {
+  };
 }
diff --git a/lib/k8s.nix b/lib/k8s.nix
index 71965c1..1f61a1b 100644
--- a/lib/k8s.nix
+++ b/lib/k8s.nix
@@ -1,4 +1,4 @@
-{ pkgs, lib, settings, here ? "", ...}:
+{ pkgs, lib, settings, here ? ./., ...}:
 with import ./base.nix { inherit pkgs lib settings here; };
 with lib;
 let