alisceon/nixos_config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

add blogbox target

Browse source
This commit is contained in:
alisceon 2026-05-29 19:30:07 +02:00
parent e2b41c8129
commit 2ac05607a2
5 changed files with 394 additions and 68 deletions
Download patch file Download diff file Expand all files Collapse all files

71
nixos/modules/services/cloud-init.nix Normal file
View file

@ -0,0 +1,71 @@
{ config, lib, ... }:
let
cfg = config.alisceon.cloud-init;
defaultShell =
if cfg.defaultShell != null then
cfg.defaultShell
else
lib.getExe config.users.users.${cfg.user}.shell;
in
{
options.alisceon.cloud-init = {
enable = lib.mkEnableOption "shared cloud-init defaults";
user = lib.mkOption {
type = lib.types.str;
default = "alisceon";
description = "Default cloud-init user to configure.";
};
gecos = lib.mkOption {
type = lib.types.str;
default = "Alisceon";
description = "GECOS field for the default cloud-init user.";
};
groups = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [
"wheel"
"systemd-journal"
];
description = "Groups assigned to the default cloud-init user.";
};
defaultShell = lib.mkOption {
type = lib.types.nullOr lib.types.str;
default = null;
description = "Shell path for the default cloud-init user.";
};
datasourceList = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [
"Oracle"
"ConfigDrive"
"NoCloud"
];
description = "cloud-init datasources to allow.";
};
};
config = lib.mkIf cfg.enable {
networking.useNetworkd = lib.mkDefault true;
services.cloud-init = {
enable = true;
network.enable = true;
settings = {
datasource_list = cfg.datasourceList;
users = [ "default" ];
system_info.default_user = {
name = cfg.user;
gecos = cfg.gecos;
groups = cfg.groups;
shell = defaultShell;
lock_passwd = true;
};
};
};
};
}

73
nixos/modules/services/oci-authorized-keys.nix Normal file
View file

@ -0,0 +1,73 @@
{ config, lib, pkgs, ... }:
let
cfg = config.alisceon.ociAuthorizedKeys;
home = config.users.users.${cfg.user}.home;
sshDir = "${home}/.ssh";
authorizedKeysFile = "${sshDir}/authorized_keys";
fetchOciAuthorizedKeys = pkgs.writeShellApplication {
name = "fetch-oci-authorized-keys";
runtimeInputs = [
pkgs.coreutils
pkgs.curl
];
text = ''
install -d -m 0700 -o ${lib.escapeShellArg cfg.user} -g ${lib.escapeShellArg cfg.group} ${lib.escapeShellArg sshDir}
if [ -s ${lib.escapeShellArg authorizedKeysFile} ]; then
echo "OCI authorized_keys already present for ${cfg.user}"
exit 0
fi
curl --fail --silent --show-error --location \
--header ${lib.escapeShellArg "Authorization: Bearer Oracle"} \
--output ${lib.escapeShellArg authorizedKeysFile} \
${lib.escapeShellArg cfg.metadataUrl}
chown ${lib.escapeShellArg "${cfg.user}:${cfg.group}"} ${lib.escapeShellArg authorizedKeysFile}
chmod 0600 ${lib.escapeShellArg authorizedKeysFile}
'';
};
in
{
options.alisceon.ociAuthorizedKeys = {
enable = lib.mkEnableOption "fetching SSH authorized_keys from OCI metadata";
user = lib.mkOption {
type = lib.types.str;
default = "alisceon";
description = "User whose authorized_keys file should be populated.";
};
group = lib.mkOption {
type = lib.types.str;
default = "users";
description = "Group owner for the user's SSH files.";
};
metadataUrl = lib.mkOption {
type = lib.types.str;
default = "http://169.254.169.254/opc/v2/instance/metadata/ssh_authorized_keys";
description = "OCI metadata endpoint containing SSH authorized keys.";
};
};
config = lib.mkIf cfg.enable {
systemd.services.fetch-oci-authorized-keys = {
description = "Fetch OCI metadata authorized_keys for ${cfg.user}";
wantedBy = [ "sshd.service" ];
before = [ "sshd.service" ];
after = [ "network-online.target" ];
wants = [ "network-online.target" ];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
StandardError = "journal+console";
StandardOutput = "journal+console";
};
script = lib.getExe fetchOciAuthorizedKeys;
};
systemd.services.fetch-ssh-keys.enable = false;
};
}