fix(non-clicks): Ensure all modules start disabled
Clicks wants some modules (our backups, secrets and users) enabled by
default. Auxolotl wants to import our modules, and they don't want any
of this stuff.
Importing modules one-by-one is a potential solution, but is rather
messy given things like impermanence which is depended on in lots of
places. It's much cleaner to know whether the current flake is Clicks
and enable/disable defaults based on that
Change-Id: Icfb6d7bacdfbc31f1904ea4a1b6d6e577b03fa09
Reviewed-on: https://git.clicks.codes/c/Infra/NixFiles/+/802
Tested-by: Skyler Grey <minion@clicks.codes>
Reviewed-by: Skyler Grey <minion@clicks.codes>
diff --git a/flake.nix b/flake.nix
index 1c7ddb5..5500287 100644
--- a/flake.nix
+++ b/flake.nix
@@ -71,6 +71,11 @@
inputs.agenix.nixosModules.default
inputs.agenix-rekey.nixosModules.default
inputs.impermanence.nixosModules.impermanence
+ {
+ config.clicks.defaults.enable = true;
+ # set defaults that are clicks-specific, such as our backups module
+ # being enabled...
+ }
];
deploy = lib.clicks.deploy.mkDeploy {
diff --git a/modules/nixos/clicks/defaults/default.nix b/modules/nixos/clicks/defaults/default.nix
new file mode 100644
index 0000000..1e42c6f
--- /dev/null
+++ b/modules/nixos/clicks/defaults/default.nix
@@ -0,0 +1,8 @@
+{ lib, ... }: {
+ options.clicks.defaults.enable = lib.mkOption {
+ type = lib.types.bool;
+ example = true;
+ default = false;
+ description = "Tell Clicks modules that they are allowed to be default-enabled. Clicks modules are designed to be all imported at once, so without this we will assume we're running on someone-else's system and avoid setting anything without being told to";
+ };
+}
diff --git a/modules/nixos/clicks/security/secrets/default.nix b/modules/nixos/clicks/security/secrets/default.nix
index 9a97f9d..332efbe 100644
--- a/modules/nixos/clicks/security/secrets/default.nix
+++ b/modules/nixos/clicks/security/secrets/default.nix
@@ -9,7 +9,7 @@
options.clicks.security.secrets.enable = lib.mkOption {
description = "Enable using agenix-rekey for secrets";
type = lib.types.bool;
- default = true;
+ default = config.clicks.defaults.enable;
};
config = lib.mkIf cfg.enable {
diff --git a/modules/nixos/clicks/services/nginx/default.nix b/modules/nixos/clicks/services/nginx/default.nix
index 90d6405..1740930 100644
--- a/modules/nixos/clicks/services/nginx/default.nix
+++ b/modules/nixos/clicks/services/nginx/default.nix
@@ -19,11 +19,6 @@
description = "Default provider for getting web certificates";
default = null;
};
- xClacksOverhead.enable = lib.options.mkOption {
- type = lib.types.bool;
- description = "Write the header `X-Clacks-Overhead: GNU Terry Pratchett` on all virtual host locations";
- default = true;
- };
};
config = lib.modules.mkIf cfg.enable (let
diff --git a/modules/nixos/clicks/users/backups/default.nix b/modules/nixos/clicks/users/backups/default.nix
index 66fc8ce..9138589 100644
--- a/modules/nixos/clicks/users/backups/default.nix
+++ b/modules/nixos/clicks/users/backups/default.nix
@@ -13,7 +13,7 @@
};
enable = lib.mkOption {
type = lib.types.bool;
- default = true;
+ default = config.clicks.defaults.enable;
description = "It is mandatory for any Clicks server to have the backups enabled, please only disable this if you are backing up in a different way";
};
};
diff --git a/modules/nixos/clicks/users/coded/default.nix b/modules/nixos/clicks/users/coded/default.nix
index 41bdab8..5b34809 100644
--- a/modules/nixos/clicks/users/coded/default.nix
+++ b/modules/nixos/clicks/users/coded/default.nix
@@ -7,7 +7,7 @@
options = {
clicks.users.coded.enable = lib.mkOption {
type = lib.types.bool;
- default = true;
+ default = config.clicks.defaults.enable;
};
};
diff --git a/modules/nixos/clicks/users/minion/default.nix b/modules/nixos/clicks/users/minion/default.nix
index 7b3c2ee..c5f65e0 100644
--- a/modules/nixos/clicks/users/minion/default.nix
+++ b/modules/nixos/clicks/users/minion/default.nix
@@ -7,7 +7,7 @@
options = {
clicks.users.minion.enable = lib.mkOption {
type = lib.types.bool;
- default = true;
+ default = config.clicks.defaults.enable;
};
};