{ config, lib, ... }: let inherit (lib) attrValues filterAttrs mkMerge mkOption types; cfg = config.sane.hosts; host = types.submodule ({ config, name, ... }: { options = { names = mkOption { type = types.listOf types.str; description = '' all names by which this host is reachable ''; }; ssh.user_pubkey = mkOption { type = types.nullOr types.str; default = null; description = '' ssh pubkey that the primary user of this machine will use when connecting to other machines. e.g. "ssh-ed25519 AAAA". ''; }; ssh.host_pubkey = mkOption { type = types.str; description = '' ssh pubkey which this host will present to connections initiated against it. e.g. "ssh-ed25519 AAAA". ''; }; ssh.authorized = mkOption { type = types.bool; default = true; description = "make this host's ssh key be an authorized_key for the system being deployed to"; }; wg-home.pubkey = mkOption { type = types.nullOr types.str; default = null; description = '' wireguard public key for the wg-home VPN. e.g. "pWtnKW7f7sNIZQ2M83uJ7cHg3IL1tebE3IoVkCgjkXM=". ''; }; wg-home.ip = mkOption { type = types.nullOr types.str; default = null; description = '' IP address to use on the wg-home VPN. e.g. "10.0.10.5"; ''; }; wg-home.endpoint = mkOption { type = types.nullOr types.str; default = null; }; lan-ip = mkOption { type = types.str; description = '' ip address when on the lan. e.g. "192.168.0.5"; ''; }; }; config = { names = [ name ] ++ lib.optional (config.wg-home.ip != null) "${name}-hn"; }; }); in { options = { sane.hosts.by-name = mkOption { type = types.attrsOf host; default = {}; description = '' map of hostname => attrset of information specific to that host, like its ssh pubkey, etc. ''; }; }; }