base: create from_ansible module for base_* variables

Author: mkg20001

flake.nix

@@ -46,6 +46,7 @@
         ];
         ansible_default = default ++ [
           nix-unify.nixosModules.ansible
+          from_ansible
         ];
         unify_default = ansible_default ++ [
           nix-unify.nixosModules.unify
@@ -71,6 +72,29 @@
           imports = self.nixosModules.onlypath_default;
           nixpkgs.hostPlatform = system;
         }).config.system.build.toplevel;
+
+        # check if our ansible set evaluates without any ansible stuff set
+        # (this allows better ci testing)
+        ansible = (import "${nixpkgs}/nixos/lib/eval-config.nix" {
+          modules = [
+            {
+              imports = self.nixosModules.ansible_default;
+              nixpkgs.hostPlatform = system;
+              nixpkgs.overlays = [ self.overlays.default ];
+              fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
+              boot.loader.systemd-boot.enable = true;
+              users.allowNoPasswordLogin = true;
+            }
+          ];
+
+          # this needs to be set via pkgs.nixos,
+          # but there's no way to do that
+          specialArgs = {
+            inherit inputs;
+          };
+
+          system = null;
+        }).config.system.build.toplevel;
       }
     );
   };

modules/from_ansible/default.nix

@@ -0,0 +1,13 @@
+{ config, lib, ... }:
+
+with lib;
+
+{
+  users.users.root.openssh.authorizedKeys.keys =
+    mkIf (config.ansible.hostvars ? "base_ssh_root_keys")
+      config.ansible.hostvars.base_ssh_root_keys;
+
+  services.openssh.settings.AllowUsers =
+    mkIf (config.ansible.hostvars ? "base_ssh_allow_users")
+      (lib.concatStringsSep " " config.ansible.hostvars.base_ssh_allow_users);
+}