Add cj.deployment module

That way we can configure the depployment tags and everything in a
single location.

common/default.nix

@@ -1,6 +1,7 @@
 { config, lib, pkgs, inputs, ... }: {
   imports = [
     ./users.nix
+    ../modules/deployment.nix
     # Monitoring is applicable to all hosts, thus placing it here
     ../services/monitoring
   ];

flake.nix

@@ -57,7 +57,7 @@
       };
       defaults = { name, config, ... }: {
         deployment = {
-          tags = if name == "shirley" then [ "prod" ] else [ "dev" ];
+          tags = [ config.cj.deployment.environment ];
           targetHost = config.networking.fqdn;
           targetUser = null;
         };

hosts/goldberg/configuration.nix

@@ -1,5 +1,5 @@
 { lib, pkgs, baseDomain, ... }: {
-  _module.args.baseDomain = "dev.chaos.jetzt";
+  cj.deployment.environment = "dev";
 
   imports = [
     ./hardware-config.nix

hosts/shirley/configuration.nix

@@ -1,5 +1,5 @@
 { pkgs, baseDomain, ... }: {
-  _module.args.baseDomain = "chaos.jetzt";
+  cj.deployment.environment = "prod";
 
   imports = [
     ./hardware-config.nix

modules/deployment.nix

@@ -0,0 +1,26 @@
+{ config
+, options
+, lib
+, ... }:
+
+let
+  inherit (lib) mkOption types optionalString;
+
+  cfg = config.cj.deployment;
+  isDev = cfg.environment == "dev";
+in
+{
+  options.cj.deployment = {
+    environment = mkOption {
+      description = "Environment this host will be used for. Affects both colmena deploy groups and the baseDomain";
+      type = types.enum [ "dev" "prod" ];
+    };
+  };
+
+  config = {
+    _module.args = {
+      inherit isDev;
+      baseDomain = "${optionalString isDev "dev."}chaos.jetzt";
+    };
+  };
+}

services/dokuwiki.nix

@@ -1,10 +1,12 @@
-{
-  pkgs,
-  config,
-  lib,
-  baseDomain,
-  ...
-}: let
+{ pkgs
+, config
+, lib
+, baseDomain
+, isDev
+, ...
+}:
+
+let
   fpm_pool = "dokuwiki-${dw_domain}";
   fpm_cfg = config.services.phpfpm.pools.${fpm_pool};
   dw_domain = "wiki.${baseDomain}";
@@ -143,7 +145,7 @@ in {
       };
       plugin.oauthkeycloak = {
         key = get_secret "dokuwiki/keycloak_key";
-        openidurl = "https://sso.chaos.jetzt/auth/realms/chaos-jetzt/.well-known/openid-configuration";
+        openidurl = "https://sso.chaos.jetzt/auth/realms/${if isDev then "dev" else "chaos-jetzt"}/.well-known/openid-configuration";
       };
     };
 

services/monitoring/default.nix

@@ -37,7 +37,7 @@
 
   isMe = host: host.config.networking.fqdn == fqdn;
   others = filterAttrs (_: !isMe) outputs.nixosConfigurations;
-  isDev = host: (substring 0 3 host._module.args.baseDomain) == "dev";
+  isDev = host: host._module.args.isDev;
   allHosts = outputs.nixosConfigurations // externalTargets;
   /*
     Right now we only have one non-dev host in our NixOS setup (the ansible hosts don't monitor the NixOS hosts).

services/vaultwarden.nix

@@ -1,9 +1,13 @@
-{ lib, config, pkgs, baseDomain, ... }:
+{ lib
+, config
+, pkgs
+, baseDomain
+, isDev
+, ... }:
 
 let
   vwDbUser = config.users.users.vaultwarden.name;
   vwDbName = config.users.users.vaultwarden.name;
-  isDev = (builtins.substring 0 3 baseDomain) == "dev";
   isDevStr = lib.optionalString isDev;
 in {
   sops.secrets = {

services/website.nix

@@ -1,4 +1,10 @@
-{ lib, pkgs, config, baseDomain, ...}:
+{ lib
+, pkgs
+, config
+, baseDomain
+, isDev
+, ...}:
+
 let
   matrixWellKnown = {
     client."m.homeserver".base_url = "https://matrix.${baseDomain}/";
@@ -6,7 +12,6 @@ let
   };
   toJSONFile = name: value: pkgs.writeText name (builtins.toJSON value);
   matrixWellKnownDir = pkgs.linkFarm "matrix-well-known" (builtins.mapAttrs toJSONFile matrixWellKnown);
-  isDev = (builtins.substring 0 3 baseDomain) == "dev";
   webroot = "${config.users.users."web-deploy".home}/public";
   deployPubKey = if isDev then
     "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINRmpgMjXQCjA/YPNJvaNdKMjr0jnLtwKKbLCIisjeBw dev-deploykey@chaos.jetzt"