|
3 | 3 | # |
4 | 4 | # Global Configuration Options Module |
5 | 5 | # |
6 | | -# This module defines the ghaf.global-config options that propagate to all VMs. |
7 | | -# Settings here are the "single source of truth" for configuration values |
8 | | -# that should be consistent across host and all guest VMs. |
9 | | -# |
10 | | -# Supports versioned profiles via lib.ghaf.profiles and lib.ghaf.mkGlobalConfig. |
| 6 | +# This module defines the ghaf.global-config option type for host-level settings. |
| 7 | +# The actual global config values are created by lib.ghaf.mkGlobalConfig and |
| 8 | +# passed to VMs via specialArgs (globalConfig). |
11 | 9 | # |
12 | 10 | # Usage: |
13 | | -# # Use a predefined profile |
14 | | -# ghaf.global-config = lib.ghaf.profiles.debug; |
15 | | -# |
16 | | -# # Or customize a profile |
17 | | -# ghaf.global-config = lib.ghaf.mkGlobalConfig "debug" { |
18 | | -# storage.encryption.enable = true; |
19 | | -# }; |
| 11 | +# # Set options on host (these propagate via lib.ghaf.mkGlobalConfig) |
| 12 | +# ghaf.profiles.debug.enable = true; |
| 13 | +# ghaf.development.ssh.daemon.enable = true; |
20 | 14 | # |
21 | | -# # Or set options directly |
22 | | -# ghaf.global-config = { |
23 | | -# debug.enable = true; |
24 | | -# development.ssh.daemon.enable = true; |
25 | | -# }; |
| 15 | +# # VMs receive globalConfig via specialArgs, created by profiles |
| 16 | +# # See: modules/profiles/laptop-x86.nix, lib/global-config.nix |
26 | 17 | # |
27 | | -# Backward Compatibility: |
28 | | -# This module provides sync from existing ghaf.* options → global-config. |
29 | | -# Old-style settings will automatically populate global-config so that |
30 | | -# VMs using the new pattern receive correct values. |
31 | 18 | { |
32 | 19 | config, |
33 | 20 | lib, |
34 | | - options, |
35 | 21 | ... |
36 | 22 | }: |
37 | | -let |
38 | | - |
39 | | - # Helper to check if an option path exists in the options tree |
40 | | - optionExists = path: lib.hasAttrByPath path options; |
41 | | - |
42 | | - # Helper to get config value if option exists, otherwise use default |
43 | | - configOrDefault = |
44 | | - path: default: if optionExists path then lib.getAttrFromPath path config else default; |
45 | | -in |
46 | 23 | { |
47 | 24 | _file = ./global-config.nix; |
48 | 25 |
|
49 | 26 | options.ghaf.global-config = lib.mkOption { |
50 | 27 | type = lib.types.globalConfig; |
51 | 28 | default = { }; |
52 | 29 | description = '' |
53 | | - Global configuration options that automatically propagate to all VMs. |
| 30 | + Global configuration options that propagate to all VMs. |
54 | 31 |
|
55 | 32 | These settings represent the "single source of truth" for values that |
56 | 33 | should be consistent across the host and all guest virtual machines. |
57 | 34 |
|
58 | | - You can use predefined profiles: |
59 | | - ghaf.global-config = lib.ghaf.profiles.debug; |
60 | | -
|
61 | | - Or customize a profile: |
62 | | - ghaf.global-config = lib.ghaf.mkGlobalConfig "debug" { |
63 | | - storage.encryption.enable = true; |
64 | | - }; |
65 | | -
|
66 | | - Or set options directly: |
67 | | - ghaf.global-config = { |
68 | | - debug.enable = true; |
69 | | - development.ssh.daemon.enable = true; |
70 | | - storage.encryption.enable = true; |
71 | | - }; |
| 35 | + The actual propagation to VMs happens via: |
| 36 | + 1. lib.ghaf.mkGlobalConfig creates globalConfig from host config |
| 37 | + 2. Profiles pass globalConfig to VM bases via specialArgs |
| 38 | + 3. VMs read from globalConfig specialArg |
72 | 39 |
|
73 | 40 | Hardware-specific VM configurations go via hardware definition: |
74 | 41 | ghaf.hardware.definition.guivm.extraModules = [{ |
|
85 | 52 | hostSystem = lib.mkDefault config.nixpkgs.hostPlatform.system; |
86 | 53 | timeZone = lib.mkDefault (if config.time.timeZone != null then config.time.timeZone else "UTC"); |
87 | 54 | }; |
88 | | - |
89 | | - # Backward compatibility: sync from old-style ghaf.* options → global-config |
90 | | - # Use lib.mkOverride 900 so explicit global-config settings (priority 1000) take precedence |
91 | | - # but these defaults take precedence over the type defaults (priority 1500) |
92 | | - |
93 | | - # Debug settings |
94 | | - ghaf.global-config.debug.enable = lib.mkOverride 900 ( |
95 | | - configOrDefault [ "ghaf" "profiles" "debug" "enable" ] false |
96 | | - ); |
97 | | - |
98 | | - # Development settings |
99 | | - ghaf.global-config.development.ssh.daemon.enable = lib.mkOverride 900 ( |
100 | | - configOrDefault [ "ghaf" "development" "ssh" "daemon" "enable" ] false |
101 | | - ); |
102 | | - |
103 | | - ghaf.global-config.development.debug.tools.enable = lib.mkOverride 900 ( |
104 | | - configOrDefault [ "ghaf" "development" "debug" "tools" "enable" ] false |
105 | | - ); |
106 | | - |
107 | | - ghaf.global-config.development.nix-setup.enable = lib.mkOverride 900 ( |
108 | | - configOrDefault [ "ghaf" "development" "nix-setup" "enable" ] false |
109 | | - ); |
110 | | - |
111 | | - # Logging settings |
112 | | - ghaf.global-config.logging.enable = lib.mkOverride 900 ( |
113 | | - configOrDefault [ "ghaf" "logging" "enable" ] false |
114 | | - ); |
115 | | - |
116 | | - ghaf.global-config.logging.listener.address = lib.mkOverride 900 ( |
117 | | - configOrDefault [ "ghaf" "logging" "listener" "address" ] "" |
118 | | - ); |
119 | | - |
120 | | - ghaf.global-config.logging.server.endpoint = lib.mkOverride 900 ( |
121 | | - configOrDefault [ "ghaf" "logging" "server" "endpoint" ] "" |
122 | | - ); |
123 | | - |
124 | | - # Security settings |
125 | | - ghaf.global-config.security.audit.enable = lib.mkOverride 900 ( |
126 | | - configOrDefault [ "ghaf" "security" "audit" "enable" ] false |
127 | | - ); |
128 | | - |
129 | | - # GIVC settings |
130 | | - ghaf.global-config.givc.enable = lib.mkOverride 900 ( |
131 | | - configOrDefault [ "ghaf" "givc" "enable" ] false |
132 | | - ); |
133 | | - |
134 | | - ghaf.global-config.givc.debug = lib.mkOverride 900 ( |
135 | | - configOrDefault [ "ghaf" "givc" "debug" ] false |
136 | | - ); |
137 | | - |
138 | | - # Services settings |
139 | | - ghaf.global-config.services.power-manager.enable = lib.mkOverride 900 ( |
140 | | - configOrDefault [ "ghaf" "services" "power-manager" "enable" ] false |
141 | | - ); |
142 | | - |
143 | | - ghaf.global-config.services.performance.enable = lib.mkOverride 900 ( |
144 | | - configOrDefault [ "ghaf" "services" "performance" "enable" ] false |
145 | | - ); |
146 | | - |
147 | | - # Storage settings |
148 | | - ghaf.global-config.storage.encryption.enable = lib.mkOverride 900 ( |
149 | | - configOrDefault [ "ghaf" "virtualization" "storagevm-encryption" "enable" ] false |
150 | | - ); |
151 | | - |
152 | | - ghaf.global-config.storage.storeOnDisk = lib.mkOverride 900 ( |
153 | | - configOrDefault [ "ghaf" "virtualization" "microvm" "storeOnDisk" ] false |
154 | | - ); |
155 | | - |
156 | | - # Shared memory settings |
157 | | - ghaf.global-config.shm.enable = lib.mkOverride 900 ( |
158 | | - configOrDefault [ "ghaf" "shm" "enable" ] false |
159 | | - ); |
160 | | - |
161 | | - ghaf.global-config.shm.serverSocketPath = lib.mkOverride 900 ( |
162 | | - configOrDefault [ "ghaf" "shm" "serverSocketPath" ] "" |
163 | | - ); |
164 | | - |
165 | | - # IDS VM settings |
166 | | - ghaf.global-config.idsvm.mitmproxy.enable = lib.mkOverride 900 ( |
167 | | - configOrDefault [ "ghaf" "virtualization" "microvm" "idsvm" "mitmproxy" "enable" ] false |
168 | | - ); |
169 | 55 | }; |
170 | 56 | } |
0 commit comments