From b68a821b7725b7e68a3de4863aa695f06d733b34 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20=E2=80=9CNiols=E2=80=9D=20Jeannerod?=
<nicolas.jeannerod@moduscreate.com>
Date: Fri, 14 Feb 2025 16:17:07 +0100
Subject: [PATCH] Searate Garage config and options
---
services/fediversity/garage/default.nix | 82 +------------------------
services/fediversity/garage/options.nix | 80 ++++++++++++++++++++++++
2 files changed, 82 insertions(+), 80 deletions(-)
create mode 100644 services/fediversity/garage/options.nix
diff --git a/services/fediversity/garage/default.nix b/services/fediversity/garage/default.nix
index f43fe11f..f9015cf1 100644
--- a/services/fediversity/garage/default.nix
+++ b/services/fediversity/garage/default.nix
@@ -17,13 +17,7 @@ in
let
inherit (builtins) toString;
- inherit (lib)
- types
- mkOption
- mkEnableOption
- optionalString
- concatStringsSep
- ;
+ inherit (lib) optionalString concatStringsSep;
inherit (lib.strings) escapeShellArg;
inherit (lib.attrsets) filterAttrs mapAttrs';
cfg = config.services.garage;
@@ -100,79 +94,7 @@ let
in
{
- # add in options to ensure creation of buckets and keys
- options = {
- services.garage = {
- ensureBuckets = mkOption {
- type = types.attrsOf (
- types.submodule {
- options = {
- website = mkOption {
- type = types.bool;
- default = false;
- };
- # I think setting corsRules should allow another website to show images from your bucket
- corsRules = {
- enable = mkEnableOption "CORS Rules";
- allowedHeaders = mkOption {
- type = types.listOf types.str;
- default = [ ];
- };
- allowedMethods = mkOption {
- type = types.listOf types.str;
- default = [ ];
- };
- allowedOrigins = mkOption {
- type = types.listOf types.str;
- default = [ ];
- };
- };
- aliases = mkOption {
- type = types.listOf types.str;
- default = [ ];
- };
- };
- }
- );
- default = { };
- };
- ensureKeys = mkOption {
- type = types.attrsOf (
- types.submodule {
- # TODO: these should be managed as secrets, not in the nix store
- options = {
- id = mkOption { type = types.str; };
- secret = mkOption { type = types.str; };
- # TODO: assert at least one of these is true
- # NOTE: this currently needs to be done at the top level module
- ensureAccess = mkOption {
- type = types.attrsOf (
- types.submodule {
- options = {
- read = mkOption {
- type = types.bool;
- default = false;
- };
- write = mkOption {
- type = types.bool;
- default = false;
- };
- owner = mkOption {
- type = types.bool;
- default = false;
- };
- };
- }
- );
- default = [ ];
- };
- };
- }
- );
- default = { };
- };
- };
- };
+ imports = [ ./options.nix ];
config = lib.mkIf config.fediversity.enable {
environment.systemPackages = [
diff --git a/services/fediversity/garage/options.nix b/services/fediversity/garage/options.nix
new file mode 100644
index 00000000..69d9c4b7
--- /dev/null
+++ b/services/fediversity/garage/options.nix
@@ -0,0 +1,80 @@
+{ lib, ... }:
+
+let
+ inherit (lib) types mkOption mkEnableOption;
+in
+
+{
+ options = {
+ services.garage = {
+ ensureBuckets = mkOption {
+ type = types.attrsOf (
+ types.submodule {
+ options = {
+ website = mkOption {
+ type = types.bool;
+ default = false;
+ };
+ # I think setting corsRules should allow another website to show images from your bucket
+ corsRules = {
+ enable = mkEnableOption "CORS Rules";
+ allowedHeaders = mkOption {
+ type = types.listOf types.str;
+ default = [ ];
+ };
+ allowedMethods = mkOption {
+ type = types.listOf types.str;
+ default = [ ];
+ };
+ allowedOrigins = mkOption {
+ type = types.listOf types.str;
+ default = [ ];
+ };
+ };
+ aliases = mkOption {
+ type = types.listOf types.str;
+ default = [ ];
+ };
+ };
+ }
+ );
+ default = { };
+ };
+ ensureKeys = mkOption {
+ type = types.attrsOf (
+ types.submodule {
+ # TODO: these should be managed as secrets, not in the nix store
+ options = {
+ id = mkOption { type = types.str; };
+ secret = mkOption { type = types.str; };
+ # TODO: assert at least one of these is true
+ # NOTE: this currently needs to be done at the top level module
+ ensureAccess = mkOption {
+ type = types.attrsOf (
+ types.submodule {
+ options = {
+ read = mkOption {
+ type = types.bool;
+ default = false;
+ };
+ write = mkOption {
+ type = types.bool;
+ default = false;
+ };
+ owner = mkOption {
+ type = types.bool;
+ default = false;
+ };
+ };
+ }
+ );
+ default = [ ];
+ };
+ };
+ }
+ );
+ default = { };
+ };
+ };
+ };
+}