Fediversity/services/fediversity/garage/options.nix

{ config, lib, ... }:

let
  inherit (lib) types mkOption mkEnableOption;
in

{
  options.fediversity.garage = {
    ensureBuckets = mkOption {
      type = types.attrsOf (
        types.submodule {
          options = {
            website = mkOption {
              type = types.bool;
              default = false;
            };
            # I think setting corsRules should allow another website to show images from your bucket
            corsRules = {
              enable = mkEnableOption "CORS Rules";
              allowedHeaders = mkOption {
                type = types.listOf types.str;
                default = [ ];
              };
              allowedMethods = mkOption {
                type = types.listOf types.str;
                default = [ ];
              };
              allowedOrigins = mkOption {
                type = types.listOf types.str;
                default = [ ];
              };
            };
            aliases = mkOption {
              type = types.listOf types.str;
              default = [ ];
            };
          };
        }
      );
      default = { };
    };

    ensureKeys = mkOption {
      type = types.attrsOf (
        types.submodule {
          # TODO: these should be managed as secrets, not in the nix store
          options = {
            s3AccessKey = mkOption { type = types.str; };
            s3SecretKey = mkOption { type = types.str; };
            # TODO: assert at least one of these is true
            # NOTE: this currently needs to be done at the top level module
            ensureAccess = mkOption {
              type = types.attrsOf (
                types.submodule {
                  options = {
                    read = mkOption {
                      type = types.bool;
                      default = false;
                    };
                    write = mkOption {
                      type = types.bool;
                      default = false;
                    };
                    owner = mkOption {
                      type = types.bool;
                      default = false;
                    };
                  };
                }
              );
              default = [ ];
            };
          };
        }
      );
      default = { };
    };

    api = {
      domain = mkOption {
        type = types.str;
        default = "s3.garage.${config.fediversity.domain}";
      };
      port = mkOption {
        type = types.int;
        default = 3900;
      };
      url = mkOption {
        type = types.str;
        default = "http://${config.fediversity.garage.api.domain}:${toString config.fediversity.garage.api.port}";
      };
    };

    rpc = {
      port = mkOption {
        type = types.int;
        default = 3901;
      };
    };

    web = {
      rootDomain = mkOption {
        type = types.str;
        default = "web.garage.${config.fediversity.domain}";
      };
      internalPort = mkOption {
        type = types.int;
        default = 3902;
      };
      domainForBucket = mkOption {
        type = types.functionTo types.str;
        default = bucket: "${bucket}.${config.fediversity.garage.web.rootDomain}";
      };
      urlForBucket = mkOption {
        type = types.functionTo types.str;
        default = bucket: "http://${config.fediversity.garage.web.domainForBucket bucket}";
      };
    };
  };
}
Consolidate Garage options - `fediversity.internal.garage` -> `fediversity.garage` - all in the same place 2025-02-14 18:32:08 +01:00			`{ config, lib, ... }:`
Searate Garage config and options 2025-02-14 16:17:07 +01:00
			`let`
			`inherit (lib) types mkOption mkEnableOption;`
			`in`

			`{`
`services.garage` -> `fediversity.garage` for the options that are ours; we want to avoid clashes if possible 2025-02-14 16:25:52 +01:00			`options.fediversity.garage = {`
			`ensureBuckets = mkOption {`
			`type = types.attrsOf (`
			`types.submodule {`
			`options = {`
			`website = mkOption {`
			`type = types.bool;`
			`default = false;`
			`};`
			`# I think setting corsRules should allow another website to show images from your bucket`
			`corsRules = {`
			`enable = mkEnableOption "CORS Rules";`
			`allowedHeaders = mkOption {`
			`type = types.listOf types.str;`
			`default = [ ];`
Searate Garage config and options 2025-02-14 16:17:07 +01:00			`};`
`services.garage` -> `fediversity.garage` for the options that are ours; we want to avoid clashes if possible 2025-02-14 16:25:52 +01:00			`allowedMethods = mkOption {`
			`type = types.listOf types.str;`
			`default = [ ];`
Searate Garage config and options 2025-02-14 16:17:07 +01:00			`};`
`services.garage` -> `fediversity.garage` for the options that are ours; we want to avoid clashes if possible 2025-02-14 16:25:52 +01:00			`allowedOrigins = mkOption {`
Searate Garage config and options 2025-02-14 16:17:07 +01:00			`type = types.listOf types.str;`
			`default = [ ];`
			`};`
			`};`
`services.garage` -> `fediversity.garage` for the options that are ours; we want to avoid clashes if possible 2025-02-14 16:25:52 +01:00			`aliases = mkOption {`
			`type = types.listOf types.str;`
			`default = [ ];`
			`};`
			`};`
			`}`
			`);`
			`default = { };`
			`};`

			`ensureKeys = mkOption {`
			`type = types.attrsOf (`
			`types.submodule {`
			`# TODO: these should be managed as secrets, not in the nix store`
			`options = {`
Make access and secret keys parameters 2025-02-14 19:01:54 +01:00			`s3AccessKey = mkOption { type = types.str; };`
			`s3SecretKey = mkOption { type = types.str; };`
`services.garage` -> `fediversity.garage` for the options that are ours; we want to avoid clashes if possible 2025-02-14 16:25:52 +01:00			`# TODO: assert at least one of these is true`
			`# NOTE: this currently needs to be done at the top level module`
			`ensureAccess = mkOption {`
			`type = types.attrsOf (`
			`types.submodule {`
			`options = {`
			`read = mkOption {`
			`type = types.bool;`
			`default = false;`
Searate Garage config and options 2025-02-14 16:17:07 +01:00			`};`
`services.garage` -> `fediversity.garage` for the options that are ours; we want to avoid clashes if possible 2025-02-14 16:25:52 +01:00			`write = mkOption {`
			`type = types.bool;`
			`default = false;`
			`};`
			`owner = mkOption {`
			`type = types.bool;`
			`default = false;`
			`};`
			`};`
			`}`
			`);`
			`default = [ ];`
Searate Garage config and options 2025-02-14 16:17:07 +01:00			`};`
`services.garage` -> `fediversity.garage` for the options that are ours; we want to avoid clashes if possible 2025-02-14 16:25:52 +01:00			`};`
			`}`
			`);`
			`default = { };`
Searate Garage config and options 2025-02-14 16:17:07 +01:00			`};`
Consolidate Garage options - `fediversity.internal.garage` -> `fediversity.garage` - all in the same place 2025-02-14 18:32:08 +01:00
			`api = {`
			`domain = mkOption {`
			`type = types.str;`
			`default = "s3.garage.${config.fediversity.domain}";`
			`};`
			`port = mkOption {`
			`type = types.int;`
			`default = 3900;`
			`};`
			`url = mkOption {`
			`type = types.str;`
			`default = "http://${config.fediversity.garage.api.domain}:${toString config.fediversity.garage.api.port}";`
			`};`
			`};`

			`rpc = {`
			`port = mkOption {`
			`type = types.int;`
			`default = 3901;`
			`};`
			`};`

			`web = {`
			`rootDomain = mkOption {`
			`type = types.str;`
			`default = "web.garage.${config.fediversity.domain}";`
			`};`
			`internalPort = mkOption {`
			`type = types.int;`
			`default = 3902;`
			`};`
			`domainForBucket = mkOption {`
			`type = types.functionTo types.str;`
			`default = bucket: "${bucket}.${config.fediversity.garage.web.rootDomain}";`
			`};`
			`urlForBucket = mkOption {`
			`type = types.functionTo types.str;`
			`default = bucket: "http://${config.fediversity.garage.web.domainForBucket bucket}";`
			`};`
			`};`
Searate Garage config and options 2025-02-14 16:17:07 +01:00			`};`
			`}`