diff --git a/services/fediversity/garage/default.nix b/services/fediversity/garage/default.nix index f43fe11f..f9015cf1 100644 --- a/services/fediversity/garage/default.nix +++ b/services/fediversity/garage/default.nix @@ -17,13 +17,7 @@ in let inherit (builtins) toString; - inherit (lib) - types - mkOption - mkEnableOption - optionalString - concatStringsSep - ; + inherit (lib) optionalString concatStringsSep; inherit (lib.strings) escapeShellArg; inherit (lib.attrsets) filterAttrs mapAttrs'; cfg = config.services.garage; @@ -100,79 +94,7 @@ let in { - # add in options to ensure creation of buckets and keys - options = { - services.garage = { - ensureBuckets = mkOption { - type = types.attrsOf ( - types.submodule { - options = { - website = mkOption { - type = types.bool; - default = false; - }; - # I think setting corsRules should allow another website to show images from your bucket - corsRules = { - enable = mkEnableOption "CORS Rules"; - allowedHeaders = mkOption { - type = types.listOf types.str; - default = [ ]; - }; - allowedMethods = mkOption { - type = types.listOf types.str; - default = [ ]; - }; - allowedOrigins = mkOption { - type = types.listOf types.str; - default = [ ]; - }; - }; - aliases = mkOption { - type = types.listOf types.str; - default = [ ]; - }; - }; - } - ); - default = { }; - }; - ensureKeys = mkOption { - type = types.attrsOf ( - types.submodule { - # TODO: these should be managed as secrets, not in the nix store - options = { - id = mkOption { type = types.str; }; - secret = mkOption { type = types.str; }; - # TODO: assert at least one of these is true - # NOTE: this currently needs to be done at the top level module - ensureAccess = mkOption { - type = types.attrsOf ( - types.submodule { - options = { - read = mkOption { - type = types.bool; - default = false; - }; - write = mkOption { - type = types.bool; - default = false; - }; - owner = mkOption { - type = types.bool; - default = false; - }; - }; - } - ); - default = [ ]; - }; - }; - } - ); - default = { }; - }; - }; - }; + imports = [ ./options.nix ]; config = lib.mkIf config.fediversity.enable { environment.systemPackages = [ diff --git a/services/fediversity/garage/options.nix b/services/fediversity/garage/options.nix new file mode 100644 index 00000000..69d9c4b7 --- /dev/null +++ b/services/fediversity/garage/options.nix @@ -0,0 +1,80 @@ +{ lib, ... }: + +let + inherit (lib) types mkOption mkEnableOption; +in + +{ + options = { + services.garage = { + ensureBuckets = mkOption { + type = types.attrsOf ( + types.submodule { + options = { + website = mkOption { + type = types.bool; + default = false; + }; + # I think setting corsRules should allow another website to show images from your bucket + corsRules = { + enable = mkEnableOption "CORS Rules"; + allowedHeaders = mkOption { + type = types.listOf types.str; + default = [ ]; + }; + allowedMethods = mkOption { + type = types.listOf types.str; + default = [ ]; + }; + allowedOrigins = mkOption { + type = types.listOf types.str; + default = [ ]; + }; + }; + aliases = mkOption { + type = types.listOf types.str; + default = [ ]; + }; + }; + } + ); + default = { }; + }; + ensureKeys = mkOption { + type = types.attrsOf ( + types.submodule { + # TODO: these should be managed as secrets, not in the nix store + options = { + id = mkOption { type = types.str; }; + secret = mkOption { type = types.str; }; + # TODO: assert at least one of these is true + # NOTE: this currently needs to be done at the top level module + ensureAccess = mkOption { + type = types.attrsOf ( + types.submodule { + options = { + read = mkOption { + type = types.bool; + default = false; + }; + write = mkOption { + type = types.bool; + default = false; + }; + owner = mkOption { + type = types.bool; + default = false; + }; + }; + } + ); + default = [ ]; + }; + }; + } + ); + default = { }; + }; + }; + }; +}