kiara/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity

Searate Garage config and options

Browse source
This commit is contained in:
Nicolas Jeannerod 2025-02-14 16:17:07 +01:00
parent ff03d12dc1
commit b68a821b77
Signed by untrusted user: Niols
GPG key ID: 35DB9EC8886E1CB8
2 changed files with 82 additions and 80 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

82
services/fediversity/garage/default.nix
View file

@ -17,13 +17,7 @@ in
let
inherit (builtins) toString;
inherit (lib)
types
mkOption
mkEnableOption
optionalString
concatStringsSep
;
inherit (lib) optionalString concatStringsSep;
inherit (lib.strings) escapeShellArg;
inherit (lib.attrsets) filterAttrs mapAttrs';
cfg = config.services.garage;
@ -100,79 +94,7 @@ let
in
{
# add in options to ensure creation of buckets and keys
options = {
services.garage = {
ensureBuckets = mkOption {
type = types.attrsOf (
types.submodule {
options = {
website = mkOption {
type = types.bool;
default = false;
};
# I think setting corsRules should allow another website to show images from your bucket
corsRules = {
enable = mkEnableOption "CORS Rules";
allowedHeaders = mkOption {
type = types.listOf types.str;
default = [ ];
};
allowedMethods = mkOption {
type = types.listOf types.str;
default = [ ];
};
allowedOrigins = mkOption {
type = types.listOf types.str;
default = [ ];
};
};
aliases = mkOption {
type = types.listOf types.str;
default = [ ];
};
};
}
);
default = { };
};
ensureKeys = mkOption {
type = types.attrsOf (
types.submodule {
# TODO: these should be managed as secrets, not in the nix store
options = {
id = mkOption { type = types.str; };
secret = mkOption { type = types.str; };
# TODO: assert at least one of these is true
# NOTE: this currently needs to be done at the top level module
ensureAccess = mkOption {
type = types.attrsOf (
types.submodule {
options = {
read = mkOption {
type = types.bool;
default = false;
};
write = mkOption {
type = types.bool;
default = false;
};
owner = mkOption {
type = types.bool;
default = false;
};
};
}
);
default = [ ];
};
};
}
);
default = { };
};
};
};
imports = [ ./options.nix ];
config = lib.mkIf config.fediversity.enable {
environment.systemPackages = [

80
services/fediversity/garage/options.nix Normal file
View file

@ -0,0 +1,80 @@
{ lib, ... }:
let
inherit (lib) types mkOption mkEnableOption;
in
{
options = {
services.garage = {
ensureBuckets = mkOption {
type = types.attrsOf (
types.submodule {
options = {
website = mkOption {
type = types.bool;
default = false;
};
# I think setting corsRules should allow another website to show images from your bucket
corsRules = {
enable = mkEnableOption "CORS Rules";
allowedHeaders = mkOption {
type = types.listOf types.str;
default = [ ];
};
allowedMethods = mkOption {
type = types.listOf types.str;
default = [ ];
};
allowedOrigins = mkOption {
type = types.listOf types.str;
default = [ ];
};
};
aliases = mkOption {
type = types.listOf types.str;
default = [ ];
};
};
}
);
default = { };
};
ensureKeys = mkOption {
type = types.attrsOf (
types.submodule {
# TODO: these should be managed as secrets, not in the nix store
options = {
id = mkOption { type = types.str; };
secret = mkOption { type = types.str; };
# TODO: assert at least one of these is true
# NOTE: this currently needs to be done at the top level module
ensureAccess = mkOption {
type = types.attrsOf (
types.submodule {
options = {
read = mkOption {
type = types.bool;
default = false;
};
write = mkOption {
type = types.bool;
default = false;
};
owner = mkOption {
type = types.bool;
default = false;
};
};
}
);
default = [ ];
};
};
}
);
default = { };
};
};
};
}