{ lib, config, ... }:
let
inherit (lib) mkOption;
inherit (lib.types) types;
in
{
imports = [
./garage
./mastodon
./pixelfed
./peertube
];
options = {
fediversity = {
domain = mkOption {
type = types.str;
description = ''
root domain for the Fediversity services
For instance, if this option is set to `foo.example.com`, then
Pixelfed might be under `pixelfed.foo.example.com`.
'';
};
temp = mkOption {
description = "options that are only used while developing; should be removed eventually";
default = { };
type = types.submodule {
options = {
cores = mkOption {
description = "number of cores; should be obtained from NixOps4";
type = types.int;
};
## NOTE: In practice, we will want to plug our services to a central
## authentication service, eg. LDAP. In the meantime, for the demo
## effect (and for testing, tbh), we need a way to inject an initial
## user into our services.
initialUser = {
username = mkOption {
type = types.str;
description = "Username of the initial user";
};
displayName = mkOption {
type = types.str;
description = "Name of the initial user, for humans";
default = config.fediversity.temp.initialUser.name;
};
email = mkOption {
type = types.str;
description = "Email of the initial user";
};
passwordFile = mkOption {
type = types.path;
description = "Path to a file containing the initial user's password";
};
};
};
};
};
};
};
config = {
## FIXME: This should clearly go somewhere else; and we should have a
## `staging` vs. `production` setting somewhere.
security.acme = {
acceptTerms = true;
defaults.email = "nicolas.jeannerod+fediversity@moduscreate.com";
# defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
};
};
}