## NOTE: Not a module, but a helper function to create options for Fediversity ## services, as they tend to require the same ones. { lib, pkgs, serviceDocName, defaults ? { }, }: let inherit (lib) mkOption mkEnableOption; inherit (lib.types) types; in { enable = mkEnableOption "Enable a ${serviceDocName} server on the machine"; s3AccessKeyFile = mkOption { type = types.nullOr types.path; description = '' S3 access key for ${serviceDocName}'s bucket/s In AWS CLI, this would be AWS_ACCESS_KEY_ID. The S3 bucket is only created when non-`null`. ''; default = defaults.s3AccessKeyFile or null; }; s3SecretKeyFile = mkOption { type = types.nullOr types.path; description = '' S3 secret key for ${serviceDocName}'s bucket/s In AWS CLI, this would be AWS_SECRET_ACCESS_KEY. The S3 bucket is only created when non-`null`. ''; default = defaults.s3SecretKeyFile or null; }; domain = mkOption { type = types.str; description = "Internal option — change at your own risk"; # default = "${serviceName}.${config.fediversity.domain}"; default = defaults.domain or null; }; ## NOTE: In practice, we will want to plug our services to a central ## authentication service, eg. LDAP. In the meantime, for the demo ## effect (and for testing, tbh), we need a way to inject an initial ## user into our services. initialUser = mkOption { description = '' Some services require an initial user to access them. This option sets the credentials for such an initial user. ''; type = with types; nullOr ( submodule (initialUser: { options = { username = mkOption { type = str; description = "Username for login"; }; displayName = mkOption { type = str; description = "Display name of the user"; }; email = mkOption { type = str; description = "User's email address"; }; password = mkOption { type = str; description = "Password for login"; }; passwordFile = mkOption { type = str; # FIXME unsafe default = builtins.toString ( pkgs.writeText "application-admin-password" initialUser.config.password ); }; }; }) ); default = null; }; }