Fediversity/deployment/fediversity/applications/sharedOptions.nix

## NOTE: Not a module, but a helper function to create options for Fediversity
## services, as they tend to require the same ones.
{
  lib,
  pkgs,
  serviceDocName,
  defaults ? { },
}:
let
  inherit (lib) mkOption mkEnableOption;
  inherit (lib.types) types;
in
{
  enable = mkEnableOption "Enable a ${serviceDocName} server on the machine";

  s3AccessKeyFile = mkOption {
    type = types.nullOr types.path;
    description = ''
      S3 access key for ${serviceDocName}'s bucket/s

      In AWS CLI, this would be AWS_ACCESS_KEY_ID. The S3 bucket is only created
      when non-`null`.
    '';
    default = defaults.s3AccessKeyFile or null;
  };

  s3SecretKeyFile = mkOption {
    type = types.nullOr types.path;
    description = ''
      S3 secret key for ${serviceDocName}'s bucket/s

      In AWS CLI, this would be AWS_SECRET_ACCESS_KEY. The S3 bucket is only
      created when non-`null`.
    '';
    default = defaults.s3SecretKeyFile or null;
  };

  domain = mkOption {
    type = types.str;
    description = "Internal option — change at your own risk";
    # default = "${serviceName}.${config.fediversity.domain}";
    default = defaults.domain or null;
  };

  ## NOTE: In practice, we will want to plug our services to a central
  ## authentication service, eg. LDAP. In the meantime, for the demo
  ## effect (and for testing, tbh), we need a way to inject an initial
  ## user into our services.
  initialUser = mkOption {
    description = ''
      Some services require an initial user to access them.
      This option sets the credentials for such an initial user.
    '';
    type =
      with types;
      nullOr (
        submodule (initialUser: {
          options = {
            username = mkOption {
              type = str;
              description = "Username for login";
            };
            displayName = mkOption {
              type = str;
              description = "Display name of the user";
            };
            email = mkOption {
              type = str;
              description = "User's email address";
            };
            password = mkOption {
              type = str;
              description = "Password for login";
            };
            passwordFile = mkOption {
              type = str;
              # FIXME unsafe
              default = builtins.toString (
                pkgs.writeText "application-admin-password" initialUser.config.password
              );
            };
          };
        })
      );
    default = null;
  };
}