forked from fediversity/fediversity
Kiara Grouwstra
82f83eea0d
closes #34. Co-authored-by: Valentin Gagarin <valentin.gagarin@tweag.io> Reviewed-on: Fediversity/Fediversity#457 Reviewed-by: Valentin Gagarin <valentin.gagarin@tweag.io> Co-authored-by: Kiara Grouwstra <kiara@procolix.eu> Co-committed-by: Kiara Grouwstra <kiara@procolix.eu>
80 lines
2.4 KiB
Nix
80 lines
2.4 KiB
Nix
{ lib, config, ... }:
|
|
|
|
let
|
|
inherit (lib) mkOption;
|
|
inherit (lib.types) types;
|
|
|
|
in
|
|
{
|
|
_class = "nixos";
|
|
|
|
imports = [
|
|
./garage
|
|
./mastodon
|
|
./pixelfed
|
|
./peertube
|
|
];
|
|
|
|
options = {
|
|
fediversity = {
|
|
domain = mkOption {
|
|
type = types.str;
|
|
description = ''
|
|
root domain for the Fediversity services
|
|
|
|
For instance, if this option is set to `foo.example.com`, then
|
|
Pixelfed might be under `pixelfed.foo.example.com`.
|
|
'';
|
|
};
|
|
|
|
temp = mkOption {
|
|
description = "options that are only used while developing; should be removed eventually";
|
|
default = { };
|
|
type = types.submodule {
|
|
options = {
|
|
cores = mkOption {
|
|
description = "number of cores; should be obtained from NixOps4";
|
|
type = types.int;
|
|
};
|
|
|
|
## NOTE: In practice, we will want to plug our services to a central
|
|
## authentication service, eg. LDAP. In the meantime, for the demo
|
|
## effect (and for testing, tbh), we need a way to inject an initial
|
|
## user into our services.
|
|
initialUser = {
|
|
username = mkOption {
|
|
type = types.str;
|
|
description = "Username of the initial user";
|
|
};
|
|
displayName = mkOption {
|
|
type = types.str;
|
|
description = "Name of the initial user, for humans";
|
|
default = config.fediversity.temp.initialUser.username;
|
|
};
|
|
email = mkOption {
|
|
type = types.str;
|
|
description = "Email of the initial user";
|
|
};
|
|
passwordFile = mkOption {
|
|
type = types.path;
|
|
description = "Path to a file containing the initial user's password";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
config = {
|
|
## FIXME: This should clearly go somewhere else; and we should have a
|
|
## `staging` vs. `production` setting somewhere.
|
|
security.acme = {
|
|
acceptTerms = true;
|
|
# use a priority more urgent than mkDefault for panel deployment to work,
|
|
# yet looser than default so this will not clash with the setting in tests.
|
|
defaults.email = lib.modules.mkOverride 200 "something@fediversity.net";
|
|
# defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
|
|
};
|
|
};
|
|
}
|