kiara/Fediversity
1
0
Fork 0
forked from Fediversity/Fediversity
Code Pull requests Activity
Fediversity/services/fediversity/default.nix
Kiara Grouwstra dd5a6335b1
proxmox 
pass in description

fix syntax

configure proxmox provider

typo

add doc comment in existing modules

add comment

allow insecure proxmox connection for use in dev

wip proxmox progress

use service configurations moved to machine-independent location

wire settings directly without option block terraform

adjust cwd

try tf on null input

update .envrc.sample with sample proxmox credentials
2025-05-11 19:22:49 +02:00

76 lines
2.2 KiB
Nix
Raw Blame History

{ lib, config, ... }:
let
inherit (lib) mkOption;
inherit (lib.types) types;
in
{
imports = [
./garage
./mastodon
./pixelfed
./peertube
];
options = {
fediversity = {
domain = mkOption {
type = types.str;
description = ''
root domain for the Fediversity services
For instance, if this option is set to `foo.example.com`, then
Pixelfed might be under `pixelfed.foo.example.com`.
'';
};
temp = mkOption {
description = "options that are only used while developing; should be removed eventually";
default = { };
type = types.submodule {
options = {
cores = mkOption {
description = "number of cores; should be obtained from TF";
type = types.int;
};
## NOTE: In practice, we will want to plug our services to a central
## authentication service, eg. LDAP. In the meantime, for the demo
## effect (and for testing, tbh), we need a way to inject an initial
## user into our services.
initialUser = {
username = mkOption {
type = types.str;
description = "Username of the initial user";
};
displayName = mkOption {
type = types.str;
description = "Name of the initial user, for humans";
default = config.fediversity.temp.initialUser.name;
};
email = mkOption {
type = types.str;
description = "Email of the initial user";
};
passwordFile = mkOption {
type = types.path;
description = "Path to a file containing the initial user's password";
};
};
};
};
};
};
};
config = {
## FIXME: This should clearly go somewhere else; and we should have a
## `staging` vs. `production` setting somewhere.
security.acme = {
acceptTerms = true;
defaults.email = "nicolas.jeannerod+fediversity@moduscreate.com";
# defaults.server = "https://acme-staging-v02.api.letsencrypt.org/directory";
};
};
}
View git blame Copy permalink