SelfPrivacy/selfprivacy-nixos-config
1
0
Fork 0
mirror of https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config.git synced 2024-11-06 00:43:11 +00:00
Code Issues Projects Releases Wiki Activity
selfprivacy-nixos-config/variables-module.nix
Inex Code c1ed3a522c Move secrets out of Nix Store (#19) 
Nix store is world-readable, and while nix repl fails to get the secret due to file permissions, we should still set up secrets without getting them in Nix store.

In the past tmpfiles.d was used, but its entire contents get to the nix store.

Now, all files with secrets are generated in activation scripts, with the help of jq and sed.

Also dead Pleroma code was deleted, but CAPTCHA is still broken.

Co-authored-by: inexcode <inex.code@selfprivacy.org>
Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/pulls/19
Co-authored-by: Inex Code <inex.code@selfprivacy.org>
Co-committed-by: Inex Code <inex.code@selfprivacy.org>
2022-07-19 15:18:46 +03:00

168 lines
3.8 KiB
Nix
Raw Blame History

{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.services.userdata;
directionArg =
if cfg.direction == ""
then ""
else "--direction=${cfg.direction}";
in
{
options.services.userdata = {
# General server options
hostname = mkOption {
description = "The hostname of the server.";
type = types.nullOr types.str;
};
domain = mkOption {
description = ''
Domain used by the server
'';
type = types.nullOr types.str;
};
timezone = mkOption {
description = ''
Timezone used by the server
'';
type = types.nullOr types.str;
default = "Europe/Uzhgorod";
};
autoUpgrade = {
enable = mkOption {
description = "Enable auto-upgrade of the server.";
default = true;
type = types.nullOr types.bool;
};
allowReboot = mkOption {
description = "Allow the server to reboot during the upgrade.";
default = false;
type = types.nullOr types.bool;
};
};
########################
# Server admin options #
########################
username = mkOption {
description = ''
Username that was defined at the initial setup process
'';
type = types.nullOr types.str;
};
hashedMasterPassword = mkOption {
description = ''
Hash of the password that was defined at the initial setup process
'';
type = types.nullOr types.str;
};
sshKeys = mkOption {
description = ''
SSH keys of the user that was defined at the initial setup process
'';
type = types.nullOr (types.listOf types.str);
default = [ ];
};
###############
# API options #
###############
api = {
enableSwagger = mkOption {
default = true;
description = ''
Enable Swagger UI
'';
type = types.bool;
};
skippedMigrations = mkOption {
default = [ ];
description = ''
List of migrations that should be skipped
'';
type = types.listOf types.str;
};
};
#############
# Secrets #
#############
backblaze = {
bucket = mkOption {
description = "Bucket name used for userdata backups";
type = types.nullOr types.str;
};
};
##############
# Services #
##############
bitwarden = {
enable = mkOption {
default = false;
type = types.nullOr types.bool;
};
};
gitea = {
enable = mkOption {
default = false;
type = types.nullOr types.bool;
};
};
nextcloud = {
enable = mkOption {
default = true;
type = types.nullOr types.bool;
};
};
pleroma = {
enable = mkOption {
default = false;
type = types.nullOr types.bool;
};
};
jitsi = {
enable = mkOption {
default = false;
type = types.nullOr types.bool;
};
};
ocserv = {
enable = mkOption {
default = true;
type = types.nullOr types.bool;
};
};
#########
# SSH #
#########
ssh = {
enable = mkOption {
default = true;
type = types.nullOr types.bool;
};
rootKeys = mkOption {
description = ''
Root SSH Keys
'';
type = types.nullOr (types.listOf types.str);
default = [ "" ];
};
passwordAuthentication = mkOption {
description = ''
Password authentication for SSH
'';
default = true;
type = types.nullOr types.bool;
};
};
###########
# Users #
###########
users = mkOption {
description = ''
Users that will be created on the server
'';
type = types.nullOr (types.listOf (types.attrsOf types.anything));
default = [ ];
};
};
}
Reference in a new issue View git blame Copy permalink