sp-config/selfprivacy-module.nix

{ lib, ... }:

with lib;
{
  options.selfprivacy = {
    # General server options
    hostname = mkOption {
      description = "The hostname of the server.";
      type = types.nullOr types.str;
    };
    domain = mkOption {
      description = ''
        Domain used by the server
      '';
      # see: https://regexr.com/7p7ep, https://stackoverflow.com/a/26987741
      type = lib.types.strMatching ''^(xn--)?[a-z0-9][a-z0-9_-]{0,61}[a-z0-9]{0,1}\.(xn--)?([a-z0-9\-]{1,61}|[a-z0-9-]{1,30}\.[a-z]{2,})$'';
    };
    timezone = mkOption {
      description = ''
        Timezone used by the server
      '';
      type = types.nullOr types.str;
      default = "Etc/UTC";
    };
    autoUpgrade = {
      enable = mkOption {
        description = "Enable auto-upgrade of the server.";
        default = false;
        type = types.nullOr types.bool;
      };
      allowReboot = mkOption {
        description = "Allow the server to reboot during the upgrade.";
        default = false;
        type = types.nullOr types.bool;
      };
    };
    sso = {
      enable = mkOption {
        description = "Enable SSO.";
        default = true;
        type = types.nullOr types.bool;
      };
      debug = mkOption {
        description = "Enable debug for SSO.";
        default = false;
        type = types.nullOr types.bool;
      };
    };
    stateVersion = mkOption {
      description = "State version of the server";
      type = types.nullOr types.str;
      default = null;
    };
    ########################
    # Server admin options #
    ########################
    username = mkOption {
      description = ''
        Username that was defined at the initial setup process
      '';
      type = types.nullOr types.str;
    };
    hashedMasterPassword = mkOption {
      description = ''
        Hash of the password that was defined at the initial setup process
      '';
      type = types.nullOr types.str;
    };
    sshKeys = mkOption {
      description = ''
        SSH keys of the user that was defined at the initial setup process
      '';
      type = types.nullOr (types.listOf types.str);
      default = [ ];
    };
    #############
    #    DNS    #
    #############
    dns = {
      provider = mkOption {
        description = "DNS provider that was defined at the initial setup process.";
        type = types.nullOr types.str;
      };
      useStagingACME = mkOption {
        description = "Use staging ACME server. Default is false";
        type = types.nullOr types.bool;
        default = false;
      };
      forceDisableDnsPropagationCheck = mkOption {
        description = "Force disable DNS propagation check.";
        type = types.nullOr types.bool;
        default = false;
      };
    };
    server = {
      provider = mkOption {
        description = "Server provider that was defined at the initial setup process.";
        type = types.str;
      };
      rootPartition = mkOption {
        description = "Root partition to use.";
        type = types.nullOr types.str;
        default = null;
      };
      rootPartitionName = mkOption {
        description = "Canonical root partition name.";
        type = types.nullOr types.str;
        default = null;
      };
    };
    #########
    #  SSH  #
    #########
    ssh = {
      enable = mkOption {
        default = true;
        type = types.nullOr types.bool;
      };
      rootKeys = mkOption {
        description = ''
          Root SSH authorized keys
        '';
        type = types.nullOr (types.listOf types.str);
        default = [ "" ];
      };
    };
    ###########
    #  Users  #
    ###########
    users = mkOption {
      description = ''
        Users that will be created on the server
      '';
      type = types.nullOr (types.listOf (types.attrsOf types.anything));
      default = [ ];
    };
    ##############
    #   Volumes  #
    ##############
    volumes = mkOption {
      description = ''
        Volumes that will be created on the server
      '';
      type = types.nullOr (types.listOf (types.attrsOf types.anything));
      default = [ ];
    };
    useBinds = mkOption {
      type = types.nullOr types.bool;
      default = false;
      description = "Whether to bind-mount vmail and sieve folders";
    };
    ################
    #  PostgreSQL  #
    ################
    postgresql = {
      location = mkOption {
        description = "Volume name where to store Postgres data.";
        type = types.nullOr types.str;
        default = null;
      };
    };
    ################
    # passthrough  #
    ################
    passthru = mkOption {
      type = types.submodule {
        freeformType = with types; lazyAttrsOf (uniq unspecified);
        options = { };
      };
      default = { };
      visible = false;
      description = ''
        This attribute allows to share data between modules.
        You can put whatever you want here.
      '';
    };
    #################
    #  Workarounds  #
    #################
    workarounds = {
      deleteNextcloudAdmin = mkOption {
        description = ''
          Whether to delete an admin user, which is initially created
        '';
        type = types.bool;
        default = false;
      };
    };

    #################
    #     Email     #
    #################
    email = with lib; mkOption {
      type = types.attrsOf (
        types.submodule (
          { ... }: {
            options = {
              subdomain = mkOption {
                type = with types; strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";
                example = "myservice";
                default = config.sp.domain;
                description = "Subdomain to send emails from";
              };

              systemdTargets = mkOption {
                type = with types; listOf (strMatchig "[a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)");
                default = [];
                example = [ "generate-mastodon-email-password.service" ];
                description = "Systemd target which generates password file.";
              };

              sendOnly = mkOption {
                type = with types; bool;
                default = true;
                example = "false";
                description = "Specifies if the account should be a send-only account. Emails sent to send-only accounts will be rejected.";
              };

              hashedPasswordFile = mkOption {
                type = with types; str;
                example = "/run/keys/mastodon/email_password";
                description = "Path where a file containing password hash located.";
              };
            };
          }
        )
      );

      description = ''
        Don't use this option to create regular users!!!

        This option gives modules possibility to create mailboxes to send emails, e.g. notifications or reminders.
      '';

      example = {
        "noreply@mastodon.example.tld" = {
          hashedPasswordFile = "/run/keys/mastodon/email_password";
          systemdTargets = [ "generate-mastodon-email-password.service" ];
        };
      };
    };
  };
}
fix selfprivacy.passthru: allow any types 2025-02-03 00:56:12 +04:00			`{ lib, ... }:`
Initial commit 2021-11-15 13:02:05 +03:00
			`with lib;`
			`{`
selfprivacy.userdata -> selfprivacy; SP modules -> selfprivacy.modules 2023-11-16 04:00:11 +04:00			`options.selfprivacy = {`
API controlled timezone, autoupgrades and SSH keys 2021-11-22 19:53:43 +03:00			`# General server options`
Initial commit 2021-11-15 13:02:05 +03:00			`hostname = mkOption {`
			`description = "The hostname of the server.";`
Oops, types.string is deprecated See https://github.com/NixOS/nixpkgs/pull/66346 2021-11-16 13:30:11 +03:00			`type = types.nullOr types.str;`
Initial commit 2021-11-15 13:02:05 +03:00			`};`
			`domain = mkOption {`
			`description = ''`
			`Domain used by the server`
			`'';`
get rid of files.nix; ACME/credentialsFile and other cleanup 2023-12-16 09:39:22 +04:00			`# see: https://regexr.com/7p7ep, https://stackoverflow.com/a/26987741`
			`type = lib.types.strMatching ''^(xn--)?[a-z0-9][a-z0-9_-]{0,61}[a-z0-9]{0,1}\.(xn--)?([a-z0-9\-]{1,61}\|[a-z0-9-]{1,30}\.[a-z]{2,})$'';`
Initial commit 2021-11-15 13:02:05 +03:00			`};`
API controlled timezone, autoupgrades and SSH keys 2021-11-22 19:53:43 +03:00			`timezone = mkOption {`
			`description = ''`
			`Timezone used by the server`
			`'';`
			`type = types.nullOr types.str;`
default timezone is "Etc/UTC" 2024-01-19 02:59:29 +04:00			`default = "Etc/UTC";`
API controlled timezone, autoupgrades and SSH keys 2021-11-22 19:53:43 +03:00			`};`
			`autoUpgrade = {`
			`enable = mkOption {`
			`description = "Enable auto-upgrade of the server.";`
autoUpgrade.enable = false by default 2023-11-18 05:40:57 +04:00			`default = false;`
API controlled timezone, autoupgrades and SSH keys 2021-11-22 19:53:43 +03:00			`type = types.nullOr types.bool;`
			`};`
			`allowReboot = mkOption {`
			`description = "Allow the server to reboot during the upgrade.";`
			`default = false;`
			`type = types.nullOr types.bool;`
			`};`
			`};`
add options: selfprivacy.sso.enable && selfprivacy.sso.debug selfprivacy.sso.enable is true by default. 2025-02-03 01:35:21 +04:00			`sso = {`
			`enable = mkOption {`
			`description = "Enable SSO.";`
			`default = true;`
			`type = types.nullOr types.bool;`
			`};`
			`debug = mkOption {`
			`description = "Enable debug for SSO.";`
			`default = false;`
			`type = types.nullOr types.bool;`
			`};`
			`};`
move system.stateVersion back to userdata 2023-12-22 19:33:24 +04:00			`stateVersion = mkOption {`
			`description = "State version of the server";`
system.stateVersion: default or config.selfprivacy.stateVersion 2023-12-22 23:04:03 +04:00			`type = types.nullOr types.str;`
			`default = null;`
move system.stateVersion back to userdata 2023-12-22 19:33:24 +04:00			`};`
API controlled timezone, autoupgrades and SSH keys 2021-11-22 19:53:43 +03:00			`########################`
			`# Server admin options #`
			`########################`
Initial commit 2021-11-15 13:02:05 +03:00			`username = mkOption {`
			`description = ''`
			`Username that was defined at the initial setup process`
			`'';`
Oops, types.string is deprecated See https://github.com/NixOS/nixpkgs/pull/66346 2021-11-16 13:30:11 +03:00			`type = types.nullOr types.str;`
Initial commit 2021-11-15 13:02:05 +03:00			`};`
			`hashedMasterPassword = mkOption {`
			`description = ''`
			`Hash of the password that was defined at the initial setup process`
			`'';`
Oops, types.string is deprecated See https://github.com/NixOS/nixpkgs/pull/66346 2021-11-16 13:30:11 +03:00			`type = types.nullOr types.str;`
Initial commit 2021-11-15 13:02:05 +03:00			`};`
API controlled timezone, autoupgrades and SSH keys 2021-11-22 19:53:43 +03:00			`sshKeys = mkOption {`
			`description = ''`
			`SSH keys of the user that was defined at the initial setup process`
			`'';`
Fix wrong type of admin ssh keys 2021-11-29 22:17:37 +03:00			`type = types.nullOr (types.listOf types.str);`
API controlled timezone, autoupgrades and SSH keys 2021-11-22 19:53:43 +03:00			`default = [ ];`
			`};`
			`#############`
get rid of files.nix; ACME/credentialsFile and other cleanup 2023-12-16 09:39:22 +04:00			`# DNS #`
API controlled timezone, autoupgrades and SSH keys 2021-11-22 19:53:43 +03:00			`#############`
feat(userdata): Support for newer JSON schema of provider 2022-11-08 01:44:09 +03:00			`dns = {`
			`provider = mkOption {`
clean configuration; simple-nixos-mailserver is an ordinary SP module 2023-12-12 08:25:06 +04:00			`description = "DNS provider that was defined at the initial setup process.";`
feat(userdata): Support for newer JSON schema of provider 2022-11-08 01:44:09 +03:00			`type = types.nullOr types.str;`
			`};`
feat: add dns.useStagingACME option Used for testing environments, so we don't stumble upon ACME rate limits. 2022-11-16 11:02:20 +03:00			`useStagingACME = mkOption {`
			`description = "Use staging ACME server. Default is false";`
			`type = types.nullOr types.bool;`
clean configuration; simple-nixos-mailserver is an ordinary SP module 2023-12-12 08:25:06 +04:00			`default = false;`
feat: add dns.useStagingACME option Used for testing environments, so we don't stumble upon ACME rate limits. 2022-11-16 11:02:20 +03:00			`};`
fix: Allow force disabling the dns propagation check 2025-04-27 09:10:43 +03:00			`forceDisableDnsPropagationCheck = mkOption {`
			`description = "Force disable DNS propagation check.";`
			`type = types.nullOr types.bool;`
			`default = false;`
			`};`
feat(userdata): Support for newer JSON schema of provider 2022-11-08 01:44:09 +03:00			`};`
			`server = {`
			`provider = mkOption {`
clean configuration; simple-nixos-mailserver is an ordinary SP module 2023-12-12 08:25:06 +04:00			`description = "Server provider that was defined at the initial setup process.";`
get rid of files.nix; ACME/credentialsFile and other cleanup 2023-12-16 09:39:22 +04:00			`type = types.str;`
Switched to binds, volume management, new API 2022-08-26 14:21:05 +04:00			`};`
feat: add rootPartition option to userdata 2025-07-23 18:16:16 +03:00			`rootPartition = mkOption {`
			`description = "Root partition to use.";`
			`type = types.nullOr types.str;`
feat: Add rootPartitionName option to userdata 2025-07-25 12:40:49 +03:00			`default = null;`
			`};`
			`rootPartitionName = mkOption {`
			`description = "Canonical root partition name.";`
			`type = types.nullOr types.str;`
feat: add rootPartition option to userdata 2025-07-23 18:16:16 +03:00			`default = null;`
			`};`
Initial commit 2021-11-15 13:02:05 +03:00			`};`
API controlled timezone, autoupgrades and SSH keys 2021-11-22 19:53:43 +03:00			`#########`
			`# SSH #`
			`#########`
Add more SSH settings 2021-11-15 16:35:04 +03:00			`ssh = {`
			`enable = mkOption {`
			`default = true;`
			`type = types.nullOr types.bool;`
			`};`
			`rootKeys = mkOption {`
			`description = ''`
clean configuration; simple-nixos-mailserver is an ordinary SP module 2023-12-12 08:25:06 +04:00			`Root SSH authorized keys`
Add more SSH settings 2021-11-15 16:35:04 +03:00			`'';`
Oops, types.string is deprecated See https://github.com/NixOS/nixpkgs/pull/66346 2021-11-16 13:30:11 +03:00			`type = types.nullOr (types.listOf types.str);`
API controlled timezone, autoupgrades and SSH keys 2021-11-22 19:53:43 +03:00			`default = [ "" ];`
Add more SSH settings 2021-11-15 16:35:04 +03:00			`};`
Initial commit 2021-11-15 13:02:05 +03:00			`};`
API controlled timezone, autoupgrades and SSH keys 2021-11-22 19:53:43 +03:00			`###########`
			`# Users #`
			`###########`
Initial commit 2021-11-15 13:02:05 +03:00			`users = mkOption {`
			`description = ''`
			`Users that will be created on the server`
			`'';`
It builds! 2021-11-15 13:29:20 +03:00			`type = types.nullOr (types.listOf (types.attrsOf types.anything));`
API controlled timezone, autoupgrades and SSH keys 2021-11-22 19:53:43 +03:00			`default = [ ];`
Initial commit 2021-11-15 13:02:05 +03:00			`};`
Switched to binds, volume management, new API 2022-08-26 14:21:05 +04:00			`##############`
			`# Volumes #`
			`##############`
			`volumes = mkOption {`
			`description = ''`
			`Volumes that will be created on the server`
			`'';`
			`type = types.nullOr (types.listOf (types.attrsOf types.anything));`
			`default = [ ];`
			`};`
			`useBinds = mkOption {`
			`type = types.nullOr types.bool;`
			`default = false;`
PoC working SP module system + simple-nixos-mailserver as an SP module 2023-11-10 07:10:06 +04:00			`description = "Whether to bind-mount vmail and sieve folders";`
Switched to binds, volume management, new API 2022-08-26 14:21:05 +04:00			`};`
feat: PostgreSQL migration 2024-12-22 13:19:10 +03:00			`################`
			`# PostgreSQL #`
			`################`
			`postgresql = {`
			`location = mkOption {`
			`description = "Volume name where to store Postgres data.";`
			`type = types.nullOr types.str;`
			`default = null;`
			`};`
			`};`
define selfprivacy.passthru option (type = types.submodule) Stock NixOS passthru option cannot be defined in multiple places. But we need to pass arbitrary parameters between SP modules. 2025-01-31 14:24:05 +04:00			`################`
			`# passthrough #`
			`################`
			`passthru = mkOption {`
			`type = types.submodule {`
fix selfprivacy.passthru: allow any types 2025-02-03 00:56:12 +04:00			`freeformType = with types; lazyAttrsOf (uniq unspecified);`
define selfprivacy.passthru option (type = types.submodule) Stock NixOS passthru option cannot be defined in multiple places. But we need to pass arbitrary parameters between SP modules. 2025-01-31 14:24:05 +04:00			`options = { };`
			`};`
			`default = { };`
			`visible = false;`
			`description = ''`
			`This attribute allows to share data between modules.`
			`You can put whatever you want here.`
			`'';`
			`};`
feat: Delete nextcloud admin user (#133) Co-authored-by: Alexander Tomokhov <alexoundos@selfprivacy.org> Reviewed-on: https://git.selfprivacy.org/SelfPrivacy/selfprivacy-nixos-config/pulls/133 2025-04-25 14:21:44 +03:00			`#################`
			`# Workarounds #`
			`#################`
			`workarounds = {`
			`deleteNextcloudAdmin = mkOption {`
			`description = ''`
			`Whether to delete an admin user, which is initially created`
			`'';`
			`type = types.bool;`
			`default = false;`
			`};`
			`};`
fix(email options) 2025-09-13 16:36:41 +03:00
			`#################`
			`# Email #`
			`#################`
			`email = with lib; mkOption {`
			`type = types.attrsOf (`
			`types.submodule (`
refactor(email-options): rename selfprivacy.email.subdomain to domain 2025-09-16 17:11:03 +03:00			`{ ... }: {`
fix(email options) 2025-09-13 16:36:41 +03:00			`options = {`
refactor(email-options): selfprivacy.email.domain -> subdomain 2025-09-16 19:08:15 +03:00			`subdomain = mkOption {`
fix(email options) 2025-09-13 16:36:41 +03:00			`type = with types; strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]";`
refactor(email-options): selfprivacy.email.domain -> subdomain 2025-09-16 19:08:15 +03:00			`example = "myservice";`
fix(email options) 2025-09-13 16:36:41 +03:00			`default = config.sp.domain;`
refactor(email-options): selfprivacy.email.domain -> subdomain 2025-09-16 19:08:15 +03:00			`description = "Subdomain to send emails from";`
fix(email options) 2025-09-13 16:36:41 +03:00			`};`

			`systemdTargets = mkOption {`
fix(email-options): fix incorrect option type 2025-09-16 19:30:19 +03:00			`type = with types; listOf (strMatchig "[a-zA-Z0-9@%:_.\-]+[.](service\|socket\|device\|mount\|automount\|swap\|target\|path\|timer\|scope\|slice)");`
fix(email options) 2025-09-13 16:36:41 +03:00			`default = [];`
			`example = [ "generate-mastodon-email-password.service" ];`
			`description = "Systemd target which generates password file.";`
			`};`

			`sendOnly = mkOption {`
			`type = with types; bool;`
			`default = true;`
			`example = "false";`
			`description = "Specifies if the account should be a send-only account. Emails sent to send-only accounts will be rejected.";`
			`};`

			`hashedPasswordFile = mkOption {`
			`type = with types; str;`
			`example = "/run/keys/mastodon/email_password";`
			`description = "Path where a file containing password hash located.";`
			`};`
			`};`
			`}`
			`)`
			`);`

			`description = ''`
			`Don't use this option to create regular users!!!`

			`This option gives modules possibility to create mailboxes to send emails, e.g. notifications or reminders.`
			`'';`

			`example = {`
			`"noreply@mastodon.example.tld" = {`
			`hashedPasswordFile = "/run/keys/mastodon/email_password";`
			`systemdTargets = [ "generate-mastodon-email-password.service" ];`
			`};`
			`};`
			`};`
Initial commit 2021-11-15 13:02:05 +03:00			`};`
			`}`