{ lib, ... }: with lib; { options.selfprivacy = { # General server options hostname = mkOption { description = "The hostname of the server."; type = types.nullOr types.str; }; domain = mkOption { description = '' Domain used by the server ''; # see: https://regexr.com/7p7ep, https://stackoverflow.com/a/26987741 type = lib.types.strMatching ''^(xn--)?[a-z0-9][a-z0-9_-]{0,61}[a-z0-9]{0,1}\.(xn--)?([a-z0-9\-]{1,61}|[a-z0-9-]{1,30}\.[a-z]{2,})$''; }; timezone = mkOption { description = '' Timezone used by the server ''; type = types.nullOr types.str; default = "Etc/UTC"; }; autoUpgrade = { enable = mkOption { description = "Enable auto-upgrade of the server."; default = false; type = types.nullOr types.bool; }; allowReboot = mkOption { description = "Allow the server to reboot during the upgrade."; default = false; type = types.nullOr types.bool; }; }; sso = { enable = mkOption { description = "Enable SSO."; default = true; type = types.nullOr types.bool; }; debug = mkOption { description = "Enable debug for SSO."; default = false; type = types.nullOr types.bool; }; }; stateVersion = mkOption { description = "State version of the server"; type = types.nullOr types.str; default = null; }; ######################## # Server admin options # ######################## username = mkOption { description = '' Username that was defined at the initial setup process ''; type = types.nullOr types.str; }; hashedMasterPassword = mkOption { description = '' Hash of the password that was defined at the initial setup process ''; type = types.nullOr types.str; }; sshKeys = mkOption { description = '' SSH keys of the user that was defined at the initial setup process ''; type = types.nullOr (types.listOf types.str); default = [ ]; }; ############# # DNS # ############# dns = { provider = mkOption { description = "DNS provider that was defined at the initial setup process."; type = types.nullOr types.str; }; useStagingACME = mkOption { description = "Use staging ACME server. Default is false"; type = types.nullOr types.bool; default = false; }; forceDisableDnsPropagationCheck = mkOption { description = "Force disable DNS propagation check."; type = types.nullOr types.bool; default = false; }; }; server = { provider = mkOption { description = "Server provider that was defined at the initial setup process."; type = types.str; }; rootPartition = mkOption { description = "Root partition to use."; type = types.nullOr types.str; default = null; }; rootPartitionName = mkOption { description = "Canonical root partition name."; type = types.nullOr types.str; default = null; }; }; ######### # SSH # ######### ssh = { enable = mkOption { default = true; type = types.nullOr types.bool; }; rootKeys = mkOption { description = '' Root SSH authorized keys ''; type = types.nullOr (types.listOf types.str); default = [ "" ]; }; }; ########### # Users # ########### users = mkOption { description = '' Users that will be created on the server ''; type = types.nullOr (types.listOf (types.attrsOf types.anything)); default = [ ]; }; ############## # Volumes # ############## volumes = mkOption { description = '' Volumes that will be created on the server ''; type = types.nullOr (types.listOf (types.attrsOf types.anything)); default = [ ]; }; useBinds = mkOption { type = types.nullOr types.bool; default = false; description = "Whether to bind-mount vmail and sieve folders"; }; ################ # PostgreSQL # ################ postgresql = { location = mkOption { description = "Volume name where to store Postgres data."; type = types.nullOr types.str; default = null; }; }; ################ # passthrough # ################ passthru = mkOption { type = types.submodule { freeformType = with types; lazyAttrsOf (uniq unspecified); options = { }; }; default = { }; visible = false; description = '' This attribute allows to share data between modules. You can put whatever you want here. ''; }; ################# # Workarounds # ################# workarounds = { deleteNextcloudAdmin = mkOption { description = '' Whether to delete an admin user, which is initially created ''; type = types.bool; default = false; }; }; ################# # Email # ################# email = with lib; mkOption { type = types.attrsOf ( types.submodule ( { ... }: { options = { domain = mkOption { type = with types; strMatching "[A-Za-z0-9][A-Za-z0-9\-]{0,61}[A-Za-z0-9]"; example = "myservice.example.net"; default = config.sp.domain; description = "Domain to send emails from"; }; systemdTargets = mkOption { type = with types; listOf strMatchig "[a-zA-Z0-9@%:_.\-]+[.](service|socket|device|mount|automount|swap|target|path|timer|scope|slice)"; default = []; example = [ "generate-mastodon-email-password.service" ]; description = "Systemd target which generates password file."; }; sendOnly = mkOption { type = with types; bool; default = true; example = "false"; description = "Specifies if the account should be a send-only account. Emails sent to send-only accounts will be rejected."; }; hashedPasswordFile = mkOption { type = with types; str; example = "/run/keys/mastodon/email_password"; description = "Path where a file containing password hash located."; }; }; } ) ); description = '' Don't use this option to create regular users!!! This option gives modules possibility to create mailboxes to send emails, e.g. notifications or reminders. ''; example = { "noreply@mastodon.example.tld" = { hashedPasswordFile = "/run/keys/mastodon/email_password"; systemdTargets = [ "generate-mastodon-email-password.service" ]; }; }; }; }; }