Skip to content
Snippets Groups Projects
Select Git revision
  • 114e4d797a852bb3a8916e531ffc1fe3adf8c794
  • develop default protected
  • production protected
  • nixpkgs-upgrade-2025-06-16
  • nixpkgs-upgrade-2024-12-23
  • 190-our-regular-updates-fill-up-the-servers-boot-partitions
  • nixpkgs-upgrade-2024-10-14
  • hro-cloud protected
  • 162.flexible-grafana-module
  • nixpkgs-upgrade-2024-05-13
  • nixpkgs-upgrade-2024-04-22
  • nixpkgs-upgrade-2024-03-25
  • nixpkgs-upgrade-2024-03-18
  • nixpkgs-upgrade-2024-03-11
  • nixpkgs-upgrade-2024-03-04
  • 163.jp-to-ben-for-prod
  • nixpkgs-upgrade-2024-02-26
  • 164.grafana-alert-rules
  • 157.authorize-new-hro-key
  • nixpkgs-upgrade-2024-02-19
  • nixpkgs-upgrade-2024-02-12
21 results

issuer.nix

Blame
  • issuer.nix 11.14 KiB
    # A NixOS module which can run a Ristretto-based issuer for PrivateStorage
    # ZKAPs.
    { lib, pkgs, ourpkgs, config, ... }: let
      cfg = config.services.private-storage-issuer;
    in {
      options = {
        services.private-storage-issuer.enable = lib.mkEnableOption "PrivateStorage ZKAP Issuer Service";
        services.private-storage-issuer.package = lib.mkOption {
          default = ourpkgs.zkapissuer;
          type = lib.types.package;
          example = lib.literalExpression "pkgs.zkapissuer.components.exes.\"PaymentServer-exe\"";
          description = ''
            The package to use for the ZKAP issuer.
          '';
        };
        services.private-storage-issuer.domains = lib.mkOption {
          type = lib.types.listOf lib.types.str;
          example = [ "payments.example.com" ];
          description = ''
            The domain names at which the issuer is reachable.
          '';
        };
        services.private-storage-issuer.tls = lib.mkOption {
          default = true;
          type = lib.types.bool;
          description = ''
            Whether or not to listen on TLS.  For real-world use you should always
            listen on TLS.  This is provided as an aid to automated testing where
            it might be difficult to obtain a real certificate.
          '';
        };
        services.private-storage-issuer.issuer = lib.mkOption {
          default = "Ristretto";
          type = lib.types.enum [ "Trivial" "Ristretto" ];
          example = "Trivial";
          description = ''
            The issuer algorithm to use.  Either Trivial for a fake no-crypto
            algorithm or Ristretto for Ristretto-flavored PrivacyPass.
          '';
        };
        services.private-storage-issuer.tokensPerVoucher = lib.mkOption {
          default = null;
          type = lib.types.nullOr lib.types.int;
          example = 50000;
          description = ''
            If not null, a value to pass to PaymentServer for
            ``--tokens-per-voucher``.
          '';
        };
        services.private-storage-issuer.ristrettoSigningKeyPath = lib.mkOption {
          default = null;
          type = lib.types.path;
          description = ''
            The path to a file containing the Ristretto signing key to use.
            Required if the issuer is ``Ristretto``.
          '';
        };
        services.private-storage-issuer.stripeSecretKeyPath = lib.mkOption {
          type = lib.types.path;
          description = ''
            The path to a file containing a Stripe secret key to use for charge
            and payment management.
          '';
        };
        services.private-storage-issuer.stripeEndpointDomain = lib.mkOption {
          type = lib.types.str;
          description = ''
            The domain name for the Stripe API HTTP endpoint.
          '';
          default = "api.stripe.com";