Skip to content
Snippets Groups Projects
Select Git revision
2 results Searching

issuer.nix

Blame
  • issuer.nix 10.17 KiB
    # A NixOS module which can run a Ristretto-based issuer for PrivateStorage
    # ZKAPs.
    { lib, pkgs, ourpkgs, config, ... }: let
      cfg = config.services.private-storage-issuer;
    in {
      options = {
        services.private-storage-issuer.enable = lib.mkEnableOption "PrivateStorage ZKAP Issuer Service";
        services.private-storage-issuer.package = lib.mkOption {
          default = ourpkgs.zkapissuer;
          type = lib.types.package;
          example = lib.literalExpression "pkgs.zkapissuer.components.exes.\"PaymentServer-exe\"";
          description = ''
            The package to use for the ZKAP issuer.
          '';
        };
        services.private-storage-issuer.domains = lib.mkOption {
          type = lib.types.listOf lib.types.str;
          example = [ "payments.example.com" ];
          description = ''
            The domain names at which the issuer is reachable.
          '';
        };
        services.private-storage-issuer.tls = lib.mkOption {
          default = true;
          type = lib.types.bool;
          description = ''
            Whether or not to listen on TLS.  For real-world use you should always
            listen on TLS.  This is provided as an aid to automated testing where
            it might be difficult to obtain a real certificate.
          '';
        };
        services.private-storage-issuer.issuer = lib.mkOption {
          default = "Ristretto";
          type = lib.types.enum [ "Trivial" "Ristretto" ];
          example = "Trivial";
          description = ''
            The issuer algorithm to use.  Either Trivial for a fake no-crypto
            algorithm or Ristretto for Ristretto-flavored PrivacyPass.
          '';
        };
        services.private-storage-issuer.ristrettoSigningKeyPath = lib.mkOption {
          default = null;
          type = lib.types.path;
          description = ''
            The path to a file containing the Ristretto signing key to use.
            Required if the issuer is ``Ristretto``.
          '';
        };
        services.private-storage-issuer.stripeSecretKeyPath = lib.mkOption {
          type = lib.types.path;
          description = ''
            The path to a file containing a Stripe secret key to use for charge
            and payment management.
          '';
        };
        services.private-storage-issuer.stripeEndpointDomain = lib.mkOption {
          type = lib.types.str;
          description = ''
            The domain name for the Stripe API HTTP endpoint.
          '';
          default = "api.stripe.com";
        };
        services.private-storage-issuer.stripeEndpointScheme = lib.mkOption {
          type = lib.types.enum [ "HTTP" "HTTPS" ];
          description = ''
            Whether to use HTTP or HTTPS for the Stripe API.
          '';
          default = "HTTPS";
        };
        services.private-storage-issuer.stripeEndpointPort = lib.mkOption {