Skip to content
Snippets Groups Projects
Select Git revision
  • production protected
  • develop default protected
  • nixpkgs-upgrade-2024-12-23
  • 190-our-regular-updates-fill-up-the-servers-boot-partitions
  • nixpkgs-upgrade-2024-10-14
  • hro-cloud protected
  • 162.flexible-grafana-module
  • nixpkgs-upgrade-2024-05-13
  • nixpkgs-upgrade-2024-04-22
  • nixpkgs-upgrade-2024-03-25
  • nixpkgs-upgrade-2024-03-18
  • nixpkgs-upgrade-2024-03-11
  • nixpkgs-upgrade-2024-03-04
  • 163.jp-to-ben-for-prod
  • nixpkgs-upgrade-2024-02-26
  • 164.grafana-alert-rules
  • 157.authorize-new-hro-key
  • nixpkgs-upgrade-2024-02-19
  • nixpkgs-upgrade-2024-02-12
  • make-sure-we-run-a-openzfs-compatible-kernel
20 results
Blame Permalink
issuer.nix 10.17 KiB 
# A NixOS module which can run a Ristretto-based issuer for PrivateStorage
# ZKAPs.
{ lib, pkgs, ourpkgs, config, ... }: let
  cfg = config.services.private-storage-issuer;
in {
  options = {
    services.private-storage-issuer.enable = lib.mkEnableOption "PrivateStorage ZKAP Issuer Service";
    services.private-storage-issuer.package = lib.mkOption {
      default = ourpkgs.zkapissuer;
      type = lib.types.package;
      example = lib.literalExpression "pkgs.zkapissuer.components.exes.\"PaymentServer-exe\"";
      description = ''
        The package to use for the ZKAP issuer.
      '';
    };
    services.private-storage-issuer.domains = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      example = [ "payments.example.com" ];
      description = ''
        The domain names at which the issuer is reachable.
      '';
    };
    services.private-storage-issuer.tls = lib.mkOption {
      default = true;
      type = lib.types.bool;
      description = ''
        Whether or not to listen on TLS.  For real-world use you should always
        listen on TLS.  This is provided as an aid to automated testing where
        it might be difficult to obtain a real certificate.
      '';
    };
    services.private-storage-issuer.issuer = lib.mkOption {
      default = "Ristretto";
      type = lib.types.enum [ "Trivial" "Ristretto" ];
      example = "Trivial";
      description = ''
        The issuer algorithm to use.  Either Trivial for a fake no-crypto
        algorithm or Ristretto for Ristretto-flavored PrivacyPass.
      '';
    };
    services.private-storage-issuer.ristrettoSigningKeyPath = lib.mkOption {
      default = null;
      type = lib.types.path;
      description = ''
        The path to a file containing the Ristretto signing key to use.
        Required if the issuer is ``Ristretto``.
      '';
    };
    services.private-storage-issuer.stripeSecretKeyPath = lib.mkOption {
      type = lib.types.path;
      description = ''
        The path to a file containing a Stripe secret key to use for charge
        and payment management.
      '';
    };
    services.private-storage-issuer.stripeEndpointDomain = lib.mkOption {
      type = lib.types.str;
      description = ''
        The domain name for the Stripe API HTTP endpoint.
      '';
      default = "api.stripe.com";
    };
    services.private-storage-issuer.stripeEndpointScheme = lib.mkOption {
      type = lib.types.enum [ "HTTP" "HTTPS" ];
      description = ''
        Whether to use HTTP or HTTPS for the Stripe API.
      '';
      default = "HTTPS";
    };
    services.private-storage-issuer.stripeEndpointPort = lib.mkOption {