Skip to content
Snippets Groups Projects
Select Git revision
2 results Searching

issuer.nix

Blame
    • issuer.nix 10.17 KiB 
    # A NixOS module which can run a Ristretto-based issuer for PrivateStorage
# ZKAPs.
{ lib, pkgs, ourpkgs, config, ... }: let
  cfg = config.services.private-storage-issuer;
in {
  options = {
    services.private-storage-issuer.enable = lib.mkEnableOption "PrivateStorage ZKAP Issuer Service";
    services.private-storage-issuer.package = lib.mkOption {
      default = ourpkgs.zkapissuer;
      type = lib.types.package;
      example = lib.literalExpression "pkgs.zkapissuer.components.exes.\"PaymentServer-exe\"";
      description = ''
        The package to use for the ZKAP issuer.
      '';
    };
    services.private-storage-issuer.domains = lib.mkOption {
      type = lib.types.listOf lib.types.str;
      example = [ "payments.example.com" ];
      description = ''
        The domain names at which the issuer is reachable.
      '';
    };
    services.private-storage-issuer.tls = lib.mkOption {
      default = true;
      type = lib.types.bool;
      description = ''
        Whether or not to listen on TLS.  For real-world use you should always
        listen on TLS.  This is provided as an aid to automated testing where
        it might be difficult to obtain a real certificate.
      '';
    };
    services.private-storage-issuer.issuer = lib.mkOption {
      default = "Ristretto";
      type = lib.types.enum [ "Trivial" "Ristretto" ];
      example = "Trivial";
      description = ''
        The issuer algorithm to use.  Either Trivial for a fake no-crypto
        algorithm or Ristretto for Ristretto-flavored PrivacyPass.
      '';
    };
    services.private-storage-issuer.ristrettoSigningKeyPath = lib.mkOption {
      default = null;
      type = lib.types.path;
      description = ''
        The path to a file containing the Ristretto signing key to use.
        Required if the issuer is ``Ristretto``.
      '';
    };
    services.private-storage-issuer.stripeSecretKeyPath = lib.mkOption {
      type = lib.types.path;
      description = ''
        The path to a file containing a Stripe secret key to use for charge
        and payment management.
      '';
    };
    services.private-storage-issuer.stripeEndpointDomain = lib.mkOption {
      type = lib.types.str;
      description = ''
        The domain name for the Stripe API HTTP endpoint.
      '';
      default = "api.stripe.com";
    };
    services.private-storage-issuer.stripeEndpointScheme = lib.mkOption {
      type = lib.types.enum [ "HTTP" "HTTPS" ];
      description = ''
        Whether to use HTTP or HTTPS for the Stripe API.
      '';
      default = "HTTPS";
    };
    services.private-storage-issuer.stripeEndpointPort = lib.mkOption {