nixos/services.hologram-server: remove `with lib;`

pyrox.dev / nixpkgs

fork atom

lol

fork atom

Felix Buehler 1 year ago 3bb7989e 83ccb2a1

+31 -34

1 changed file

expand all

nixos

modules

services

security

hologram-server.nix

+31 -34

nixos/modules/services/security/hologram-server.nix

··· 4 4 lib, 5 5 ... 6 6 }: 7 - 8 - with lib; 9 - 10 7 let 11 8 cfg = config.services.hologram-server; 12 9 ··· 38 35 { 39 36 options = { 40 37 services.hologram-server = { 41 - enable = mkOption { 42 - type = types.bool; 38 + enable = lib.mkOption { 39 + type = lib.types.bool; 43 40 default = false; 44 41 description = "Whether to enable the Hologram server for AWS instance credentials"; 45 42 }; 46 43 47 - listenAddress = mkOption { 48 - type = types.str; 44 + listenAddress = lib.mkOption { 45 + type = lib.types.str; 49 46 default = "0.0.0.0:3100"; 50 47 description = "Address and port to listen on"; 51 48 }; 52 49 53 - ldapHost = mkOption { 54 - type = types.str; 50 + ldapHost = lib.mkOption { 51 + type = lib.types.str; 55 52 description = "Address of the LDAP server to use"; 56 53 }; 57 54 58 - ldapInsecure = mkOption { 59 - type = types.bool; 55 + ldapInsecure = lib.mkOption { 56 + type = lib.types.bool; 60 57 default = false; 61 58 description = "Whether to connect to LDAP over SSL or not"; 62 59 }; 63 60 64 - ldapUserAttr = mkOption { 65 - type = types.str; 61 + ldapUserAttr = lib.mkOption { 62 + type = lib.types.str; 66 63 default = "cn"; 67 64 description = "The LDAP attribute for usernames"; 68 65 }; 69 66 70 - ldapBaseDN = mkOption { 71 - type = types.str; 67 + ldapBaseDN = lib.mkOption { 68 + type = lib.types.str; 72 69 description = "The base DN for your Hologram users"; 73 70 }; 74 71 75 - ldapBindDN = mkOption { 76 - type = types.str; 72 + ldapBindDN = lib.mkOption { 73 + type = lib.types.str; 77 74 description = "DN of account to use to query the LDAP server"; 78 75 }; 79 76 80 - ldapBindPassword = mkOption { 81 - type = types.str; 77 + ldapBindPassword = lib.mkOption { 78 + type = lib.types.str; 82 79 description = "Password of account to use to query the LDAP server"; 83 80 }; 84 81 85 - enableLdapRoles = mkOption { 86 - type = types.bool; 82 + enableLdapRoles = lib.mkOption { 83 + type = lib.types.bool; 87 84 default = false; 88 85 description = "Whether to assign user roles based on the user's LDAP group memberships"; 89 86 }; 90 87 91 - groupClassAttr = mkOption { 92 - type = types.str; 88 + groupClassAttr = lib.mkOption { 89 + type = lib.types.str; 93 90 default = "groupOfNames"; 94 91 description = "The objectclass attribute to search for groups when enableLdapRoles is true"; 95 92 }; 96 93 97 - roleAttr = mkOption { 98 - type = types.str; 94 + roleAttr = lib.mkOption { 95 + type = lib.types.str; 99 96 default = "businessCategory"; 100 97 description = "Which LDAP group attribute to search for authorized role ARNs"; 101 98 }; 102 99 103 - awsAccount = mkOption { 104 - type = types.str; 100 + awsAccount = lib.mkOption { 101 + type = lib.types.str; 105 102 description = "AWS account number"; 106 103 }; 107 104 108 - awsDefaultRole = mkOption { 109 - type = types.str; 105 + awsDefaultRole = lib.mkOption { 106 + type = lib.types.str; 110 107 description = "AWS default role"; 111 108 }; 112 109 113 - statsAddress = mkOption { 114 - type = types.str; 110 + statsAddress = lib.mkOption { 111 + type = lib.types.str; 115 112 default = ""; 116 113 description = "Address of statsd server"; 117 114 }; 118 115 119 - cacheTimeoutSeconds = mkOption { 120 - type = types.int; 116 + cacheTimeoutSeconds = lib.mkOption { 117 + type = lib.types.int; 121 118 default = 3600; 122 119 description = "How often (in seconds) to refresh the LDAP cache"; 123 120 }; 124 121 }; 125 122 }; 126 123 127 - config = mkIf cfg.enable { 124 + config = lib.mkIf cfg.enable { 128 125 systemd.services.hologram-server = { 129 126 description = "Provide EC2 instance credentials to machines outside of EC2"; 130 127 after = [ "network.target" ];