38 lines
1.5 KiB
Nix
38 lines
1.5 KiB
Nix
{ config, lib, ... }:
|
|
|
|
let
|
|
inherit (lib) types mkOption mapAttrsToList mkMerge;
|
|
in {
|
|
options = {
|
|
my.authBackend = mkOption {
|
|
default = {};
|
|
type = types.attrsOf (types.submodule ({ name, ... }: {
|
|
options = {
|
|
type = mkOption { type = types.str; default = name; };
|
|
path = mkOption { type = types.str; default = name; };
|
|
resourceType = mkOption { type = types.str; default = "vault_auth_backend"; };
|
|
|
|
tune = {
|
|
default_lease_ttl = mkOption { type = with types; nullOr str; default = null; };
|
|
max_lease_ttl = mkOption { type = with types; nullOr str; default = null; };
|
|
audit_non_hmac_response_keys = mkOption { type = with types; listOf str; default = []; };
|
|
audit_non_hmac_request_keys = mkOption { type = with types; listOf str; default = []; };
|
|
listing_visibility = mkOption { type = types.enum [ "unauth" "hidden" ]; default = "unauth"; };
|
|
passthrough_request_headers = mkOption { type = with types; listOf str; default = []; };
|
|
allowed_response_headers = mkOption { type = with types; listOf str; default = []; };
|
|
token_type = mkOption { type = types.enum [ "default-service" "default-batch" "service" "batch" ]; default = "default-service"; };
|
|
};
|
|
};
|
|
}));
|
|
};
|
|
};
|
|
|
|
config = {
|
|
resource = mkMerge (mapAttrsToList (name: cfg: {
|
|
${cfg.resourceType}.${name} = {
|
|
inherit (cfg) type path;
|
|
tune = [cfg.tune];
|
|
};
|
|
}) config.my.authBackend);
|
|
};
|
|
}
|