mirror of
https://github.com/SebastianWendel/nixpkgs.git
synced 2024-09-20 04:19:00 +02:00
Merge pull request #292025 from RaHoni/baculaTls
This commit is contained in:
commit
80ec88edec
|
@ -377,6 +377,9 @@ The pre-existing [services.ankisyncd](#opt-services.ankisyncd.enable) has been m
|
||||||
|
|
||||||
- [Nginx virtual hosts](#opt-services.nginx.virtualHosts) using `forceSSL` or
|
- [Nginx virtual hosts](#opt-services.nginx.virtualHosts) using `forceSSL` or
|
||||||
`globalRedirect` can now have redirect codes other than 301 through
|
`globalRedirect` can now have redirect codes other than 301 through
|
||||||
|
|
||||||
|
- `bacula` now allows to configure `TLS` for encrypted communication.
|
||||||
|
|
||||||
`redirectCode`.
|
`redirectCode`.
|
||||||
|
|
||||||
- `libjxl` 0.9.0 [dropped support for the butteraugli API](https://github.com/libjxl/libjxl/pull/2576). You will no longer be able to set `enableButteraugli` on `libaom`.
|
- `libjxl` 0.9.0 [dropped support for the butteraugli API](https://github.com/libjxl/libjxl/pull/2576). You will no longer be able to set `enableButteraugli` on `libaom`.
|
||||||
|
|
|
@ -4,11 +4,36 @@
|
||||||
# TODO: test configuration when building nixexpr (use -t parameter)
|
# TODO: test configuration when building nixexpr (use -t parameter)
|
||||||
# TODO: support sqlite3 (it's deprecate?) and mysql
|
# TODO: support sqlite3 (it's deprecate?) and mysql
|
||||||
|
|
||||||
with lib;
|
|
||||||
|
|
||||||
let
|
let
|
||||||
|
inherit (lib)
|
||||||
|
concatStringsSep
|
||||||
|
literalExpression
|
||||||
|
mapAttrsToList
|
||||||
|
mdDoc
|
||||||
|
mkIf
|
||||||
|
mkOption
|
||||||
|
optional
|
||||||
|
optionalString
|
||||||
|
types
|
||||||
|
;
|
||||||
libDir = "/var/lib/bacula";
|
libDir = "/var/lib/bacula";
|
||||||
|
|
||||||
|
yes_no = bool: if bool then "yes" else "no";
|
||||||
|
tls_conf = tls_cfg: optionalString tls_cfg.enable (
|
||||||
|
concatStringsSep
|
||||||
|
"\n"
|
||||||
|
(
|
||||||
|
["TLS Enable = yes;"]
|
||||||
|
++ optional (tls_cfg.require != null) "TLS Require = ${yes_no tls_cfg.require};"
|
||||||
|
++ optional (tls_cfg.certificate != null) ''TLS Certificate = "${tls_cfg.certificate}";''
|
||||||
|
++ [''TLS Key = "${tls_cfg.key}";'']
|
||||||
|
++ optional (tls_cfg.verifyPeer != null) "TLS Verify Peer = ${yes_no tls_cfg.verifyPeer};"
|
||||||
|
++ optional (tls_cfg.allowedCN != [ ]) "TLS Allowed CN = ${concatStringsSep " " (tls_cfg.allowedCN)};"
|
||||||
|
++ optional (tls_cfg.caCertificateFile != null) ''TLS CA Certificate File = "${tls_cfg.caCertificateFile}";''
|
||||||
|
)
|
||||||
|
);
|
||||||
|
|
||||||
fd_cfg = config.services.bacula-fd;
|
fd_cfg = config.services.bacula-fd;
|
||||||
fd_conf = pkgs.writeText "bacula-fd.conf"
|
fd_conf = pkgs.writeText "bacula-fd.conf"
|
||||||
''
|
''
|
||||||
|
@ -18,6 +43,7 @@ let
|
||||||
WorkingDirectory = ${libDir};
|
WorkingDirectory = ${libDir};
|
||||||
Pid Directory = /run;
|
Pid Directory = /run;
|
||||||
${fd_cfg.extraClientConfig}
|
${fd_cfg.extraClientConfig}
|
||||||
|
${tls_conf fd_cfg.tls}
|
||||||
}
|
}
|
||||||
|
|
||||||
${concatStringsSep "\n" (mapAttrsToList (name: value: ''
|
${concatStringsSep "\n" (mapAttrsToList (name: value: ''
|
||||||
|
@ -25,6 +51,7 @@ let
|
||||||
Name = "${name}";
|
Name = "${name}";
|
||||||
Password = ${value.password};
|
Password = ${value.password};
|
||||||
Monitor = ${value.monitor};
|
Monitor = ${value.monitor};
|
||||||
|
${tls_conf value.tls}
|
||||||
}
|
}
|
||||||
'') fd_cfg.director)}
|
'') fd_cfg.director)}
|
||||||
|
|
||||||
|
@ -44,6 +71,7 @@ let
|
||||||
WorkingDirectory = ${libDir};
|
WorkingDirectory = ${libDir};
|
||||||
Pid Directory = /run;
|
Pid Directory = /run;
|
||||||
${sd_cfg.extraStorageConfig}
|
${sd_cfg.extraStorageConfig}
|
||||||
|
${tls_conf sd_cfg.tls}
|
||||||
}
|
}
|
||||||
|
|
||||||
${concatStringsSep "\n" (mapAttrsToList (name: value: ''
|
${concatStringsSep "\n" (mapAttrsToList (name: value: ''
|
||||||
|
@ -70,6 +98,7 @@ let
|
||||||
Name = "${name}";
|
Name = "${name}";
|
||||||
Password = ${value.password};
|
Password = ${value.password};
|
||||||
Monitor = ${value.monitor};
|
Monitor = ${value.monitor};
|
||||||
|
${tls_conf value.tls}
|
||||||
}
|
}
|
||||||
'') sd_cfg.director)}
|
'') sd_cfg.director)}
|
||||||
|
|
||||||
|
@ -90,6 +119,7 @@ let
|
||||||
Working Directory = ${libDir};
|
Working Directory = ${libDir};
|
||||||
Pid Directory = /run/;
|
Pid Directory = /run/;
|
||||||
QueryFile = ${pkgs.bacula}/etc/query.sql;
|
QueryFile = ${pkgs.bacula}/etc/query.sql;
|
||||||
|
${tls_conf dir_cfg.tls}
|
||||||
${dir_cfg.extraDirectorConfig}
|
${dir_cfg.extraDirectorConfig}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -108,13 +138,99 @@ let
|
||||||
${dir_cfg.extraConfig}
|
${dir_cfg.extraConfig}
|
||||||
'';
|
'';
|
||||||
|
|
||||||
directorOptions = {...}:
|
linkOption = name: destination: "[${name}](#opt-${builtins.replaceStrings [ "<" ">"] ["_" "_"] destination})";
|
||||||
|
tlsLink = destination: submodulePath: linkOption "${submodulePath}.${destination}" "${submodulePath}.${destination}";
|
||||||
|
|
||||||
|
tlsOptions = submodulePath: {...}:
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
description = mdDoc ''
|
||||||
|
Specifies if TLS should be enabled.
|
||||||
|
If this set to `false` TLS will be completely disabled, even if ${tlsLink "tls.require" submodulePath} is true.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
require = mkOption {
|
||||||
|
type = types.nullOr types.bool;
|
||||||
|
default = null;
|
||||||
|
description = mdDoc ''
|
||||||
|
Require TLS or TLS-PSK encryption.
|
||||||
|
This directive is ignored unless one of ${tlsLink "tls.enable" submodulePath} is true or TLS PSK Enable is set to `yes`.
|
||||||
|
If TLS is not required while TLS or TLS-PSK are enabled, then the Bacula component
|
||||||
|
will connect with other components either with or without TLS or TLS-PSK
|
||||||
|
|
||||||
|
If ${tlsLink "tls.enable" submodulePath} or TLS-PSK is enabled and TLS is required, then the Bacula
|
||||||
|
component will refuse any connection request that does not use TLS.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
certificate = mkOption {
|
||||||
|
type = types.nullOr types.path;
|
||||||
|
default = null;
|
||||||
|
description = mdDoc ''
|
||||||
|
The full path to the PEM encoded TLS certificate.
|
||||||
|
It will be used as either a client or server certificate,
|
||||||
|
depending on the connection direction.
|
||||||
|
This directive is required in a server context, but it may
|
||||||
|
not be specified in a client context if ${tlsLink "tls.verifyPeer" submodulePath} is
|
||||||
|
`false` in the corresponding server context.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
key = mkOption {
|
||||||
|
type = types.path;
|
||||||
|
description = mdDoc ''
|
||||||
|
The path of a PEM encoded TLS private key.
|
||||||
|
It must correspond to the TLS certificate.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
verifyPeer = mkOption {
|
||||||
|
type = types.nullOr types.bool;
|
||||||
|
default = null;
|
||||||
|
description = mdDoc ''
|
||||||
|
Verify peer certificate.
|
||||||
|
Instructs server to request and verify the client's X.509 certificate.
|
||||||
|
Any client certificate signed by a known-CA will be accepted.
|
||||||
|
Additionally, the client's X509 certificate Common Name must meet the value of the Address directive.
|
||||||
|
If ${tlsLink "tls.allowedCN" submodulePath} is used,
|
||||||
|
the client's x509 certificate Common Name must also correspond to
|
||||||
|
one of the CN specified in the ${tlsLink "tls.allowedCN" submodulePath} directive.
|
||||||
|
This directive is valid only for a server and not in client context.
|
||||||
|
|
||||||
|
Standard from Bacula is `true`.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
allowedCN = mkOption {
|
||||||
|
type = types.listOf types.str;
|
||||||
|
default = [ ];
|
||||||
|
description = mdDoc ''
|
||||||
|
Common name attribute of allowed peer certificates.
|
||||||
|
This directive is valid for a server and in a client context.
|
||||||
|
If this directive is specified, the peer certificate will be verified against this list.
|
||||||
|
In the case this directive is configured on a server side, the allowed
|
||||||
|
CN list will not be checked if ${tlsLink "tls.verifyPeer" submodulePath} is false.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
caCertificateFile = mkOption {
|
||||||
|
type = types.nullOr types.path;
|
||||||
|
default = null;
|
||||||
|
description = mdDoc ''
|
||||||
|
The path specifying a PEM encoded TLS CA certificate(s).
|
||||||
|
Multiple certificates are permitted in the file.
|
||||||
|
One of TLS CA Certificate File or TLS CA Certificate Dir are required in a server context, unless
|
||||||
|
${tlsLink "tls.verifyPeer" submodulePath} is false, and are always required in a client context.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
directorOptions = submodulePath:{...}:
|
||||||
{
|
{
|
||||||
options = {
|
options = {
|
||||||
password = mkOption {
|
password = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
# TODO: required?
|
# TODO: required?
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
Specifies the password that must be supplied for the default Bacula
|
Specifies the password that must be supplied for the default Bacula
|
||||||
Console to be authorized. The same password must appear in the
|
Console to be authorized. The same password must appear in the
|
||||||
Director resource of the Console configuration file. For added
|
Director resource of the Console configuration file. For added
|
||||||
|
@ -135,7 +251,7 @@ let
|
||||||
type = types.enum [ "no" "yes" ];
|
type = types.enum [ "no" "yes" ];
|
||||||
default = "no";
|
default = "no";
|
||||||
example = "yes";
|
example = "yes";
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
If Monitor is set to `no`, this director will have
|
If Monitor is set to `no`, this director will have
|
||||||
full access to this Storage daemon. If Monitor is set to
|
full access to this Storage daemon. If Monitor is set to
|
||||||
`yes`, this director will only be able to fetch the
|
`yes`, this director will only be able to fetch the
|
||||||
|
@ -146,6 +262,13 @@ let
|
||||||
security problems.
|
security problems.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
tls = mkOption {
|
||||||
|
type = types.submodule (tlsOptions "${submodulePath}.director.<name>");
|
||||||
|
description = mdDoc ''
|
||||||
|
TLS Options for the Director in this Configuration.
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -154,7 +277,7 @@ let
|
||||||
options = {
|
options = {
|
||||||
changerDevice = mkOption {
|
changerDevice = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
The specified name-string must be the generic SCSI device name of the
|
The specified name-string must be the generic SCSI device name of the
|
||||||
autochanger that corresponds to the normal read/write Archive Device
|
autochanger that corresponds to the normal read/write Archive Device
|
||||||
specified in the Device resource. This generic SCSI device name
|
specified in the Device resource. This generic SCSI device name
|
||||||
|
@ -173,7 +296,7 @@ let
|
||||||
|
|
||||||
changerCommand = mkOption {
|
changerCommand = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
The name-string specifies an external program to be called that will
|
The name-string specifies an external program to be called that will
|
||||||
automatically change volumes as required by Bacula. Normally, this
|
automatically change volumes as required by Bacula. Normally, this
|
||||||
directive will be specified only in the AutoChanger resource, which
|
directive will be specified only in the AutoChanger resource, which
|
||||||
|
@ -195,14 +318,14 @@ let
|
||||||
};
|
};
|
||||||
|
|
||||||
devices = mkOption {
|
devices = mkOption {
|
||||||
description = lib.mdDoc "";
|
description = mdDoc "";
|
||||||
type = types.listOf types.str;
|
type = types.listOf types.str;
|
||||||
};
|
};
|
||||||
|
|
||||||
extraAutochangerConfig = mkOption {
|
extraAutochangerConfig = mkOption {
|
||||||
default = "";
|
default = "";
|
||||||
type = types.lines;
|
type = types.lines;
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
Extra configuration to be passed in Autochanger directive.
|
Extra configuration to be passed in Autochanger directive.
|
||||||
'';
|
'';
|
||||||
example = ''
|
example = ''
|
||||||
|
@ -219,7 +342,7 @@ let
|
||||||
archiveDevice = mkOption {
|
archiveDevice = mkOption {
|
||||||
# TODO: required?
|
# TODO: required?
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
The specified name-string gives the system file name of the storage
|
The specified name-string gives the system file name of the storage
|
||||||
device managed by this storage daemon. This will usually be the
|
device managed by this storage daemon. This will usually be the
|
||||||
device file name of a removable storage device (tape drive), for
|
device file name of a removable storage device (tape drive), for
|
||||||
|
@ -236,7 +359,7 @@ let
|
||||||
mediaType = mkOption {
|
mediaType = mkOption {
|
||||||
# TODO: required?
|
# TODO: required?
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
The specified name-string names the type of media supported by this
|
The specified name-string names the type of media supported by this
|
||||||
device, for example, `DLT7000`. Media type names are
|
device, for example, `DLT7000`. Media type names are
|
||||||
arbitrary in that you set them to anything you want, but they must be
|
arbitrary in that you set them to anything you want, but they must be
|
||||||
|
@ -274,7 +397,7 @@ let
|
||||||
extraDeviceConfig = mkOption {
|
extraDeviceConfig = mkOption {
|
||||||
default = "";
|
default = "";
|
||||||
type = types.lines;
|
type = types.lines;
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
Extra configuration to be passed in Device directive.
|
Extra configuration to be passed in Device directive.
|
||||||
'';
|
'';
|
||||||
example = ''
|
example = ''
|
||||||
|
@ -295,7 +418,7 @@ in {
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
Whether to enable the Bacula File Daemon.
|
Whether to enable the Bacula File Daemon.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -304,7 +427,7 @@ in {
|
||||||
default = "${config.networking.hostName}-fd";
|
default = "${config.networking.hostName}-fd";
|
||||||
defaultText = literalExpression ''"''${config.networking.hostName}-fd"'';
|
defaultText = literalExpression ''"''${config.networking.hostName}-fd"'';
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
The client name that must be used by the Director when connecting.
|
The client name that must be used by the Director when connecting.
|
||||||
Generally, it is a good idea to use a name related to the machine so
|
Generally, it is a good idea to use a name related to the machine so
|
||||||
that error messages can be easily identified if you have multiple
|
that error messages can be easily identified if you have multiple
|
||||||
|
@ -315,7 +438,7 @@ in {
|
||||||
port = mkOption {
|
port = mkOption {
|
||||||
default = 9102;
|
default = 9102;
|
||||||
type = types.port;
|
type = types.port;
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
This specifies the port number on which the Client listens for
|
This specifies the port number on which the Client listens for
|
||||||
Director connections. It must agree with the FDPort specified in
|
Director connections. It must agree with the FDPort specified in
|
||||||
the Client resource of the Director's configuration file.
|
the Client resource of the Director's configuration file.
|
||||||
|
@ -324,16 +447,26 @@ in {
|
||||||
|
|
||||||
director = mkOption {
|
director = mkOption {
|
||||||
default = {};
|
default = {};
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
This option defines director resources in Bacula File Daemon.
|
This option defines director resources in Bacula File Daemon.
|
||||||
'';
|
'';
|
||||||
type = with types; attrsOf (submodule directorOptions);
|
type = types.attrsOf (types.submodule (directorOptions "services.bacula-fd"));
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
|
tls = mkOption {
|
||||||
|
type = types.submodule (tlsOptions "services.bacula-fd");
|
||||||
|
default = { };
|
||||||
|
description = mdDoc ''
|
||||||
|
TLS Options for the File Daemon.
|
||||||
|
Important notice: The backup won't be encrypted.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
extraClientConfig = mkOption {
|
extraClientConfig = mkOption {
|
||||||
default = "";
|
default = "";
|
||||||
type = types.lines;
|
type = types.lines;
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
Extra configuration to be passed in Client directive.
|
Extra configuration to be passed in Client directive.
|
||||||
'';
|
'';
|
||||||
example = ''
|
example = ''
|
||||||
|
@ -345,7 +478,7 @@ in {
|
||||||
extraMessagesConfig = mkOption {
|
extraMessagesConfig = mkOption {
|
||||||
default = "";
|
default = "";
|
||||||
type = types.lines;
|
type = types.lines;
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
Extra configuration to be passed in Messages directive.
|
Extra configuration to be passed in Messages directive.
|
||||||
'';
|
'';
|
||||||
example = ''
|
example = ''
|
||||||
|
@ -358,7 +491,7 @@ in {
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
Whether to enable Bacula Storage Daemon.
|
Whether to enable Bacula Storage Daemon.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -367,7 +500,7 @@ in {
|
||||||
default = "${config.networking.hostName}-sd";
|
default = "${config.networking.hostName}-sd";
|
||||||
defaultText = literalExpression ''"''${config.networking.hostName}-sd"'';
|
defaultText = literalExpression ''"''${config.networking.hostName}-sd"'';
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
Specifies the Name of the Storage daemon.
|
Specifies the Name of the Storage daemon.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -375,7 +508,7 @@ in {
|
||||||
port = mkOption {
|
port = mkOption {
|
||||||
default = 9103;
|
default = 9103;
|
||||||
type = types.port;
|
type = types.port;
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
Specifies port number on which the Storage daemon listens for
|
Specifies port number on which the Storage daemon listens for
|
||||||
Director connections.
|
Director connections.
|
||||||
'';
|
'';
|
||||||
|
@ -383,32 +516,32 @@ in {
|
||||||
|
|
||||||
director = mkOption {
|
director = mkOption {
|
||||||
default = {};
|
default = {};
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
This option defines Director resources in Bacula Storage Daemon.
|
This option defines Director resources in Bacula Storage Daemon.
|
||||||
'';
|
'';
|
||||||
type = with types; attrsOf (submodule directorOptions);
|
type = types.attrsOf (types.submodule (directorOptions "services.bacula-sd"));
|
||||||
};
|
};
|
||||||
|
|
||||||
device = mkOption {
|
device = mkOption {
|
||||||
default = {};
|
default = {};
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
This option defines Device resources in Bacula Storage Daemon.
|
This option defines Device resources in Bacula Storage Daemon.
|
||||||
'';
|
'';
|
||||||
type = with types; attrsOf (submodule deviceOptions);
|
type = types.attrsOf (types.submodule deviceOptions);
|
||||||
};
|
};
|
||||||
|
|
||||||
autochanger = mkOption {
|
autochanger = mkOption {
|
||||||
default = {};
|
default = {};
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
This option defines Autochanger resources in Bacula Storage Daemon.
|
This option defines Autochanger resources in Bacula Storage Daemon.
|
||||||
'';
|
'';
|
||||||
type = with types; attrsOf (submodule autochangerOptions);
|
type = types.attrsOf (types.submodule autochangerOptions);
|
||||||
};
|
};
|
||||||
|
|
||||||
extraStorageConfig = mkOption {
|
extraStorageConfig = mkOption {
|
||||||
default = "";
|
default = "";
|
||||||
type = types.lines;
|
type = types.lines;
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
Extra configuration to be passed in Storage directive.
|
Extra configuration to be passed in Storage directive.
|
||||||
'';
|
'';
|
||||||
example = ''
|
example = ''
|
||||||
|
@ -420,13 +553,21 @@ in {
|
||||||
extraMessagesConfig = mkOption {
|
extraMessagesConfig = mkOption {
|
||||||
default = "";
|
default = "";
|
||||||
type = types.lines;
|
type = types.lines;
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
Extra configuration to be passed in Messages directive.
|
Extra configuration to be passed in Messages directive.
|
||||||
'';
|
'';
|
||||||
example = ''
|
example = ''
|
||||||
console = all
|
console = all
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
tls = mkOption {
|
||||||
|
type = types.submodule (tlsOptions "services.bacula-sd");
|
||||||
|
default = { };
|
||||||
|
description = mdDoc ''
|
||||||
|
TLS Options for the Storage Daemon.
|
||||||
|
Important notice: The backup won't be encrypted.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
||||||
|
@ -434,7 +575,7 @@ in {
|
||||||
enable = mkOption {
|
enable = mkOption {
|
||||||
type = types.bool;
|
type = types.bool;
|
||||||
default = false;
|
default = false;
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
Whether to enable Bacula Director Daemon.
|
Whether to enable Bacula Director Daemon.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -443,7 +584,7 @@ in {
|
||||||
default = "${config.networking.hostName}-dir";
|
default = "${config.networking.hostName}-dir";
|
||||||
defaultText = literalExpression ''"''${config.networking.hostName}-dir"'';
|
defaultText = literalExpression ''"''${config.networking.hostName}-dir"'';
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
The director name used by the system administrator. This directive is
|
The director name used by the system administrator. This directive is
|
||||||
required.
|
required.
|
||||||
'';
|
'';
|
||||||
|
@ -452,7 +593,7 @@ in {
|
||||||
port = mkOption {
|
port = mkOption {
|
||||||
default = 9101;
|
default = 9101;
|
||||||
type = types.port;
|
type = types.port;
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
Specify the port (a positive integer) on which the Director daemon
|
Specify the port (a positive integer) on which the Director daemon
|
||||||
will listen for Bacula Console connections. This same port number
|
will listen for Bacula Console connections. This same port number
|
||||||
must be specified in the Director resource of the Console
|
must be specified in the Director resource of the Console
|
||||||
|
@ -465,7 +606,7 @@ in {
|
||||||
password = mkOption {
|
password = mkOption {
|
||||||
# TODO: required?
|
# TODO: required?
|
||||||
type = types.str;
|
type = types.str;
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
Specifies the password that must be supplied for a Director.
|
Specifies the password that must be supplied for a Director.
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
@ -473,7 +614,7 @@ in {
|
||||||
extraMessagesConfig = mkOption {
|
extraMessagesConfig = mkOption {
|
||||||
default = "";
|
default = "";
|
||||||
type = types.lines;
|
type = types.lines;
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
Extra configuration to be passed in Messages directive.
|
Extra configuration to be passed in Messages directive.
|
||||||
'';
|
'';
|
||||||
example = ''
|
example = ''
|
||||||
|
@ -484,7 +625,7 @@ in {
|
||||||
extraDirectorConfig = mkOption {
|
extraDirectorConfig = mkOption {
|
||||||
default = "";
|
default = "";
|
||||||
type = types.lines;
|
type = types.lines;
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
Extra configuration to be passed in Director directive.
|
Extra configuration to be passed in Director directive.
|
||||||
'';
|
'';
|
||||||
example = ''
|
example = ''
|
||||||
|
@ -496,13 +637,22 @@ in {
|
||||||
extraConfig = mkOption {
|
extraConfig = mkOption {
|
||||||
default = "";
|
default = "";
|
||||||
type = types.lines;
|
type = types.lines;
|
||||||
description = lib.mdDoc ''
|
description = mdDoc ''
|
||||||
Extra configuration for Bacula Director Daemon.
|
Extra configuration for Bacula Director Daemon.
|
||||||
'';
|
'';
|
||||||
example = ''
|
example = ''
|
||||||
TODO
|
TODO
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
|
|
||||||
|
tls = mkOption {
|
||||||
|
type = types.submodule (tlsOptions "services.bacula-dir");
|
||||||
|
default = { };
|
||||||
|
description = mdDoc ''
|
||||||
|
TLS Options for the Director.
|
||||||
|
Important notice: The backup won't be encrypted.
|
||||||
|
'';
|
||||||
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue