···
cfg = config.services.hologram-server;
···
services.hologram-server = {
+
enable = lib.mkOption {
description = "Whether to enable the Hologram server for AWS instance credentials";
+
listenAddress = lib.mkOption {
default = "0.0.0.0:3100";
description = "Address and port to listen on";
+
ldapHost = lib.mkOption {
description = "Address of the LDAP server to use";
+
ldapInsecure = lib.mkOption {
description = "Whether to connect to LDAP over SSL or not";
+
ldapUserAttr = lib.mkOption {
description = "The LDAP attribute for usernames";
+
ldapBaseDN = lib.mkOption {
description = "The base DN for your Hologram users";
+
ldapBindDN = lib.mkOption {
description = "DN of account to use to query the LDAP server";
+
ldapBindPassword = lib.mkOption {
description = "Password of account to use to query the LDAP server";
+
enableLdapRoles = lib.mkOption {
description = "Whether to assign user roles based on the user's LDAP group memberships";
+
groupClassAttr = lib.mkOption {
default = "groupOfNames";
description = "The objectclass attribute to search for groups when enableLdapRoles is true";
+
roleAttr = lib.mkOption {
default = "businessCategory";
description = "Which LDAP group attribute to search for authorized role ARNs";
+
awsAccount = lib.mkOption {
description = "AWS account number";
+
awsDefaultRole = lib.mkOption {
description = "AWS default role";
+
statsAddress = lib.mkOption {
description = "Address of statsd server";
+
cacheTimeoutSeconds = lib.mkOption {
description = "How often (in seconds) to refresh the LDAP cache";
+
config = lib.mkIf cfg.enable {
systemd.services.hologram-server = {
description = "Provide EC2 instance credentials to machines outside of EC2";
after = [ "network.target" ];
pyrox.dev