|
14 | 14 | # TODO: make user / group configurable |
15 | 15 | settings = { |
16 | 16 | config = lib.mkOption { |
17 | | - type = lib.types.str; |
18 | | - default = "/etc/step-agent/agent.yaml"; |
| 17 | + type = lib.types.nullOr lib.types.str; |
| 18 | + default = null; |
19 | 19 | description = "The configuration file to use"; |
20 | 20 | }; |
21 | 21 |
|
|
122 | 122 | }; |
123 | 123 |
|
124 | 124 | apiUrl = lib.mkOption { |
125 | | - type = lib.types.str; |
126 | | - default = "https://gateway.smallstep.com"; |
| 125 | + type = lib.types.nullOr lib.types.str; |
| 126 | + default = null; |
127 | 127 | description = "The url where the Smallstep API can be found"; |
128 | 128 | }; |
129 | 129 |
|
130 | 130 | attestationCaUrl = lib.mkOption { |
131 | | - type = lib.types.str; |
132 | | - default = "https://att.smallstep.com/1.0"; |
| 131 | + type = lib.types.nullOr lib.types.str; |
| 132 | + default = null; |
133 | 133 | description = "The url for the Smallstep Attestation CA"; |
134 | 134 | }; |
135 | 135 |
|
|
176 | 176 | }; |
177 | 177 |
|
178 | 178 | agentPath = lib.mkOption { |
179 | | - type = lib.types.str; |
180 | | - default = "/run/step-agent"; |
| 179 | + type = lib.types.nullOr lib.types.str; |
| 180 | + default = null; |
181 | 181 | description = "The path to the directory to write the service certificates"; |
182 | 182 | }; |
183 | 183 |
|
|
188 | 188 | }; |
189 | 189 |
|
190 | 190 | ipc = lib.mkOption { |
191 | | - type = lib.types.str; |
192 | | - default = "@step-agent-ipc"; |
| 191 | + type = lib.types.nullOr lib.types.str; |
| 192 | + default = null; |
193 | 193 | description = "The path to the UNIX socket the IPC service binds on. May be prefixed with an '@' to denote an abstract socket"; |
194 | 194 | }; |
195 | 195 |
|
|
224 | 224 | }; |
225 | 225 |
|
226 | 226 | loginDomain = lib.mkOption { |
227 | | - type = lib.types.str; |
228 | | - default = "smallstep.com"; |
| 227 | + type = lib.types.nullOr lib.types.str; |
| 228 | + default = null; |
229 | 229 | description = "Specify the login domain"; |
230 | 230 | }; |
231 | 231 |
|
232 | 232 | pkcs11 = lib.mkOption { |
233 | | - type = lib.types.str; |
234 | | - default = "/run/step-agent/step-agent-pkcs11.sock"; |
| 233 | + type = lib.types.nullOr lib.types.str; |
| 234 | + default = null; |
235 | 235 | description = "The path to the UNIX socket the PKCS11 server binds on"; |
236 | 236 | }; |
237 | 237 |
|
238 | 238 | sshAgent = lib.mkOption { |
239 | | - type = lib.types.str; |
240 | | - default = "/run/step-agent/step-agent-ssh.sock"; |
| 239 | + type = lib.types.nullOr lib.types.str; |
| 240 | + default = null; |
241 | 241 | description = "The path to the UNIX socket the ssh-agent service binds on"; |
242 | 242 | }; |
243 | 243 |
|
|
248 | 248 | }; |
249 | 249 |
|
250 | 250 | logDir = lib.mkOption { |
251 | | - type = lib.types.str; |
252 | | - default = "/var/log/step-agent"; |
| 251 | + type = lib.types.nullOr lib.types.str; |
| 252 | + default = null; |
253 | 253 | description = "Directory path for storing agent logs"; |
254 | 254 | }; |
255 | 255 |
|
256 | 256 | logLevel = lib.mkOption { |
257 | | - type = lib.types.enum [ |
258 | | - "debug" |
259 | | - "info" |
260 | | - "warn" |
261 | | - "error" |
262 | | - ]; |
263 | | - default = "info"; |
| 257 | + type = lib.types.nullOr ( |
| 258 | + lib.types.enum [ |
| 259 | + "debug" |
| 260 | + "info" |
| 261 | + "warn" |
| 262 | + "error" |
| 263 | + ] |
| 264 | + ); |
| 265 | + default = null; |
264 | 266 | description = "Log level: debug, info, warn or error"; |
265 | 267 | }; |
266 | 268 |
|
|
317 | 319 | StateDirectory = "step-agent"; |
318 | 320 | Type = "notify"; |
319 | 321 | WatchdogSec = "60s"; |
320 | | - ProtectSystem = "strict"; |
| 322 | + ProtectSystem = "yes"; # what stops us from using strict |
321 | 323 | ProtectHome = "read-only"; |
322 | 324 | PrivateTmp = true; |
323 | 325 | SecureBits = "keep-caps"; |
|
0 commit comments