aboutsummaryrefslogtreecommitdiff
path: root/src/libfetchers/fetch-settings.hh
blob: 0bdc707ec9710a6c0a4d1afcbf45c9de6661c67f (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
#pragma once
///@file

#include "types.hh"
#include "config.hh"

#include <map>
#include <limits>

#include <sys/types.h>

namespace nix {

enum class AcceptFlakeConfig { False, Ask, True };

void to_json(nlohmann::json & j, const AcceptFlakeConfig & e);
void from_json(const nlohmann::json & j, AcceptFlakeConfig & e);

struct FetchSettings : public Config
{
    FetchSettings();

    Setting<StringMap> accessTokens{this, {}, "access-tokens",
        R"(
          Access tokens used to access protected GitHub, GitLab, or
          other locations requiring token-based authentication.

          Access tokens are specified as a string made up of
          space-separated `host=token` values.  The specific token
          used is selected by matching the `host` portion against the
          "host" specification of the input. The actual use of the
          `token` value is determined by the type of resource being
          accessed:

          * Github: the token value is the OAUTH-TOKEN string obtained
            as the Personal Access Token from the Github server (see
            https://docs.github.com/en/developers/apps/building-oauth-apps/authorizing-oauth-apps).

          * Gitlab: the token value is either the OAuth2 token or the
            Personal Access Token (these are different types tokens
            for gitlab, see
            https://docs.gitlab.com/12.10/ee/api/README.html#authentication).
            The `token` value should be `type:tokenstring` where
            `type` is either `OAuth2` or `PAT` to indicate which type
            of token is being specified.

          Example `~/.config/nix/nix.conf`:

          ```
          access-tokens = github.com=23ac...b289 gitlab.mycompany.com=PAT:A123Bp_Cd..EfG gitlab.com=OAuth2:1jklw3jk
          ```

          Example `~/code/flake.nix`:

          ```nix
          input.foo = {
            type = "gitlab";
            host = "gitlab.mycompany.com";
            owner = "mycompany";
            repo = "pro";
          };
          ```

          This example specifies three tokens, one each for accessing
          github.com, gitlab.mycompany.com, and gitlab.com.

          The `input.foo` uses the "gitlab" fetcher, which might
          requires specifying the token type along with the token
          value.
          )"};

    Setting<bool> allowDirty{this, true, "allow-dirty",
        "Whether to allow dirty Git/Mercurial trees."};

    Setting<bool> warnDirty{this, true, "warn-dirty",
        "Whether to warn about dirty Git/Mercurial trees."};

    Setting<std::string> flakeRegistry{this, "vendored", "flake-registry",
        R"(
          Path or URI of the global flake registry.

          URIs are deprecated. When set to 'vendored', defaults to a vendored
          copy of https://channels.nixos.org/flake-registry.json.

          When empty, disables the global flake registry.
        )",
        {}, true, Xp::Flakes};


    Setting<bool> useRegistries{this, true, "use-registries",
        "Whether to use flake registries to resolve flake references.",
        {}, true, Xp::Flakes};

    Setting<AcceptFlakeConfig> acceptFlakeConfig{
        this, AcceptFlakeConfig::Ask, "accept-flake-config",
        R"(
          Whether to accept Lix configuration from the `nixConfig` attribute of
          a flake. Doing so as a trusted user allows Nix flakes to gain root
          access on your machine if they set one of the several
          trusted-user-only settings that execute commands as root.

          If set to `true`, such configuration will be accepted without asking;
          this is almost always a very bad idea. Setting this to `ask` will
          prompt the user each time whether to allow a certain configuration
          option set this way, and offer to optionally remember their choice.
          When set to `false`, the configuration will be automatically
          declined.

          See [multi-user installations](@docroot@/installation/multi-user.md)
          for more details on the Lix security model.
        )",
        {}, true, Xp::Flakes};

    Setting<std::string> commitLockFileSummary{
        this, "", "commit-lockfile-summary",
        R"(
          The commit summary to use when committing changed flake lock files. If
          empty, the summary is generated based on the action performed.
        )",
        {}, true, Xp::Flakes};
};

// FIXME: don't use a global variable.
extern FetchSettings fetchSettings;

}