mdaiter/advanced.config

## advanced.config
[{stanchion, []}].

## stanchion-main.nix
{ stdenv, lib, fetchurl, unzip, erlangR16_basho, git, wget, which, pam, coreutils, riak }:

let
  srcs = {
    stanchion = fetchurl {
      url = "http://s3.amazonaws.com/downloads.basho.com/stanchion/2.1/2.1.1/stanchion-2.1.1.tar.gz";
      sha256 = "1443arwgg7qvlx3msyg99qvvhck7qxphdjslcp494i60fhr2g8ja";
    };
  };
in

stdenv.mkDerivation rec {
  name = "stanchion-2.1.1";

  buildInputs = [
    which unzip erlangR16_basho pam git wget
  ];

  src = srcs.stanchion;

  postPatch = ''
    sed -i deps/node_package/priv/base/env.sh \
      -e 's@{{platform_data_dir}}@''${RIAK_DATA_DIR:-/var/db/stanchion}@' \
      -e 's@^RUNNER_SCRIPT_DIR=.*@RUNNER_SCRIPT_DIR='$out'/bin@' \
      -e 's@^RUNNER_BASE_DIR=.*@RUNNER_BASE_DIR='$out'@' \
      -e 's@^RUNNER_ETC_DIR=.*@RUNNER_ETC_DIR=''${RIAK_ETC_DIR:-/etc/stanchion}@' \
      -e 's@^RUNNER_LOG_DIR=.*@RUNNER_LOG_DIR=''${RIAK_LOG_DIR:-/var/log}@'
  '';

  preBuild = ''
    patchShebangs .
  '';

  buildPhase = ''
    runHook preBuild

    make rel

    runHook postBuild
  '';

  doCheck = false;

  installPhase = ''
    runHook preInstall

    mkdir $out
    mv rel/stanchion/etc rel/stanchion/riak-etc
    mkdir -p rel/stanchion/etc
    mv rel/stanchion/riak-etc rel/stanchion/etc/stanchion
    mv rel/stanchion/* $out

    for prog in $out/bin/*; do
      substituteInPlace $prog \
        --replace '. "`cd \`dirname $0\` && /bin/pwd`/../lib/env.sh"' \
                  ". $out/lib/env.sh"
    done

    runHook postInstall
  '';

  meta = with lib; {
    maintainers = with maintainers; [ mdaiter ];
    description = "Manager for Riak CS";
    platforms   = [ "x86_64-linux" ];
  };
}

## stanchion-modules.nix
{ config, lib, pkgs, ... }:

with lib;

let

  cfg = config.services.stanchion;

in

{

  ###### interface

  options = {

    services.stanchion = {

      enable = mkEnableOption "stanchion";

      nodeName = mkOption {
        type = types.string;
        default = "stanchion@127.0.0.1";
        description = ''
          Name of the Erlang node.
        '';
      };

      adminKey = mkOption {
        type = types.string;
        default = "";
        description = ''
        Name of admin user.
        '';
      };

      adminSecret = mkOption {
        type = types.string;
        default = "";
        description = ''
        Name of admin secret
        '';
      };

      riakHost = mkOption {
        type = types.string;
        default = "127.0.0.1:8087";
        description = ''
        Name of riak hosting service.
        '';
      };

      listener = mkOption {
        type = types.string;
        default = "127.0.0.1:8085";
        description = ''
        Name of Riak CS listening service.
        '';
      };

      stanchionHost = mkOption {
        type = types.string;
        default = "127.0.0.1:8085";
        description = ''
        Name of stanchion hosting service.
        '';
      };

      stanchionSsl = mkOption {
        type = types.bool;
        default = true;
        description = ''
        Tell stanchion to use SSL.
        '';
      };

      distributedCookie = mkOption {
        type = types.string;
        default = "riak";
        description = ''
          Cookie for distributed node communication.  All nodes in the
          same cluster should use the same cookie or they will not be able to
          communicate.
        '';
      };

      dataDir = mkOption {
        type = types.path;
        default = "/var/db/stanchion";
        description = ''
          Data directory for Stanchion.
        '';
      };

      logDir = mkOption {
        type = types.path;
        default = "/var/log/stanchion";
        description = ''
          Log directory for Stanchino.
        '';
      };

      extraConfig = mkOption {
        type = types.lines;
        default = "";
        description = ''
          Additional text to be appended to <filename>stanchion.conf</filename>.
        '';
      };
    };
  };

  ###### implementation

  config = mkIf cfg.enable {

    environment.systemPackages = [ pkgs.stanchion ];
    environment.etc."stanchion/advanced.config".text = ''
      [{stanchion, []}].
    '';
    environment.etc."stanchion/stanchion.conf".text = ''
## listen port and IP address
##
## Default: 127.0.0.1:8085
##
## Acceptable values:
##   - an IP/port pair, e.g. 127.0.0.1:10011
listener = ${cfg.listener}

## Default cert location for https can be overridden
## with the ssl config variable, for example:
##
## Acceptable values:
##   - the path to a file
## ssl.certfile = $(platform_etc_dir)/cert.pem

## Default key location for https can be overridden with the ssl
## config variable, for example:
##
## Acceptable values:
##   - the path to a file
## ssl.keyfile = $(platform_etc_dir)/key.pem

## Riak IP address and port number where Stanchion connects
##
## Default: 127.0.0.1:8087
##
## Acceptable values:
##   - an IP/port pair, e.g. 127.0.0.1:10011
riak_host = ${cfg.riakHost}

## Admin user credentials. The credentials specified here must
## match the admin credentials specified in the riak-cs.conf for the
## system to function properly.
##
## Default: admin-key
##
## Acceptable values:
##   - text
${ if cfg.adminKey != "" then "" else "#" } admin.key=${ if cfg.adminKey != "" then cfg.adminKey else "" }
${ if cfg.adminSecret != "" then "" else "#" } admin.secret=${if cfg.          adminSecret != "" then cfg.adminSecret else "" }

## Platform-specific installation paths
##
## Default: /usr/sbin
##
## Acceptable values:
##   - the path to a directory
platform_bin_dir = ${pkgs.stanchion}/bin

##
## Default: /var/lib/stanchion
##
## Acceptable values:
##   - the path to a directory
platform_data_dir = ${cfg.dataDir}

##
## Default: /etc/stanchion
##
## Acceptable values:
##   - the path to a directory
platform_etc_dir = /etc/stanchion

##
## Default: /usr/lib/stanchion/lib
##
## Acceptable values:
##   - the path to a directory
platform_lib_dir = ${pkgs.stanchion}/lib

##
## Default: /var/log/stanchion
##
## Acceptable values:
##   - the path to a directory
platform_log_dir = ${cfg.logDir}

## Where to emit the default log messages (typically at 'info'
## severity):
## off: disabled
## file: the file specified by log.console.file
## console: to standard output (seen when using `riak attach-direct`)
## both: log.console.file and standard out.
##
## Default: file
##
## Acceptable values:
##   - one of: off, file, console, both
log.console = file

## The severity level of the console log, default is 'info'.
##
## Default: info
##
## Acceptable values:
##   - one of: debug, info, notice, warning, error, critical, alert, emergency, none
log.console.level = info

## When 'log.console' is set to 'file' or 'both', the file where
## console messages will be logged.
##
## Default: $(platform_log_dir)/console.log
##
## Acceptable values:
##   - the path to a file
log.console.file = $(platform_log_dir)/console.log

## Maximum size of the console log in bytes, before it is rotated
##
## Default: 10MB
##
## Acceptable values:
##   - a byte size with units, e.g. 10GB
log.console.size = 10MB

## The schedule on which to rotate the console log.  For more
## information see:
## https://github.com/basho/lager/blob/master/README.md#internal-log-rotation
##
## Default: $D0
##
## Acceptable values:
##   - text
log.console.rotation = $D0

## The number of rotated console logs to keep. When set to
## 'current', only the current open log file is kept.
##
## Default: 5
##
## Acceptable values:
##   - an integer
##   - the text "current"
log.console.rotation.keep = 5

## The file where error messages will be logged.
##
## Default: $(platform_log_dir)/error.log
##
## Acceptable values:
##   - the path to a file
log.error.file = $(platform_log_dir)/error.log

## Maximum size of the error log in bytes, before it is rotated
##
## Default: 10MB
##
## Acceptable values:
##   - a byte size with units, e.g. 10GB
log.error.size = 10MB

## The schedule on which to rotate the error log.  For more
## information see:
## https://github.com/basho/lager/blob/master/README.md#internal-log-rotation
##
## Default: $D0
##
## Acceptable values:
##   - text
log.error.rotation = $D0

## The number of rotated error logs to keep. When set to
## 'current', only the current open log file is kept.
##
## Default: 5
##
## Acceptable values:
##   - an integer
##   - the text "current"
log.error.rotation.keep = 5

## When set to 'on', enables log output to syslog.
##
## Default: off
##
## Acceptable values:
##   - on or off
log.syslog = off

## Whether to enable the crash log.
##
## Default: on
##
## Acceptable values:
##   - on or off
log.crash = on

## If the crash log is enabled, the file where its messages will
## be written.
##
## Default: $(platform_log_dir)/crash.log
##
## Acceptable values:
##   - the path to a file
log.crash.file = $(platform_log_dir)/crash.log

## Maximum size in bytes of individual messages in the crash log
##
## Default: 64KB
##
## Acceptable values:
##   - a byte size with units, e.g. 10GB
log.crash.maximum_message_size = 64KB

## Maximum size of the crash log in bytes, before it is rotated
##
## Default: 10MB
##
## Acceptable values:
##   - a byte size with units, e.g. 10GB
log.crash.size = 10MB

## The schedule on which to rotate the crash log.  For more
## information see:
## https://github.com/basho/lager/blob/master/README.md#internal-log-rotation
##
## Default: $D0
##
## Acceptable values:
##   - text
log.crash.rotation = $D0

## The number of rotated crash logs to keep. When set to
## 'current', only the current open log file is kept.
##
## Default: 5
##
## Acceptable values:
##   - an integer
##   - the text "current"
log.crash.rotation.keep = 5

## Name of the Erlang node
##
## Default: stanchion@127.0.0.1
##
## Acceptable values:
##   - text
nodename = ${cfg.nodeName}

## Cookie for distributed node communication.  All nodes in the
## same cluster should use the same cookie or they will not be able to
## communicate.
##
## Default: riak
##
## Acceptable values:
##   - text
distributed_cookie = ${cfg.distributedCookie}

## Sets the number of threads in async thread pool, valid range
## is 0-1024. If thread support is available, the default is 64.
## More information at: http://erlang.org/doc/man/erl.html
##
## Default: 64
##
## Acceptable values:
##   - an integer
erlang.async_threads = 64

## The number of concurrent ports/sockets
## Valid range is 1024-134217727
##
## Default: 65536
##
## Acceptable values:
##   - an integer
erlang.max_ports = 65536

## Set scheduler forced wakeup interval. All run queues will be
## scanned each Interval milliseconds. While there are sleeping
## schedulers in the system, one scheduler will be woken for each
## non-empty run queue found. An Interval of zero disables this
## feature, which also is the default.
## This feature is a workaround for lengthy executing native code, and
## native code that do not bump reductions properly.
## More information: http://www.erlang.org/doc/man/erl.html#+sfwi
##
## Default: 500
##
## Acceptable values:
##   - an integer
## erlang.schedulers.force_wakeup_interval = 500

## Enable or disable scheduler compaction of load. By default
## scheduler compaction of load is enabled. When enabled, load
## balancing will strive for a load distribution which causes as many
## scheduler threads as possible to be fully loaded (i.e., not run out
## of work). This is accomplished by migrating load (e.g. runnable
## processes) into a smaller set of schedulers when schedulers
## frequently run out of work. When disabled, the frequency with which
## schedulers run out of work will not be taken into account by the
## load balancing logic.
## More information: http://www.erlang.org/doc/man/erl.html#+scl
##
## Default: false
##
## Acceptable values:
##   - one of: true, false
## erlang.schedulers.compaction_of_load = false

## Enable or disable scheduler utilization balancing of load. By
## default scheduler utilization balancing is disabled and instead
## scheduler compaction of load is enabled which will strive for a
## load distribution which causes as many scheduler threads as
## possible to be fully loaded (i.e., not run out of work). When
## scheduler utilization balancing is enabled the system will instead
## try to balance scheduler utilization between schedulers. That is,
## strive for equal scheduler utilization on all schedulers.
## More information: http://www.erlang.org/doc/man/erl.html#+sub
##
## Acceptable values:
##   - one of: true, false
## erlang.schedulers.utilization_balancing = true

##stanchion_ssl=${if cfg.stanchionSsl then "on" else "off"}


      ${cfg.extraConfig}
    '';

    users.extraUsers.stanchion = {
      name = "stanchion";
      uid = config.ids.uids.stanchion;
      group = "riak";
      description = "Stanchion server user";
    };
  };
}

## stanchion.conf
## listen port and IP address
##
## Default: 127.0.0.1:8085
##
## Acceptable values:
##   - an IP/port pair, e.g. 127.0.0.1:10011
listener = 192.168.1.18:8085

## Default cert location for https can be overridden
## with the ssl config variable, for example:
##
## Acceptable values:
##   - the path to a file
## ssl.certfile = $(platform_etc_dir)/cert.pem

## Default key location for https can be overridden with the ssl
## config variable, for example:
##
## Acceptable values:
##   - the path to a file
## ssl.keyfile = $(platform_etc_dir)/key.pem

## Riak IP address and port number where Stanchion connects
##
## Default: 127.0.0.1:8087
##
## Acceptable values:
##   - an IP/port pair, e.g. 127.0.0.1:10011
riak_host = 192.168.1.18:8087

## Admin user credentials. The credentials specified here must
## match the admin credentials specified in the riak-cs.conf for the
## system to function properly.
##
## Default: admin-key
##
## Acceptable values:
##   - text
# admin.key=
# admin.secret=

## Platform-specific installation paths
##
## Default: /usr/sbin
##
## Acceptable values:
##   - the path to a directory
platform_bin_dir = /nix/store/7wq2ilxygi225k2qk0li4dcc0vlcdpx8-stanchion-2.1.1/bin

##
## Default: /var/lib/stanchion
##
## Acceptable values:
##   - the path to a directory
platform_data_dir = /var/db/stanchion

##
## Default: /etc/stanchion
##
## Acceptable values:
##   - the path to a directory
platform_etc_dir = /etc/stanchion

##
## Default: /usr/lib/stanchion/lib
##
## Acceptable values:
##   - the path to a directory
platform_lib_dir = /nix/store/7wq2ilxygi225k2qk0li4dcc0vlcdpx8-stanchion-2.1.1/lib

##
## Default: /var/log/stanchion
##
## Acceptable values:
##   - the path to a directory
platform_log_dir = /var/log/stanchion

## Where to emit the default log messages (typically at 'info'
## severity):
## off: disabled
## file: the file specified by log.console.file
## console: to standard output (seen when using `riak attach-direct`)
## both: log.console.file and standard out.
##
## Default: file
##
## Acceptable values:
##   - one of: off, file, console, both
log.console = file

## The severity level of the console log, default is 'info'.
##
## Default: info
##
## Acceptable values:
##   - one of: debug, info, notice, warning, error, critical, alert, emergency, none
log.console.level = info

## When 'log.console' is set to 'file' or 'both', the file where
## console messages will be logged.
##
## Default: $(platform_log_dir)/console.log
##
## Acceptable values:
##   - the path to a file
log.console.file = $(platform_log_dir)/console.log

## Maximum size of the console log in bytes, before it is rotated
##
## Default: 10MB
##
## Acceptable values:
##   - a byte size with units, e.g. 10GB
log.console.size = 10MB

## The schedule on which to rotate the console log.  For more
## information see:
## https://github.com/basho/lager/blob/master/README.md#internal-log-rotation
##
## Default: $D0
##
## Acceptable values:
##   - text
log.console.rotation = $D0

## The number of rotated console logs to keep. When set to
## 'current', only the current open log file is kept.
##
## Default: 5
##
## Acceptable values:
##   - an integer
##   - the text "current"
log.console.rotation.keep = 5

## The file where error messages will be logged.
##
## Default: $(platform_log_dir)/error.log
##
## Acceptable values:
##   - the path to a file
log.error.file = $(platform_log_dir)/error.log

## Maximum size of the error log in bytes, before it is rotated
##
## Default: 10MB
##
## Acceptable values:
##   - a byte size with units, e.g. 10GB
log.error.size = 10MB

## The schedule on which to rotate the error log.  For more
## information see:
## https://github.com/basho/lager/blob/master/README.md#internal-log-rotation
##
## Default: $D0
##
## Acceptable values:
##   - text
log.error.rotation = $D0

## The number of rotated error logs to keep. When set to
## 'current', only the current open log file is kept.
##
## Default: 5
##
## Acceptable values:
##   - an integer
##   - the text "current"
log.error.rotation.keep = 5

## When set to 'on', enables log output to syslog.
##
## Default: off
##
## Acceptable values:
##   - on or off
log.syslog = off

## Whether to enable the crash log.
##
## Default: on
##
## Acceptable values:
##   - on or off
log.crash = on

## If the crash log is enabled, the file where its messages will
## be written.
##
## Default: $(platform_log_dir)/crash.log
##
## Acceptable values:
##   - the path to a file
log.crash.file = $(platform_log_dir)/crash.log

## Maximum size in bytes of individual messages in the crash log
##
## Default: 64KB
##
## Acceptable values:
##   - a byte size with units, e.g. 10GB
log.crash.maximum_message_size = 64KB

## Maximum size of the crash log in bytes, before it is rotated
##
## Default: 10MB
##
## Acceptable values:
##   - a byte size with units, e.g. 10GB
log.crash.size = 10MB

## The schedule on which to rotate the crash log.  For more
## information see:
## https://github.com/basho/lager/blob/master/README.md#internal-log-rotation
##
## Default: $D0
##
## Acceptable values:
##   - text
log.crash.rotation = $D0

## The number of rotated crash logs to keep. When set to
## 'current', only the current open log file is kept.
##
## Default: 5
##
## Acceptable values:
##   - an integer
##   - the text "current"
log.crash.rotation.keep = 5

## Name of the Erlang node
##
## Default: stanchion@127.0.0.1
##
## Acceptable values:
##   - text
nodename = stanchion@nomokoslave2.nomoko.lan

## Cookie for distributed node communication.  All nodes in the
## same cluster should use the same cookie or they will not be able to
## communicate.
##
## Default: riak
##
## Acceptable values:
##   - text
distributed_cookie = riak

## Sets the number of threads in async thread pool, valid range
## is 0-1024. If thread support is available, the default is 64.
## More information at: http://erlang.org/doc/man/erl.html
##
## Default: 64
##
## Acceptable values:
##   - an integer
erlang.async_threads = 64

## The number of concurrent ports/sockets
## Valid range is 1024-134217727
##
## Default: 65536
##
## Acceptable values:
##   - an integer
erlang.max_ports = 65536

## Set scheduler forced wakeup interval. All run queues will be
## scanned each Interval milliseconds. While there are sleeping
## schedulers in the system, one scheduler will be woken for each
## non-empty run queue found. An Interval of zero disables this
## feature, which also is the default.
## This feature is a workaround for lengthy executing native code, and
## native code that do not bump reductions properly.
## More information: http://www.erlang.org/doc/man/erl.html#+sfwi
##
## Default: 500
##
## Acceptable values:
##   - an integer
## erlang.schedulers.force_wakeup_interval = 500

## Enable or disable scheduler compaction of load. By default
## scheduler compaction of load is enabled. When enabled, load
## balancing will strive for a load distribution which causes as many
## scheduler threads as possible to be fully loaded (i.e., not run out
## of work). This is accomplished by migrating load (e.g. runnable
## processes) into a smaller set of schedulers when schedulers
## frequently run out of work. When disabled, the frequency with which
## schedulers run out of work will not be taken into account by the
## load balancing logic.
## More information: http://www.erlang.org/doc/man/erl.html#+scl
##
## Default: false
##
## Acceptable values:
##   - one of: true, false
## erlang.schedulers.compaction_of_load = false

## Enable or disable scheduler utilization balancing of load. By
## default scheduler utilization balancing is disabled and instead
## scheduler compaction of load is enabled which will strive for a
## load distribution which causes as many scheduler threads as
## possible to be fully loaded (i.e., not run out of work). When
## scheduler utilization balancing is enabled the system will instead
## try to balance scheduler utilization between schedulers. That is,
## strive for equal scheduler utilization on all schedulers.
## More information: http://www.erlang.org/doc/man/erl.html#+sub
##
## Acceptable values:
##   - one of: true, false
## erlang.schedulers.utilization_balancing = true

##stanchion_ssl=off
	{ stdenv, lib, fetchurl, unzip, erlangR16_basho, git, wget, which, pam, coreutils, riak }:

	let
	srcs = {
	stanchion = fetchurl {
	url = "http://s3.amazonaws.com/downloads.basho.com/stanchion/2.1/2.1.1/stanchion-2.1.1.tar.gz";
	sha256 = "1443arwgg7qvlx3msyg99qvvhck7qxphdjslcp494i60fhr2g8ja";
	};
	};
	in

	stdenv.mkDerivation rec {
	name = "stanchion-2.1.1";

	buildInputs = [
	which unzip erlangR16_basho pam git wget
	];

	src = srcs.stanchion;

	postPatch = ''
	sed -i deps/node_package/priv/base/env.sh \
	-e 's@{{platform_data_dir}}@''${RIAK_DATA_DIR:-/var/db/stanchion}@' \
	-e 's@^RUNNER_SCRIPT_DIR=.*@RUNNER_SCRIPT_DIR='$out'/bin@' \
	-e 's@^RUNNER_BASE_DIR=.*@RUNNER_BASE_DIR='$out'@' \
	-e 's@^RUNNER_ETC_DIR=.*@RUNNER_ETC_DIR=''${RIAK_ETC_DIR:-/etc/stanchion}@' \
	-e 's@^RUNNER_LOG_DIR=.*@RUNNER_LOG_DIR=''${RIAK_LOG_DIR:-/var/log}@'
	'';

	preBuild = ''
	patchShebangs .
	'';

	buildPhase = ''
	runHook preBuild

	make rel

	runHook postBuild
	'';

	doCheck = false;

	installPhase = ''
	runHook preInstall

	mkdir $out
	mv rel/stanchion/etc rel/stanchion/riak-etc
	mkdir -p rel/stanchion/etc
	mv rel/stanchion/riak-etc rel/stanchion/etc/stanchion
	mv rel/stanchion/* $out

	for prog in $out/bin/*; do
	substituteInPlace $prog \
	--replace '. "`cd \`dirname $0\` && /bin/pwd`/../lib/env.sh"' \
	". $out/lib/env.sh"
	done

	runHook postInstall
	'';

	meta = with lib; {
	maintainers = with maintainers; [ mdaiter ];
	description = "Manager for Riak CS";
	platforms = [ "x86_64-linux" ];
	};
	}
	{ config, lib, pkgs, ... }:

	with lib;

	let

	cfg = config.services.stanchion;

	in

	{

	###### interface

	options = {

	services.stanchion = {

	enable = mkEnableOption "stanchion";

	nodeName = mkOption {
	type = types.string;
	default = "stanchion@127.0.0.1";
	description = ''
	Name of the Erlang node.
	'';
	};

	adminKey = mkOption {
	type = types.string;
	default = "";
	description = ''
	Name of admin user.
	'';
	};

	adminSecret = mkOption {
	type = types.string;
	default = "";
	description = ''
	Name of admin secret
	'';
	};

	riakHost = mkOption {
	type = types.string;
	default = "127.0.0.1:8087";
	description = ''
	Name of riak hosting service.
	'';
	};

	listener = mkOption {
	type = types.string;
	default = "127.0.0.1:8085";
	description = ''
	Name of Riak CS listening service.
	'';
	};

	stanchionHost = mkOption {
	type = types.string;
	default = "127.0.0.1:8085";
	description = ''
	Name of stanchion hosting service.
	'';
	};

	stanchionSsl = mkOption {
	type = types.bool;
	default = true;
	description = ''
	Tell stanchion to use SSL.
	'';
	};

	distributedCookie = mkOption {
	type = types.string;
	default = "riak";
	description = ''
	Cookie for distributed node communication. All nodes in the
	same cluster should use the same cookie or they will not be able to
	communicate.
	'';
	};

	dataDir = mkOption {
	type = types.path;
	default = "/var/db/stanchion";
	description = ''
	Data directory for Stanchion.
	'';
	};

	logDir = mkOption {
	type = types.path;
	default = "/var/log/stanchion";
	description = ''
	Log directory for Stanchino.
	'';
	};

	extraConfig = mkOption {
	type = types.lines;
	default = "";
	description = ''
	Additional text to be appended to <filename>stanchion.conf</filename>.
	'';
	};
	};
	};

	###### implementation

	config = mkIf cfg.enable {

	environment.systemPackages = [ pkgs.stanchion ];
	environment.etc."stanchion/advanced.config".text = ''
	[{stanchion, []}].
	'';
	environment.etc."stanchion/stanchion.conf".text = ''
	## listen port and IP address
	##
	## Default: 127.0.0.1:8085
	##
	## Acceptable values:
	## - an IP/port pair, e.g. 127.0.0.1:10011
	listener = ${cfg.listener}

	## Default cert location for https can be overridden
	## with the ssl config variable, for example:
	##
	## Acceptable values:
	## - the path to a file
	## ssl.certfile = $(platform_etc_dir)/cert.pem

	## Default key location for https can be overridden with the ssl
	## config variable, for example:
	##
	## Acceptable values:
	## - the path to a file
	## ssl.keyfile = $(platform_etc_dir)/key.pem

	## Riak IP address and port number where Stanchion connects
	##
	## Default: 127.0.0.1:8087
	##
	## Acceptable values:
	## - an IP/port pair, e.g. 127.0.0.1:10011
	riak_host = ${cfg.riakHost}

	## Admin user credentials. The credentials specified here must
	## match the admin credentials specified in the riak-cs.conf for the
	## system to function properly.
	##
	## Default: admin-key
	##
	## Acceptable values:
	## - text
	${ if cfg.adminKey != "" then "" else "#" } admin.key=${ if cfg.adminKey != "" then cfg.adminKey else "" }
	${ if cfg.adminSecret != "" then "" else "#" } admin.secret=${if cfg. adminSecret != "" then cfg.adminSecret else "" }

	## Platform-specific installation paths
	##
	## Default: /usr/sbin
	##
	## Acceptable values:
	## - the path to a directory
	platform_bin_dir = ${pkgs.stanchion}/bin

	##
	## Default: /var/lib/stanchion
	##
	## Acceptable values:
	## - the path to a directory
	platform_data_dir = ${cfg.dataDir}

	##
	## Default: /etc/stanchion
	##
	## Acceptable values:
	## - the path to a directory
	platform_etc_dir = /etc/stanchion

	##
	## Default: /usr/lib/stanchion/lib
	##
	## Acceptable values:
	## - the path to a directory
	platform_lib_dir = ${pkgs.stanchion}/lib

	##
	## Default: /var/log/stanchion
	##
	## Acceptable values:
	## - the path to a directory
	platform_log_dir = ${cfg.logDir}

	## Where to emit the default log messages (typically at 'info'
	## severity):
	## off: disabled
	## file: the file specified by log.console.file
	## console: to standard output (seen when using `riak attach-direct`)
	## both: log.console.file and standard out.
	##
	## Default: file
	##
	## Acceptable values:
	## - one of: off, file, console, both
	log.console = file

	## The severity level of the console log, default is 'info'.
	##
	## Default: info
	##
	## Acceptable values:
	## - one of: debug, info, notice, warning, error, critical, alert, emergency, none
	log.console.level = info

	## When 'log.console' is set to 'file' or 'both', the file where
	## console messages will be logged.
	##
	## Default: $(platform_log_dir)/console.log
	##
	## Acceptable values:
	## - the path to a file
	log.console.file = $(platform_log_dir)/console.log

	## Maximum size of the console log in bytes, before it is rotated
	##
	## Default: 10MB
	##
	## Acceptable values:
	## - a byte size with units, e.g. 10GB
	log.console.size = 10MB

	## The schedule on which to rotate the console log. For more
	## information see:
	## https://github.com/basho/lager/blob/master/README.md#internal-log-rotation
	##
	## Default: $D0
	##
	## Acceptable values:
	## - text
	log.console.rotation = $D0

	## The number of rotated console logs to keep. When set to
	## 'current', only the current open log file is kept.
	##
	## Default: 5
	##
	## Acceptable values:
	## - an integer
	## - the text "current"
	log.console.rotation.keep = 5

	## The file where error messages will be logged.
	##
	## Default: $(platform_log_dir)/error.log
	##
	## Acceptable values:
	## - the path to a file
	log.error.file = $(platform_log_dir)/error.log

	## Maximum size of the error log in bytes, before it is rotated
	##
	## Default: 10MB
	##
	## Acceptable values:
	## - a byte size with units, e.g. 10GB
	log.error.size = 10MB

	## The schedule on which to rotate the error log. For more
	## information see:
	## https://github.com/basho/lager/blob/master/README.md#internal-log-rotation
	##
	## Default: $D0
	##
	## Acceptable values:
	## - text
	log.error.rotation = $D0

	## The number of rotated error logs to keep. When set to
	## 'current', only the current open log file is kept.
	##
	## Default: 5
	##
	## Acceptable values:
	## - an integer
	## - the text "current"
	log.error.rotation.keep = 5

	## When set to 'on', enables log output to syslog.
	##
	## Default: off
	##
	## Acceptable values:
	## - on or off
	log.syslog = off

	## Whether to enable the crash log.
	##
	## Default: on
	##
	## Acceptable values:
	## - on or off
	log.crash = on

	## If the crash log is enabled, the file where its messages will
	## be written.
	##
	## Default: $(platform_log_dir)/crash.log
	##
	## Acceptable values:
	## - the path to a file
	log.crash.file = $(platform_log_dir)/crash.log

	## Maximum size in bytes of individual messages in the crash log
	##
	## Default: 64KB
	##
	## Acceptable values:
	## - a byte size with units, e.g. 10GB
	log.crash.maximum_message_size = 64KB

	## Maximum size of the crash log in bytes, before it is rotated
	##
	## Default: 10MB
	##
	## Acceptable values:
	## - a byte size with units, e.g. 10GB
	log.crash.size = 10MB

	## The schedule on which to rotate the crash log. For more
	## information see:
	## https://github.com/basho/lager/blob/master/README.md#internal-log-rotation
	##
	## Default: $D0
	##
	## Acceptable values:
	## - text
	log.crash.rotation = $D0

	## The number of rotated crash logs to keep. When set to
	## 'current', only the current open log file is kept.
	##
	## Default: 5
	##
	## Acceptable values:
	## - an integer
	## - the text "current"
	log.crash.rotation.keep = 5

	## Name of the Erlang node
	##
	## Default: stanchion@127.0.0.1
	##
	## Acceptable values:
	## - text
	nodename = ${cfg.nodeName}

	## Cookie for distributed node communication. All nodes in the
	## same cluster should use the same cookie or they will not be able to
	## communicate.
	##
	## Default: riak
	##
	## Acceptable values:
	## - text
	distributed_cookie = ${cfg.distributedCookie}

	## Sets the number of threads in async thread pool, valid range
	## is 0-1024. If thread support is available, the default is 64.
	## More information at: http://erlang.org/doc/man/erl.html
	##
	## Default: 64
	##
	## Acceptable values:
	## - an integer
	erlang.async_threads = 64

	## The number of concurrent ports/sockets
	## Valid range is 1024-134217727
	##
	## Default: 65536
	##
	## Acceptable values:
	## - an integer
	erlang.max_ports = 65536

	## Set scheduler forced wakeup interval. All run queues will be
	## scanned each Interval milliseconds. While there are sleeping
	## schedulers in the system, one scheduler will be woken for each
	## non-empty run queue found. An Interval of zero disables this
	## feature, which also is the default.
	## This feature is a workaround for lengthy executing native code, and
	## native code that do not bump reductions properly.
	## More information: http://www.erlang.org/doc/man/erl.html#+sfwi
	##
	## Default: 500
	##
	## Acceptable values:
	## - an integer
	## erlang.schedulers.force_wakeup_interval = 500

	## Enable or disable scheduler compaction of load. By default
	## scheduler compaction of load is enabled. When enabled, load
	## balancing will strive for a load distribution which causes as many
	## scheduler threads as possible to be fully loaded (i.e., not run out
	## of work). This is accomplished by migrating load (e.g. runnable
	## processes) into a smaller set of schedulers when schedulers
	## frequently run out of work. When disabled, the frequency with which
	## schedulers run out of work will not be taken into account by the
	## load balancing logic.
	## More information: http://www.erlang.org/doc/man/erl.html#+scl
	##
	## Default: false
	##
	## Acceptable values:
	## - one of: true, false
	## erlang.schedulers.compaction_of_load = false

	## Enable or disable scheduler utilization balancing of load. By
	## default scheduler utilization balancing is disabled and instead
	## scheduler compaction of load is enabled which will strive for a
	## load distribution which causes as many scheduler threads as
	## possible to be fully loaded (i.e., not run out of work). When
	## scheduler utilization balancing is enabled the system will instead
	## try to balance scheduler utilization between schedulers. That is,
	## strive for equal scheduler utilization on all schedulers.
	## More information: http://www.erlang.org/doc/man/erl.html#+sub
	##
	## Acceptable values:
	## - one of: true, false
	## erlang.schedulers.utilization_balancing = true

	##stanchion_ssl=${if cfg.stanchionSsl then "on" else "off"}


	${cfg.extraConfig}
	'';

	users.extraUsers.stanchion = {
	name = "stanchion";
	uid = config.ids.uids.stanchion;
	group = "riak";
	description = "Stanchion server user";
	};
	};
	}