]> git.immae.eu Git - perso/Immae/Config/Nix.git/blame - flakes/private/environment/flake.nix
projects / perso / Immae / Config / Nix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Move backup directory to host subdir
[perso/Immae/Config/Nix.git] / flakes / private / environment / flake.nix
CommitLineData
1a64deeb
IB		 1{
2 outputs = { self }: {
3 nixosModule = self.nixosModules.environment;
4 nixosModules.environment = { config, lib, name, ... }:
5 with lib;
6 with types;
7 with lists;
8 let
9 ldapOptions = {
10 base = mkOption { description = "Base of the LDAP tree"; type = str; };
11 host = mkOption { description = "Host to access LDAP"; type = str; };
12 root_dn = mkOption { description = "DN of the root user"; type = str; };
13 root_pw = mkOption { description = "Hashed password of the root user"; type = str; };
14 replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; };
15 replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; };
16 };
17 mkLdapOptions = name: more: mkOption {
18 description = "${name} LDAP configuration";
19 type = submodule {
20 options = ldapOptions // {
21 dn = mkOption { description = "DN of the ${name} user"; type = str; };
22 password = mkOption { description = "password of the ${name} user"; type = str; };
23 filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; };
24 } // more;
25 };
26 };
27 mysqlOptions = {
28 host = mkOption { description = "Host to access Mysql"; type = str; };
29 remoteHost = mkOption { description = "Host to access Mysql from outside"; type = str; };
30 port = mkOption { description = "Port to access Mysql"; type = int; };
31 socket = mkOption { description = "Socket to access Mysql"; type = path; };
32 systemUsers = mkOption {
33 description = "Attrs of user-passwords allowed to access mysql";
34 type = attrsOf str;
35 };
36 pam = mkOption {
37 description = "PAM configuration for mysql";
38 type = submodule {
39 options = {
40 dn = mkOption { description = "DN to connect as to check users"; type = str; };
41 password = mkOption { description = "DN password to connect as to check users"; type = str; };
42 filter = mkOption { description = "filter to match users"; type = str; };
43 };
44 };
45 };
46 };
47 mkMysqlOptions = name: more: mkOption {
48 description = "${name} mysql configuration";
49 type = submodule {
50 options = mysqlOptions // {
51 database = mkOption { description = "${name} database"; type = str; };
52 user = mkOption { description = "${name} user"; type = str; };
53 password = mkOption { description = "mysql password of the ${name} user"; type = str; };
54 } // more;
55 };
56 };
57 psqlOptions = {
58 host = mkOption { description = "Host to access Postgresql"; type = str; };
59 port = mkOption { description = "Port to access Postgresql"; type = str; };
60 socket = mkOption { description = "Socket to access Postgresql"; type = path; };
61 pam = mkOption {
62 description = "PAM configuration for psql";
63 type = submodule {
64 options = {
65 dn = mkOption { description = "DN to connect as to check users"; type = str; };
66 password = mkOption { description = "DN password to connect as to check users"; type = str; };
67 filter = mkOption { description = "filter to match users"; type = str; };
68 };
69 };
70 };
71 };
72 mkPsqlOptions = name: mkOption {
73 description = "${name} psql configuration";
74 type = submodule {
75 options = psqlOptions // {
76 database = mkOption { description = "${name} database"; type = str; };
77 schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; };
78 user = mkOption { description = "${name} user"; type = str; };
79 password = mkOption { description = "psql password of the ${name} user"; type = str; };
80 };
81 };
82 };
83 redisOptions = {
84 host = mkOption { description = "Host to access Redis"; type = str; };
85 port = mkOption { description = "Port to access Redis"; type = str; };
86 socket = mkOption { description = "Socket to access Redis"; type = path; };
87 dbs = mkOption {
88 description = "Attrs of db number. Each number should be unique to avoid collision!";
89 type = attrsOf str;
90 };
91 spiped_key = mkOption {
92 type = str;
93 description = ''
94 Key to use with spiped to make a secure channel to replication
95 '';
96 };
97 predixy = mkOption {
98 description = "Predixy configuration. Unused yet";
99 type = submodule {
100 options = {
101 read = mkOption { type = str; description = "Read password"; };
102 };
103 };
104 };
105 };
106 mkRedisOptions = name: mkOption {
107 description = "${name} redis configuration";
108 type = submodule {
109 options = redisOptions // {
110 db = mkOption { description = "${name} database"; type = str; };
111 };
112 };
113 };
114 smtpOptions = {
115 host = mkOption { description = "Host to access SMTP"; type = str; };
116 port = mkOption { description = "Port to access SMTP"; type = str; };
117 };
118 mkSmtpOptions = name: mkOption {
119 description = "${name} smtp configuration";
120 type = submodule {
121 options = smtpOptions // {
122 email = mkOption { description = "${name} email"; type = str; };
123 password = mkOption { description = "SMTP password of the ${name} user"; type = str; };
124 };
125 };
126 };
127 hostEnv = submodule {
128 options = {
129 fqdn = mkOption {
130 description = "Host FQDN";
131 type = str;
132 };
133 hostKey = mkOption {
134 type = nullOr str;
135 default = null;
136 description = ''
137 ssh host key
138 '';
139 };
140 isVm = mkEnableOption "The host is a vm";
1a64deeb
IB		 141 emails = mkOption {
142 default = [];
143 description = "List of e-mails that the server can be a sender of";
144 type = listOf str;
145 };
146 ldap = mkOption {
147 description = ''
148 LDAP credentials for the host
149 '';
150 type = submodule {
151 options = {
152 password = mkOption { type = str; description = "Password for the LDAP connection"; };
153 dn = mkOption { type = str; description = "DN for the LDAP connection"; };
154 };
155 };
156 };
157 mx = mkOption {
158 description = "subdomain and priority for MX server";
159 default = { enable = false; };
160 type = submodule {
161 options = {
162 enable = mkEnableOption "Enable MX";
163 subdomain = mkOption { type = nullOr str; description = "Subdomain name (mx-*)"; };
164 priority = mkOption { type = nullOr int; description = "Priority"; };
165 };
166 };
167 };
168 ips = mkOption {
169 description = ''
170 attrs of ip4/ip6 grouped by section
171 '';
172 type = attrsOf (submodule {
173 options = {
174 alias = mkOption {
175 type = nullOr str;
176 default = null;
177 description = ''
178 alias to use in DNS for that group
179 '';
180 };
181 ip4 = mkOption {
182 type = listOf str;
183 default = [];
184 description = ''
185 ip4 addresses of the host
186 '';
187 };
188 ip6 = mkOption {
189 type = listOf str;
190 default = [];
191 description = ''
192 ip6 addresses of the host
193 '';
194 };
195 };
196 });
197 };
198 };
199 };
200 in
201 {
202 # Necessary for situations where flake gets included multiple times
203 key = builtins.hashString "sha256" (builtins.path { path = self.sourceInfo.outPath; name = "source"; });
204
205 options.myEnv = {
206 servers = mkOption {
207 description = ''
208 Attrs of servers information in the cluster (not necessarily handled by nixops)
209 '';
210 default = {};
211 type = attrsOf hostEnv;
212 };
213 hetznerCloud = mkOption {
214 description = ''
215 Hetzner Cloud credential information
216 '';
217 type = submodule {
218 options = {
219 authToken = mkOption {
220 type = str;
221 description = ''
222 The API auth token.
223 '';
224 };
225 };
226 };
227 };
228 hetzner = mkOption {
229 description = ''
230 Hetzner credential information
231 '';
232 type = submodule {
233 options = {
234 user = mkOption { type = str; description = "User"; };
235 pass = mkOption { type = str; description = "Password"; };
236 };
237 };
238 };
239 sshd = mkOption {
240 description = ''
241 sshd service credential information
242 '';
243 type = submodule {
244 options = {
245 rootKeys = mkOption { type = attrsOf str; description = "Keys of root users"; };
246 ldap = mkOption {
247 description = ''
248 LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn
249 '';
250 type = submodule {
251 options = {
252 password = mkOption { description = "Password"; type = str; };
253 };
254 };
255 };
256 psql = mkOption {
257 description = ''
258 PSQL credentials for immae_auth_read
259 '';
260 type = submodule {
261 options = {
262 password = mkOption { description = "Password"; type = str; };
263 };
264 };
265 };
266 };
267 };
268 };
269 ports = mkOption {
270 description = ''
271 non-standard reserved ports. Must be unique!
272 '';
273 type = attrsOf port;
274 default = {};
275 apply = let
276 noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x));
277 in
278 x: if isAttrs x && noDupl x then x else throw "Non unique values for ports";
279 };
280 httpd = mkOption {
281 description = ''
282 httpd service credential information
283 '';
284 type = submodule {
285 options = {
286 ldap = mkOption {
287 description = ''
288 LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn
289 '';
290 type = submodule {
291 options = {
292 password = mkOption { description = "Password"; type = str; };
293 };
294 };
295 };
296 };
297 };
298 };
299 smtp = mkOption {
300 type = submodule { options = smtpOptions; };
301 description = "SMTP configuration";
302 };
303 ldap = mkOption {
304 description = ''
305 LDAP server configuration
306 '';
307 type = submodule {
308 options = ldapOptions;
309 };
310 };
311 databases = mkOption {
312 description = "Databases configuration";
313 type = submodule {
314 options = {
315 mysql = mkOption {
316 type = submodule { options = mysqlOptions; };
317 description = "Mysql configuration";
318 };
319 redis = mkOption {
320 type = submodule { options = redisOptions; };
321 description = "Redis configuration";
322 };
323 postgresql = mkOption {
324 type = submodule { options = psqlOptions; };
325 description = "Postgresql configuration";
326 };
327 };
328 };
329 };
330 jabber = mkOption {
331 description = "Jabber configuration";
332 type = submodule {
333 options = {
334 postfix_user_filter = mkOption { type = str; description = "Postfix filter to get xmpp users"; };
335 ldap = mkLdapOptions "Jabber" {};
336 postgresql = mkPsqlOptions "Jabber";
337 };
338 };
339 };
1a64deeb
IB		 340 users = mkOption {
341 description = "System and regular users uid/gid";
342 type = attrsOf (submodule {
343 options = {
344 uid = mkOption {
345 description = "user uid";
346 type = int;
347 };
348 gid = mkOption {
349 description = "user gid";
350 type = int;
351 };
352 };
353 });
354 };
355 dns = mkOption {
356 description = "DNS configuration";
357 type = submodule {
358 options = {
359 ns = mkOption {
360 description = "Attrs of NS servers group";
361 example = {
362 foo = {
363 "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ];
364 "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ];
365 };
366 };
367 type = attrsOf (attrsOf (listOf str));
368 };
369 };
370 };
371 };
1c90c0dd
IB		 372 borg_backup = mkOption {
373 description = ''
374 Remote backup with borg/borgmatic
375 '';
376 type = submodule {
377 options = {
378 password = mkOption { type = str; description = "Password for encrypting files"; };
379 remotes = mkOption {
380 type = attrsOf (submodule {
381 options = {
382 remote = mkOption {
fbf4b741 383 type = functionTo (functionTo str);
1c90c0dd
IB		 384 example = literalExample ''
385 bucket: "ssh://some_host/${bucket}";
386 '';
387 description = ''
388 Function.
389 Takes a bucket name as argument and returns a url
390 '';
391 };
392 sshRsyncPort = mkOption { type = str; default = "22"; description = "SSH port"; };
393 sshRsyncHost = mkOption { type = nullOr str; default = null; description = "SSH host"; };
394
395 sshKnownHosts = mkOption { type = nullOr str; default = null; description = "Ssh known hosts"; };
396 };
397 });
398 };
399 };
400 };
401 };
1a64deeb
IB		 402 backup = mkOption {
403 description = ''
404 Remote backup with duplicity
405 '';
406 type = submodule {
407 options = {
408 password = mkOption { type = str; description = "Password for encrypting files"; };
409 remotes = mkOption {
410 type = attrsOf (submodule {
411 options = {
1c90c0dd
IB		 412 remote_type = mkOption {
413 type = enum [ "s3" "rsync" ];
414 };
1a64deeb
IB		 415 remote = mkOption {
416 type = functionTo str;
417 example = literalExample ''
418 bucket: "s3://some_host/${bucket}";
419 '';
420 description = ''
421 Function.
422 Takes a bucket name as argument and returns a url
423 '';
424 };
1c90c0dd
IB		 425 sshRsyncPort = mkOption { type = str; default = "22"; description = "SSH port for rsync"; };
426 sshRsyncHost = mkOption { type = nullOr str; default = null; description = "SSH host for rsync"; };
427
428 sshKnownHosts = mkOption { type = nullOr str; default = null; description = "Ssh known hosts"; };
429 s3AccessKeyId = mkOption { type = nullOr str; default = null; description = "Remote access-key"; };
430 s3SecretAccessKey = mkOption { type = nullOr str; default = null; description = "Remote access secret"; };
1a64deeb
IB		 431 };
432 });
433 };
434 };
435 };
436 };
437 zrepl_backup = mkOption {
438 type = submodule {
439 options = {
440 ssh_key = mkOption {
441 description = "SSH key information";
442 type = submodule {
443 options = {
444 public = mkOption { type = str; description = "Public part of the key"; };
445 private = mkOption { type = lines; description = "Private part of the key"; };
446 };
447 };
448 };
449 mysql = mkMysqlOptions "Zrepl" {};
450 certs = mkOption {
451 description = "Certificates";
452 type = attrsOf (submodule {
453 options = {
454 key = mkOption { type = str; description = "Key"; };
455 certificate = mkOption { type = str; description = "Certificate"; };
456 };
457 });
458 };
459 };
460 };
461 };
462 rsync_backup = mkOption {
463 description =''
464 Rsync backup configuration from controlled host
465 '';
466 type = submodule {
467 options = {
468 ssh_key = mkOption {
469 description = "SSH key information";
470 type = submodule {
471 options = {
472 public = mkOption { type = str; description = "Public part of the key"; };
473 private = mkOption { type = lines; description = "Private part of the key"; };
474 };
475 };
476 };
477 profiles = mkOption {
478 description = "Attrs of profiles to backup";
479 default = {};
480 type = attrsOf (submodule {
481 options = {
482 keep = mkOption { type = int; description = "Number of backups to keep"; };
483 check_command = mkOption { type = str; description = "command to check if backup needs to be done"; default = "backup"; };
484 login = mkOption { type = str; description = "Login to connect to host"; };
485 port = mkOption { type = str; default = "22"; description = "Port to connect to host"; };
486 host = mkOption { type = str; description = "Host to connect to"; };
487 host_key = mkOption { type = str; description = "Host key"; };
488 host_key_type = mkOption { type = str; description = "Host key type"; };
489 parts = mkOption {
490 description = "Parts to backup for this host";
491 type = attrsOf (submodule {
492 options = {
493 remote_folder = mkOption { type = path; description = "Remote folder to backup";};
494 exclude_from = mkOption {
495 type = listOf path;
496 default = [];
497 description = "List of folders/files to exclude from the backup";
498 };
499 files_from = mkOption {
500 type = listOf path;
501 default = [];
502 description = "List of folders/files to backup in the base folder";
503 };
504 args = mkOption {
505 type = nullOr str;
506 default = null;
507 description = "Extra arguments to pass to rsync";
508 };
509 };
510 });
511 };
512 };
513 });
514 };
515 };
516 };
517 };
518 monitoring = mkOption {
519 description = "Monitoring configuration";
520 type = submodule {
521 options = {
522 status_url = mkOption { type = str; description = "URL to push status to"; };
523 status_token = mkOption { type = str; description = "Token for the status url"; };
524 http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; };
525 email = mkOption { type = str; description = "Admin E-mail"; };
526 ssh_public_key = mkOption { type = str; description = "SSH public key"; };
527 ssh_secret_key = mkOption { type = str; description = "SSH secret key"; };
528 imap_login = mkOption { type = str; description = "IMAP login"; };
529 imap_password = mkOption { type = str; description = "IMAP password"; };
530 eriomem_keys = mkOption { type = listOf (listOf str); description = "Eriomem keys"; default = []; };
531 ovh_sms = mkOption {
532 description = "OVH credentials for sms script";
533 type = submodule {
534 options = {
535 endpoint = mkOption { type = str; default = "ovh-eu"; description = "OVH endpoint"; };
536 application_key = mkOption { type = str; description = "Application key"; };
537 application_secret = mkOption { type = str; description = "Application secret"; };
538 consumer_key = mkOption { type = str; description = "Consumer key"; };
539 account = mkOption { type = str; description = "Account"; };
540 };
541 };
542 };
543 nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; };
544 apprise_urls = mkOption { type = str; description = "Apprise space-separated urls to push status update"; };
545 netdata_aggregator = mkOption { type = str; description = "Url where netdata information should be sent"; };
546 netdata_keys = mkOption { type = attrsOf str; description = "netdata host keys"; };
547 immae_contact = mkOption { type = str; description = "Immae Contact e-mail"; };
548 email_check = mkOption {
549 description = "Emails services to check";
550 type = attrsOf (submodule {
551 options = {
552 local = mkOption { type = bool; default = false; description = "Use local configuration"; };
553 port = mkOption { type = nullOr str; default = null; description = "Port to connect to ssh"; };
554 login = mkOption { type = nullOr str; default = null; description = "Login to connect to ssh"; };
555 targets = mkOption { type = listOf str; description = "Hosts to send E-mails to"; };
556 mail_address = mkOption { type = nullOr str; default = null; description = "E-mail recipient part to send e-mail to"; };
557 mail_domain = mkOption { type = nullOr str; default = null; description = "E-mail domain part to send e-mail to"; };
558 };
559 });
560 };
561 };
562 };
563 };
564 mpd = mkOption {
565 description = "MPD configuration";
566 type = submodule {
567 options = {
568 folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; };
569 password = mkOption { type = str; description = "Password to connect to the MPD instance"; };
570 host = mkOption { type = str; description = "Host to connect to the MPD instance"; };
571 port = mkOption { type = str; description = "Port to connect to the MPD instance"; };
572 };
573 };
574 };
575 ftp = mkOption {
576 description = "FTP configuration";
577 type = submodule {
578 options = {
579 ldap = mkLdapOptions "FTP" {
580 proftpd_filter = mkOption { type = str; description = "Filter for proftpd listing in LDAP"; };
581 pure-ftpd_filter = mkOption { type = str; description = "Filter for pure-ftpd listing in LDAP"; };
582 };
583 };
584 };
585 };
586 vpn = mkOption {
587 description = "VPN configuration";
588 type = attrsOf (submodule {
589 options = {
590 prefix = mkOption { type = str; description = "ipv6 prefix for the vpn subnet"; };
591 privateKey = mkOption { type = str; description = "Private key for the host"; };
592 publicKey = mkOption { type = str; description = "Public key for the host"; };
593 };
594 });
595 };
596 mail = mkOption {
597 description = "Mail configuration";
598 type = submodule {
599 options = {
600 dmarc = mkOption {
601 description = "DMARC configuration";
602 type = submodule {
603 options = {
604 ignore_hosts = mkOption {
605 type = lines;
606 description = ''
607 Hosts to ignore when checking for dmarc
608 '';
609 };
610 };
611 };
612 };
613 dkim = mkOption {
614 description = "DKIM configuration";
615 type = attrsOf (submodule {
616 options = {
617 public = mkOption {
618 type = attrsOf str;
619 example = literalExample ''
620 {
621 v = "DKIM1";
622 k = "rsa";
623 p = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB";
624 }
625 '';
626 description = "Public entry to put in DNS TXT field";
627 };
628 private = mkOption { type = nullOr str; default = null; description = "Private key"; };
629 };
630 });
631 };
632 postfix = mkOption {
633 description = "Postfix configuration";
634 type = submodule {
635 options = {
636 mysql = mkMysqlOptions "Postfix" {
637 password_encrypt = mkOption { type = str; description = "Key to encrypt relay password in database"; };
638 };
639 admins = mkOption {
640 description = ''
641 List of admins meant to receive common aliases
642 '';
643 type = listOf str;
644 };
645 common_aliases = mkOption {
646 description = ''
647 List of aliases common to all hosts, to forward to admins
648 '';
649 type = listOf str;
650 };
651 other_aliases = mkOption {
652 description = ''
653 Other list of aliases, to forward to admins
654 '';
655 type = listOf str;
656 };
657 };
658 };
659 };
660 dovecot = mkOption {
661 description = "Dovecot configuration";
662 type = submodule {
663 options = {
1cf1f916 664 mysql = mkMysqlOptions "Dovecot" {};
1a64deeb
IB		 665 ldap = mkLdapOptions "Dovecot" {
666 pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; };
667 user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; };
668 iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; };
669 iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; };
670 postfix_mailbox_filter = mkOption { type = str; description = "Postfix filter to get mailboxes"; };
671 };
672 };
673 };
674 };
675 rspamd = mkOption {
676 description = "rspamd configuration";
677 type = submodule {
678 options = {
679 redis = mkRedisOptions "Redis";
680 read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; };
681 write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; };
682 read_password = mkOption {
683 type = str;
684 description = "Read password for rspamd. Unused";
685 apply = x: "";
686 };
687 write_password = mkOption {
688 type = str;
689 description = "Write password for rspamd. Unused";
690 apply = x: "";
691 };
692 };
693 };
694 };
695 sympa = mkOption {
696 description = "Sympa configuration";
697 type = submodule {
698 options = {
699 listmasters = mkOption {
700 type = listOf str;
701 description = "Listmasters";
702 };
703 postgresql = mkPsqlOptions "Sympa";
704 data_sources = mkOption {
705 type = attrsOf str;
706 default = {};
707 description = "Data sources to make available to sympa";
708 };
709 scenari = mkOption {
710 type = attrsOf str;
711 default = {};
712 description = "Scenari to make available to sympa";
713 };
714 };
715 };
716 };
717 };
718 };
719 };
720 coturn = mkOption {
721 description = "Coturn configuration";
722 type = submodule {
723 options = {
724 auth_access_key = mkOption { type = str; description = "key to access coturn"; };
725 };
726 };
727 };
728 buildbot = mkOption {
729 description = "Buildbot configuration";
730 type = submodule {
731 options = {
732 ssh_key = mkOption {
733 description = "SSH key information";
734 type = submodule {
735 options = {
736 public = mkOption { type = str; description = "Public part of the key"; };
737 private = mkOption { type = lines; description = "Private part of the key"; };
738 };
739 };
740 };
741 workerPassword = mkOption { description = "Buildbot worker password"; type = str; };
742 user = mkOption {
743 description = "Buildbot user";
744 type = submodule {
745 options = {
746 uid = mkOption {
747 description = "user uid";
748 type = int;
749 };
750 gid = mkOption {
751 description = "user gid";
752 type = int;
753 };
754 };
755 };
756 };
757 ldap = mkOption {
758 description = "Ldap configuration for buildbot";
759 type = submodule {
760 options = {
761 password = mkOption { type = str; description = "Buildbot password"; };
762 };
763 };
764 };
765 projects = mkOption {
766 description = "Projects to make a buildbot for";
767 type = attrsOf (submodule {
768 options = {
769 name = mkOption { type = str; description = "Project name"; };
770 src = mkOption { type = path; description = "source of the project configuration"; };
771 packages = mkOption {
772 type = listOf package;
773 example = literalExample ''
774 [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ];
775 '';
776 description = ''
777 Builds packages list to make available to buildbot project.
778 '';
779 };
780 pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; };
781 workerPort = mkOption { type = port; description = "Port for the worker"; };
782 secrets = mkOption {
783 type = attrsOf lines;
784 description = "Secrets for the project to dump as files";
785 };
786 secretsDeps = mkOption {
787 type = listOf package;
788 default = [];
789 description = "Dependencies of file that will land in secrets";
790 };
791 environment = mkOption {
792 type = attrsOf str;
793 description = ''
794 Environment variables for the project.
795 BUILDBOT_ is prefixed to the variable names
796 '';
797 };
798 activationScript = mkOption {
799 type = lines;
800 description = ''
801 Activation script to run during deployment
802 '';
803 };
804 webhookTokens = mkOption {
805 type = nullOr (listOf str);
806 default = null;
807 description = ''
808 List of tokens allowed to push to project’s change_hook/base endpoint
809 '';
810 };
811 };
812 });
813 };
814 };
815 };
816 };
817 tools = mkOption {
818 description = "Tools configurations";
819 type = submodule {
820 options = {
821 contact = mkOption { type = str; description = "Contact e-mail address"; };
822 assets = mkOption {
823 default = {};
824 type = attrsOf (submodule {
825 options = {
826 assetType = mkOption { type = enum ["tgz" "url" "googleFont"]; default = "url"; description = "Type of asset"; };
827 tgzRemoveComponents = mkOption { type = int; default = 0; description = "Remove components when extracting"; };
828 url = mkOption { type = str; description = "URL to fetch"; };
829 sha256 = mkOption { type = str; description = "Hash of the url"; };
830 };
831 });
832 description = "Assets to provide on assets.immae.eu";
833 };
834 davical = mkOption {
835 description = "Davical configuration";
836 type = submodule {
837 options = {
838 postgresql = mkPsqlOptions "Davical";
839 ldap = mkLdapOptions "Davical" {};
840 };
841 };
842 };
843 diaspora = mkOption {
844 description = "Diaspora configuration";
845 type = submodule {
846 options = {
847 postgresql = mkPsqlOptions "Diaspora";
848 redis = mkRedisOptions "Diaspora";
849 ldap = mkLdapOptions "Diaspora" {};
850 secret_token = mkOption { type = str; description = "Secret token"; };
851 };
852 };
853 };
854 dmarc_reports = mkOption {
855 description = "DMARC reports configuration";
856 type = submodule {
857 options = {
858 mysql = mkMysqlOptions "DMARC" {};
859 anonymous_key = mkOption { type = str; description = "Anonymous hashing key"; };
860 };
861 };
862 };
863 etherpad-lite = mkOption {
864 description = "Etherpad configuration";
865 type = submodule {
866 options = {
867 postgresql = mkPsqlOptions "Etherpad";
868 ldap = mkLdapOptions "Etherpad" {
869 group_filter = mkOption { type = str; description = "Filter for groups"; };
870 };
871 adminPassword = mkOption { type = str; description = "Admin password for mypads / admin"; };
872 session_key = mkOption { type = str; description = "Session key"; };
873 api_key = mkOption { type = str; description = "API key"; };
874 };
875 };
876 };
877 gitolite = mkOption {
878 description = "Gitolite configuration";
879 type = submodule {
880 options = {
881 ldap = mkLdapOptions "Gitolite" {};
882 ssh_key = mkOption {
883 description = "SSH key information";
884 type = submodule {
885 options = {
886 public = mkOption { type = str; description = "Public part of the key"; };
887 private = mkOption { type = lines; description = "Private part of the key"; };
888 };
889 };
890 };
891 };
892 };
893 };
894 landing = mkOption {
895 description = "Landing configuration";
896 type = submodule {
897 options = {
898 postgresql = mkPsqlOptions "Landing";
899 };
900 };
901 };
902 kanboard = mkOption {
903 description = "Kanboard configuration";
904 type = submodule {
905 options = {
906 postgresql = mkPsqlOptions "Kanboard";
907 ldap = mkLdapOptions "Kanboard" {
908 admin_dn = mkOption { type = str; description = "Admin DN"; };
909 };
910 };
911 };
912 };
913 mantisbt = mkOption {
914 description = "Mantisbt configuration";
915 type = submodule {
916 options = {
917 postgresql = mkPsqlOptions "Mantisbt";
918 ldap = mkLdapOptions "Mantisbt" {};
919 master_salt = mkOption { type = str; description = "Master salt for password hash"; };
920 };
921 };
922 };
923 mastodon = mkOption {
924 description = "Mastodon configuration";
925 type = submodule {
926 options = {
927 postgresql = mkPsqlOptions "Mastodon";
928 redis = mkRedisOptions "Mastodon";
929 ldap = mkLdapOptions "Mastodon" {};
930 paperclip_secret = mkOption { type = str; description = "Paperclip secret"; };
931 otp_secret = mkOption { type = str; description = "OTP secret"; };
932 secret_key_base = mkOption { type = str; description = "Secret key base"; };
933 vapid = mkOption {
934 description = "vapid key";
935 type = submodule {
936 options = {
937 private = mkOption { type = str; description = "Private key"; };
938 public = mkOption { type = str; description = "Public key"; };
939 };
940 };
941 };
942 };
943 };
944 };
945 mediagoblin = mkOption {
946 description = "Mediagoblin configuration";
947 type = submodule {
948 options = {
949 postgresql = mkPsqlOptions "Mediagoblin";
950 redis = mkRedisOptions "Mediagoblin";
951 ldap = mkLdapOptions "Mediagoblin" {};
952 };
953 };
954 };
955 nextcloud = mkOption {
956 description = "Nextcloud configuration";
957 type = submodule {
958 options = {
959 postgresql = mkPsqlOptions "Nextcloud";
960 redis = mkRedisOptions "Nextcloud";
961 password_salt = mkOption { type = str; description = "Password salt"; };
962 instance_id = mkOption { type = str; description = "Instance ID"; };
963 secret = mkOption { type = str; description = "App secret"; };
964 };
965 };
966 };
967 peertube = mkOption {
968 description = "Peertube configuration";
969 type = submodule {
970 options = {
971 listenPort = mkOption { type = port; description = "Port to listen to"; };
972 postgresql = mkPsqlOptions "Peertube";
973 redis = mkRedisOptions "Peertube";
974 ldap = mkLdapOptions "Peertube" {};
975 };
976 };
977 };
978 phpldapadmin = mkOption {
979 description = "phpLdapAdmin configuration";
980 type = submodule {
981 options = {
982 ldap = mkLdapOptions "phpldapadmin" {};
983 };
984 };
985 };
986 rompr = mkOption {
987 description = "Rompr configuration";
988 type = submodule {
989 options = {
990 mpd = mkOption {
991 description = "MPD configuration";
992 type = submodule {
993 options = {
994 host = mkOption { type = str; description = "Host for MPD"; };
995 port = mkOption { type = port; description = "Port to access MPD host"; };
996 };
997 };
998 };
999 };
1000 };
1001 };
1002 roundcubemail = mkOption {
1003 description = "Roundcubemail configuration";
1004 type = submodule {
1005 options = {
1006 postgresql = mkPsqlOptions "TT-RSS";
1007 secret = mkOption { type = str; description = "Secret"; };
1008 };
1009 };
1010 };
1011 shaarli = mkOption {
1012 description = "Shaarli configuration";
1013 type = submodule {
1014 options = {
1015 ldap = mkLdapOptions "Shaarli" {};
1016 };
1017 };
1018 };
1019 status_engine = mkOption {
1020 description = "Status Engine configuration";
1021 type = submodule {
1022 options = {
1023 mysql = mkMysqlOptions "StatusEngine" {};
1024 ldap = mkLdapOptions "StatusEngine" {};
1025 };
1026 };
1027 };
1028 task = mkOption {
1029 description = "Taskwarrior configuration";
1030 type = submodule {
1031 options = {
1032 ldap = mkLdapOptions "Taskwarrior" {};
1033 taskwarrior-web = mkOption {
1034 description = "taskwarrior-web profiles";
1035 default = {};
1036 type = attrsOf (submodule {
1037 options = {
1038 uid = mkOption {
1039 type = listOf str;
1040 description = "List of ldap uids having access to this profile";
1041 };
1042 org = mkOption { type = str; description = "Taskd organisation"; };
1043 key = mkOption { type = str; description = "Taskd key"; };
1044 date = mkOption { type = str; description = "Preferred date format"; };
1045 };
1046 });
1047 };
1048 };
1049 };
1050 };
1051 ttrss = mkOption {
1052 description = "TT-RSS configuration";
1053 type = submodule {
1054 options = {
1055 postgresql = mkPsqlOptions "TT-RSS";
1056 ldap = mkLdapOptions "TT-RSS" {};
1057 };
1058 };
1059 };
1060 wallabag = mkOption {
1061 description = "Wallabag configuration";
1062 type = submodule {
1063 options = {
1064 postgresql = mkPsqlOptions "Wallabag";
1065 ldap = mkLdapOptions "Wallabag" {
1066 admin_filter = mkOption { type = str; description = "Admin users filter"; };
1067 };
1068 redis = mkRedisOptions "Wallabag";
1069 secret = mkOption { type = str; description = "App secret"; };
1070 };
1071 };
1072 };
1073 webhooks = mkOption {
1074 type = attrsOf str;
1075 description = "Mapping 'name'.php => script for webhooks";
1076 };
1077 csp_reports = mkOption {
1078 description = "CSP report configuration";
1079 type = submodule {
1080 options = {
1081 report_uri = mkOption { type = str; description = "URI to report CSP violations to"; };
1082 policies = mkOption { type = attrsOf str; description = "CSP policies to apply"; };
1083 };
1084 };
1085 };
1086 commento = mkOption {
1087 description = "Commento configuration";
1088 type = submodule {
1089 options = {
1090 listenPort = mkOption { type = port; description = "Port to listen to"; };
1091 postgresql = mkPsqlOptions "Commento";
1092 smtp = mkSmtpOptions "Commento";
1093 };
1094 };
1095 };
1096 cryptpad = mkOption {
1097 description = "Cryptpad configuration";
1098 type = submodule {
1099 options = {
1100 email = mkOption { type = str; description = "Admin e-mail"; };
1101 admins = mkOption { type = listOf str; description = "Instance admin public keys"; };
1102 port = mkOption { type = port; description = "Port to listen to"; };
1103 };
1104 };
1105 };
1106 ympd = mkOption {
1107 description = "Ympd configuration";
1108 type = submodule {
1109 options = {
1110 listenPort = mkOption { type = port; description = "Port to listen to"; };
1111 mpd = mkOption {
1112 description = "MPD configuration";
1113 type = submodule {
1114 options = {
1115 password = mkOption { type = str; description = "Password to access MPD host"; };
1116 host = mkOption { type = str; description = "Host for MPD"; };
1117 port = mkOption { type = port; description = "Port to access MPD host"; };
1118 };
1119 };
1120 };
1121 };
1122 };
1123 };
1124 umami = mkOption {
1125 description = "Umami configuration";
1126 type = submodule {
1127 options = {
1128 listenPort = mkOption { type = port; description = "Port to listen to"; };
1129 postgresql = mkPsqlOptions "Umami";
1130 hashSalt = mkOption { type = str; description = "Hash salt"; };
1131 };
1132 };
1133 };
1134 yourls = mkOption {
1135 description = "Yourls configuration";
1136 type = submodule {
1137 options = {
1138 mysql = mkMysqlOptions "Yourls" {};
1139 ldap = mkLdapOptions "Yourls" {};
1140 cookieKey = mkOption { type = str; description = "Cookie key"; };
1141 };
1142 };
1143 };
1144 };
1145 };
1146 };
1a64deeb
IB		 1147 };
1148 options.hostEnv = mkOption {
1149 readOnly = true;
1150 type = hostEnv;
1151 default = config.myEnv.servers."${name}";
1152 description = "Host environment";
1153 };
1154 };
1155 };
1156}
My infrastructure configuration