]>
Commit | Line | Data |
---|---|---|
1a64deeb IB |
1 | { |
2 | outputs = { self }: { | |
3 | nixosModule = self.nixosModules.environment; | |
4 | nixosModules.environment = { config, lib, name, ... }: | |
5 | with lib; | |
6 | with types; | |
7 | with lists; | |
8 | let | |
9 | ldapOptions = { | |
10 | base = mkOption { description = "Base of the LDAP tree"; type = str; }; | |
11 | host = mkOption { description = "Host to access LDAP"; type = str; }; | |
12 | root_dn = mkOption { description = "DN of the root user"; type = str; }; | |
13 | root_pw = mkOption { description = "Hashed password of the root user"; type = str; }; | |
14 | replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; }; | |
15 | replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; }; | |
16 | }; | |
17 | mkLdapOptions = name: more: mkOption { | |
18 | description = "${name} LDAP configuration"; | |
19 | type = submodule { | |
20 | options = ldapOptions // { | |
21 | dn = mkOption { description = "DN of the ${name} user"; type = str; }; | |
22 | password = mkOption { description = "password of the ${name} user"; type = str; }; | |
23 | filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; }; | |
24 | } // more; | |
25 | }; | |
26 | }; | |
27 | mysqlOptions = { | |
28 | host = mkOption { description = "Host to access Mysql"; type = str; }; | |
29 | remoteHost = mkOption { description = "Host to access Mysql from outside"; type = str; }; | |
30 | port = mkOption { description = "Port to access Mysql"; type = int; }; | |
31 | socket = mkOption { description = "Socket to access Mysql"; type = path; }; | |
32 | systemUsers = mkOption { | |
33 | description = "Attrs of user-passwords allowed to access mysql"; | |
34 | type = attrsOf str; | |
35 | }; | |
36 | pam = mkOption { | |
37 | description = "PAM configuration for mysql"; | |
38 | type = submodule { | |
39 | options = { | |
40 | dn = mkOption { description = "DN to connect as to check users"; type = str; }; | |
41 | password = mkOption { description = "DN password to connect as to check users"; type = str; }; | |
42 | filter = mkOption { description = "filter to match users"; type = str; }; | |
43 | }; | |
44 | }; | |
45 | }; | |
46 | }; | |
47 | mkMysqlOptions = name: more: mkOption { | |
48 | description = "${name} mysql configuration"; | |
49 | type = submodule { | |
50 | options = mysqlOptions // { | |
51 | database = mkOption { description = "${name} database"; type = str; }; | |
52 | user = mkOption { description = "${name} user"; type = str; }; | |
53 | password = mkOption { description = "mysql password of the ${name} user"; type = str; }; | |
54 | } // more; | |
55 | }; | |
56 | }; | |
57 | psqlOptions = { | |
58 | host = mkOption { description = "Host to access Postgresql"; type = str; }; | |
59 | port = mkOption { description = "Port to access Postgresql"; type = str; }; | |
60 | socket = mkOption { description = "Socket to access Postgresql"; type = path; }; | |
61 | pam = mkOption { | |
62 | description = "PAM configuration for psql"; | |
63 | type = submodule { | |
64 | options = { | |
65 | dn = mkOption { description = "DN to connect as to check users"; type = str; }; | |
66 | password = mkOption { description = "DN password to connect as to check users"; type = str; }; | |
67 | filter = mkOption { description = "filter to match users"; type = str; }; | |
68 | }; | |
69 | }; | |
70 | }; | |
71 | }; | |
72 | mkPsqlOptions = name: mkOption { | |
73 | description = "${name} psql configuration"; | |
74 | type = submodule { | |
75 | options = psqlOptions // { | |
76 | database = mkOption { description = "${name} database"; type = str; }; | |
77 | schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; }; | |
78 | user = mkOption { description = "${name} user"; type = str; }; | |
79 | password = mkOption { description = "psql password of the ${name} user"; type = str; }; | |
80 | }; | |
81 | }; | |
82 | }; | |
83 | redisOptions = { | |
84 | host = mkOption { description = "Host to access Redis"; type = str; }; | |
85 | port = mkOption { description = "Port to access Redis"; type = str; }; | |
86 | socket = mkOption { description = "Socket to access Redis"; type = path; }; | |
87 | dbs = mkOption { | |
88 | description = "Attrs of db number. Each number should be unique to avoid collision!"; | |
89 | type = attrsOf str; | |
90 | }; | |
91 | spiped_key = mkOption { | |
92 | type = str; | |
93 | description = '' | |
94 | Key to use with spiped to make a secure channel to replication | |
95 | ''; | |
96 | }; | |
97 | predixy = mkOption { | |
98 | description = "Predixy configuration. Unused yet"; | |
99 | type = submodule { | |
100 | options = { | |
101 | read = mkOption { type = str; description = "Read password"; }; | |
102 | }; | |
103 | }; | |
104 | }; | |
105 | }; | |
106 | mkRedisOptions = name: mkOption { | |
107 | description = "${name} redis configuration"; | |
108 | type = submodule { | |
109 | options = redisOptions // { | |
110 | db = mkOption { description = "${name} database"; type = str; }; | |
111 | }; | |
112 | }; | |
113 | }; | |
114 | smtpOptions = { | |
115 | host = mkOption { description = "Host to access SMTP"; type = str; }; | |
116 | port = mkOption { description = "Port to access SMTP"; type = str; }; | |
117 | }; | |
118 | mkSmtpOptions = name: mkOption { | |
119 | description = "${name} smtp configuration"; | |
120 | type = submodule { | |
121 | options = smtpOptions // { | |
122 | email = mkOption { description = "${name} email"; type = str; }; | |
123 | password = mkOption { description = "SMTP password of the ${name} user"; type = str; }; | |
124 | }; | |
125 | }; | |
126 | }; | |
127 | hostEnv = submodule { | |
128 | options = { | |
129 | fqdn = mkOption { | |
130 | description = "Host FQDN"; | |
131 | type = str; | |
132 | }; | |
133 | hostKey = mkOption { | |
134 | type = nullOr str; | |
135 | default = null; | |
136 | description = '' | |
137 | ssh host key | |
138 | ''; | |
139 | }; | |
140 | isVm = mkEnableOption "The host is a vm"; | |
1a64deeb IB |
141 | emails = mkOption { |
142 | default = []; | |
143 | description = "List of e-mails that the server can be a sender of"; | |
144 | type = listOf str; | |
145 | }; | |
146 | ldap = mkOption { | |
147 | description = '' | |
148 | LDAP credentials for the host | |
149 | ''; | |
150 | type = submodule { | |
151 | options = { | |
152 | password = mkOption { type = str; description = "Password for the LDAP connection"; }; | |
153 | dn = mkOption { type = str; description = "DN for the LDAP connection"; }; | |
154 | }; | |
155 | }; | |
156 | }; | |
157 | mx = mkOption { | |
158 | description = "subdomain and priority for MX server"; | |
159 | default = { enable = false; }; | |
160 | type = submodule { | |
161 | options = { | |
162 | enable = mkEnableOption "Enable MX"; | |
163 | subdomain = mkOption { type = nullOr str; description = "Subdomain name (mx-*)"; }; | |
164 | priority = mkOption { type = nullOr int; description = "Priority"; }; | |
165 | }; | |
166 | }; | |
167 | }; | |
168 | ips = mkOption { | |
169 | description = '' | |
170 | attrs of ip4/ip6 grouped by section | |
171 | ''; | |
172 | type = attrsOf (submodule { | |
173 | options = { | |
174 | alias = mkOption { | |
175 | type = nullOr str; | |
176 | default = null; | |
177 | description = '' | |
178 | alias to use in DNS for that group | |
179 | ''; | |
180 | }; | |
181 | ip4 = mkOption { | |
182 | type = listOf str; | |
183 | default = []; | |
184 | description = '' | |
185 | ip4 addresses of the host | |
186 | ''; | |
187 | }; | |
188 | ip6 = mkOption { | |
189 | type = listOf str; | |
190 | default = []; | |
191 | description = '' | |
192 | ip6 addresses of the host | |
193 | ''; | |
194 | }; | |
195 | }; | |
196 | }); | |
197 | }; | |
198 | }; | |
199 | }; | |
200 | in | |
201 | { | |
202 | # Necessary for situations where flake gets included multiple times | |
203 | key = builtins.hashString "sha256" (builtins.path { path = self.sourceInfo.outPath; name = "source"; }); | |
204 | ||
205 | options.myEnv = { | |
206 | servers = mkOption { | |
207 | description = '' | |
208 | Attrs of servers information in the cluster (not necessarily handled by nixops) | |
209 | ''; | |
210 | default = {}; | |
211 | type = attrsOf hostEnv; | |
212 | }; | |
213 | hetznerCloud = mkOption { | |
214 | description = '' | |
215 | Hetzner Cloud credential information | |
216 | ''; | |
217 | type = submodule { | |
218 | options = { | |
219 | authToken = mkOption { | |
220 | type = str; | |
221 | description = '' | |
222 | The API auth token. | |
223 | ''; | |
224 | }; | |
225 | }; | |
226 | }; | |
227 | }; | |
228 | hetzner = mkOption { | |
229 | description = '' | |
230 | Hetzner credential information | |
231 | ''; | |
232 | type = submodule { | |
233 | options = { | |
234 | user = mkOption { type = str; description = "User"; }; | |
235 | pass = mkOption { type = str; description = "Password"; }; | |
236 | }; | |
237 | }; | |
238 | }; | |
239 | sshd = mkOption { | |
240 | description = '' | |
241 | sshd service credential information | |
242 | ''; | |
243 | type = submodule { | |
244 | options = { | |
245 | rootKeys = mkOption { type = attrsOf str; description = "Keys of root users"; }; | |
246 | ldap = mkOption { | |
247 | description = '' | |
248 | LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn | |
249 | ''; | |
250 | type = submodule { | |
251 | options = { | |
252 | password = mkOption { description = "Password"; type = str; }; | |
253 | }; | |
254 | }; | |
255 | }; | |
256 | psql = mkOption { | |
257 | description = '' | |
258 | PSQL credentials for immae_auth_read | |
259 | ''; | |
260 | type = submodule { | |
261 | options = { | |
262 | password = mkOption { description = "Password"; type = str; }; | |
263 | }; | |
264 | }; | |
265 | }; | |
266 | }; | |
267 | }; | |
268 | }; | |
269 | ports = mkOption { | |
270 | description = '' | |
271 | non-standard reserved ports. Must be unique! | |
272 | ''; | |
273 | type = attrsOf port; | |
274 | default = {}; | |
275 | apply = let | |
276 | noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x)); | |
277 | in | |
278 | x: if isAttrs x && noDupl x then x else throw "Non unique values for ports"; | |
279 | }; | |
280 | httpd = mkOption { | |
281 | description = '' | |
282 | httpd service credential information | |
283 | ''; | |
284 | type = submodule { | |
285 | options = { | |
286 | ldap = mkOption { | |
287 | description = '' | |
288 | LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn | |
289 | ''; | |
290 | type = submodule { | |
291 | options = { | |
292 | password = mkOption { description = "Password"; type = str; }; | |
293 | }; | |
294 | }; | |
295 | }; | |
296 | }; | |
297 | }; | |
298 | }; | |
299 | smtp = mkOption { | |
300 | type = submodule { options = smtpOptions; }; | |
301 | description = "SMTP configuration"; | |
302 | }; | |
303 | ldap = mkOption { | |
304 | description = '' | |
305 | LDAP server configuration | |
306 | ''; | |
307 | type = submodule { | |
308 | options = ldapOptions; | |
309 | }; | |
310 | }; | |
311 | databases = mkOption { | |
312 | description = "Databases configuration"; | |
313 | type = submodule { | |
314 | options = { | |
315 | mysql = mkOption { | |
316 | type = submodule { options = mysqlOptions; }; | |
317 | description = "Mysql configuration"; | |
318 | }; | |
319 | redis = mkOption { | |
320 | type = submodule { options = redisOptions; }; | |
321 | description = "Redis configuration"; | |
322 | }; | |
323 | postgresql = mkOption { | |
324 | type = submodule { options = psqlOptions; }; | |
325 | description = "Postgresql configuration"; | |
326 | }; | |
327 | }; | |
328 | }; | |
329 | }; | |
330 | jabber = mkOption { | |
331 | description = "Jabber configuration"; | |
332 | type = submodule { | |
333 | options = { | |
334 | postfix_user_filter = mkOption { type = str; description = "Postfix filter to get xmpp users"; }; | |
335 | ldap = mkLdapOptions "Jabber" {}; | |
336 | postgresql = mkPsqlOptions "Jabber"; | |
337 | }; | |
338 | }; | |
339 | }; | |
1a64deeb IB |
340 | users = mkOption { |
341 | description = "System and regular users uid/gid"; | |
342 | type = attrsOf (submodule { | |
343 | options = { | |
344 | uid = mkOption { | |
345 | description = "user uid"; | |
346 | type = int; | |
347 | }; | |
348 | gid = mkOption { | |
349 | description = "user gid"; | |
350 | type = int; | |
351 | }; | |
352 | }; | |
353 | }); | |
354 | }; | |
355 | dns = mkOption { | |
356 | description = "DNS configuration"; | |
357 | type = submodule { | |
358 | options = { | |
359 | ns = mkOption { | |
360 | description = "Attrs of NS servers group"; | |
361 | example = { | |
362 | foo = { | |
363 | "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ]; | |
364 | "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ]; | |
365 | }; | |
366 | }; | |
367 | type = attrsOf (attrsOf (listOf str)); | |
368 | }; | |
369 | }; | |
370 | }; | |
371 | }; | |
1c90c0dd IB |
372 | borg_backup = mkOption { |
373 | description = '' | |
374 | Remote backup with borg/borgmatic | |
375 | ''; | |
376 | type = submodule { | |
377 | options = { | |
378 | password = mkOption { type = str; description = "Password for encrypting files"; }; | |
379 | remotes = mkOption { | |
380 | type = attrsOf (submodule { | |
381 | options = { | |
382 | remote = mkOption { | |
fbf4b741 | 383 | type = functionTo (functionTo str); |
1c90c0dd IB |
384 | example = literalExample '' |
385 | bucket: "ssh://some_host/${bucket}"; | |
386 | ''; | |
387 | description = '' | |
388 | Function. | |
389 | Takes a bucket name as argument and returns a url | |
390 | ''; | |
391 | }; | |
392 | sshRsyncPort = mkOption { type = str; default = "22"; description = "SSH port"; }; | |
393 | sshRsyncHost = mkOption { type = nullOr str; default = null; description = "SSH host"; }; | |
394 | ||
395 | sshKnownHosts = mkOption { type = nullOr str; default = null; description = "Ssh known hosts"; }; | |
396 | }; | |
397 | }); | |
398 | }; | |
399 | }; | |
400 | }; | |
401 | }; | |
1a64deeb IB |
402 | backup = mkOption { |
403 | description = '' | |
404 | Remote backup with duplicity | |
405 | ''; | |
406 | type = submodule { | |
407 | options = { | |
408 | password = mkOption { type = str; description = "Password for encrypting files"; }; | |
409 | remotes = mkOption { | |
410 | type = attrsOf (submodule { | |
411 | options = { | |
1c90c0dd IB |
412 | remote_type = mkOption { |
413 | type = enum [ "s3" "rsync" ]; | |
414 | }; | |
1a64deeb IB |
415 | remote = mkOption { |
416 | type = functionTo str; | |
417 | example = literalExample '' | |
418 | bucket: "s3://some_host/${bucket}"; | |
419 | ''; | |
420 | description = '' | |
421 | Function. | |
422 | Takes a bucket name as argument and returns a url | |
423 | ''; | |
424 | }; | |
1c90c0dd IB |
425 | sshRsyncPort = mkOption { type = str; default = "22"; description = "SSH port for rsync"; }; |
426 | sshRsyncHost = mkOption { type = nullOr str; default = null; description = "SSH host for rsync"; }; | |
427 | ||
428 | sshKnownHosts = mkOption { type = nullOr str; default = null; description = "Ssh known hosts"; }; | |
429 | s3AccessKeyId = mkOption { type = nullOr str; default = null; description = "Remote access-key"; }; | |
430 | s3SecretAccessKey = mkOption { type = nullOr str; default = null; description = "Remote access secret"; }; | |
1a64deeb IB |
431 | }; |
432 | }); | |
433 | }; | |
434 | }; | |
435 | }; | |
436 | }; | |
437 | zrepl_backup = mkOption { | |
438 | type = submodule { | |
439 | options = { | |
440 | ssh_key = mkOption { | |
441 | description = "SSH key information"; | |
442 | type = submodule { | |
443 | options = { | |
444 | public = mkOption { type = str; description = "Public part of the key"; }; | |
445 | private = mkOption { type = lines; description = "Private part of the key"; }; | |
446 | }; | |
447 | }; | |
448 | }; | |
449 | mysql = mkMysqlOptions "Zrepl" {}; | |
450 | certs = mkOption { | |
451 | description = "Certificates"; | |
452 | type = attrsOf (submodule { | |
453 | options = { | |
454 | key = mkOption { type = str; description = "Key"; }; | |
455 | certificate = mkOption { type = str; description = "Certificate"; }; | |
456 | }; | |
457 | }); | |
458 | }; | |
459 | }; | |
460 | }; | |
461 | }; | |
462 | rsync_backup = mkOption { | |
463 | description ='' | |
464 | Rsync backup configuration from controlled host | |
465 | ''; | |
466 | type = submodule { | |
467 | options = { | |
468 | ssh_key = mkOption { | |
469 | description = "SSH key information"; | |
470 | type = submodule { | |
471 | options = { | |
472 | public = mkOption { type = str; description = "Public part of the key"; }; | |
473 | private = mkOption { type = lines; description = "Private part of the key"; }; | |
474 | }; | |
475 | }; | |
476 | }; | |
477 | profiles = mkOption { | |
478 | description = "Attrs of profiles to backup"; | |
479 | default = {}; | |
480 | type = attrsOf (submodule { | |
481 | options = { | |
482 | keep = mkOption { type = int; description = "Number of backups to keep"; }; | |
483 | check_command = mkOption { type = str; description = "command to check if backup needs to be done"; default = "backup"; }; | |
484 | login = mkOption { type = str; description = "Login to connect to host"; }; | |
485 | port = mkOption { type = str; default = "22"; description = "Port to connect to host"; }; | |
486 | host = mkOption { type = str; description = "Host to connect to"; }; | |
487 | host_key = mkOption { type = str; description = "Host key"; }; | |
488 | host_key_type = mkOption { type = str; description = "Host key type"; }; | |
489 | parts = mkOption { | |
490 | description = "Parts to backup for this host"; | |
491 | type = attrsOf (submodule { | |
492 | options = { | |
493 | remote_folder = mkOption { type = path; description = "Remote folder to backup";}; | |
494 | exclude_from = mkOption { | |
495 | type = listOf path; | |
496 | default = []; | |
497 | description = "List of folders/files to exclude from the backup"; | |
498 | }; | |
499 | files_from = mkOption { | |
500 | type = listOf path; | |
501 | default = []; | |
502 | description = "List of folders/files to backup in the base folder"; | |
503 | }; | |
504 | args = mkOption { | |
505 | type = nullOr str; | |
506 | default = null; | |
507 | description = "Extra arguments to pass to rsync"; | |
508 | }; | |
509 | }; | |
510 | }); | |
511 | }; | |
512 | }; | |
513 | }); | |
514 | }; | |
515 | }; | |
516 | }; | |
517 | }; | |
518 | monitoring = mkOption { | |
519 | description = "Monitoring configuration"; | |
520 | type = submodule { | |
521 | options = { | |
522 | status_url = mkOption { type = str; description = "URL to push status to"; }; | |
523 | status_token = mkOption { type = str; description = "Token for the status url"; }; | |
524 | http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; }; | |
525 | email = mkOption { type = str; description = "Admin E-mail"; }; | |
526 | ssh_public_key = mkOption { type = str; description = "SSH public key"; }; | |
527 | ssh_secret_key = mkOption { type = str; description = "SSH secret key"; }; | |
528 | imap_login = mkOption { type = str; description = "IMAP login"; }; | |
529 | imap_password = mkOption { type = str; description = "IMAP password"; }; | |
530 | eriomem_keys = mkOption { type = listOf (listOf str); description = "Eriomem keys"; default = []; }; | |
531 | ovh_sms = mkOption { | |
532 | description = "OVH credentials for sms script"; | |
533 | type = submodule { | |
534 | options = { | |
535 | endpoint = mkOption { type = str; default = "ovh-eu"; description = "OVH endpoint"; }; | |
536 | application_key = mkOption { type = str; description = "Application key"; }; | |
537 | application_secret = mkOption { type = str; description = "Application secret"; }; | |
538 | consumer_key = mkOption { type = str; description = "Consumer key"; }; | |
539 | account = mkOption { type = str; description = "Account"; }; | |
540 | }; | |
541 | }; | |
542 | }; | |
543 | nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; }; | |
544 | apprise_urls = mkOption { type = str; description = "Apprise space-separated urls to push status update"; }; | |
545 | netdata_aggregator = mkOption { type = str; description = "Url where netdata information should be sent"; }; | |
546 | netdata_keys = mkOption { type = attrsOf str; description = "netdata host keys"; }; | |
547 | immae_contact = mkOption { type = str; description = "Immae Contact e-mail"; }; | |
548 | email_check = mkOption { | |
549 | description = "Emails services to check"; | |
550 | type = attrsOf (submodule { | |
551 | options = { | |
552 | local = mkOption { type = bool; default = false; description = "Use local configuration"; }; | |
553 | port = mkOption { type = nullOr str; default = null; description = "Port to connect to ssh"; }; | |
554 | login = mkOption { type = nullOr str; default = null; description = "Login to connect to ssh"; }; | |
555 | targets = mkOption { type = listOf str; description = "Hosts to send E-mails to"; }; | |
556 | mail_address = mkOption { type = nullOr str; default = null; description = "E-mail recipient part to send e-mail to"; }; | |
557 | mail_domain = mkOption { type = nullOr str; default = null; description = "E-mail domain part to send e-mail to"; }; | |
558 | }; | |
559 | }); | |
560 | }; | |
561 | }; | |
562 | }; | |
563 | }; | |
564 | mpd = mkOption { | |
565 | description = "MPD configuration"; | |
566 | type = submodule { | |
567 | options = { | |
568 | folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; }; | |
569 | password = mkOption { type = str; description = "Password to connect to the MPD instance"; }; | |
570 | host = mkOption { type = str; description = "Host to connect to the MPD instance"; }; | |
571 | port = mkOption { type = str; description = "Port to connect to the MPD instance"; }; | |
572 | }; | |
573 | }; | |
574 | }; | |
575 | ftp = mkOption { | |
576 | description = "FTP configuration"; | |
577 | type = submodule { | |
578 | options = { | |
579 | ldap = mkLdapOptions "FTP" { | |
580 | proftpd_filter = mkOption { type = str; description = "Filter for proftpd listing in LDAP"; }; | |
581 | pure-ftpd_filter = mkOption { type = str; description = "Filter for pure-ftpd listing in LDAP"; }; | |
582 | }; | |
583 | }; | |
584 | }; | |
585 | }; | |
586 | vpn = mkOption { | |
587 | description = "VPN configuration"; | |
588 | type = attrsOf (submodule { | |
589 | options = { | |
590 | prefix = mkOption { type = str; description = "ipv6 prefix for the vpn subnet"; }; | |
591 | privateKey = mkOption { type = str; description = "Private key for the host"; }; | |
592 | publicKey = mkOption { type = str; description = "Public key for the host"; }; | |
593 | }; | |
594 | }); | |
595 | }; | |
596 | mail = mkOption { | |
597 | description = "Mail configuration"; | |
598 | type = submodule { | |
599 | options = { | |
600 | dmarc = mkOption { | |
601 | description = "DMARC configuration"; | |
602 | type = submodule { | |
603 | options = { | |
604 | ignore_hosts = mkOption { | |
605 | type = lines; | |
606 | description = '' | |
607 | Hosts to ignore when checking for dmarc | |
608 | ''; | |
609 | }; | |
610 | }; | |
611 | }; | |
612 | }; | |
613 | dkim = mkOption { | |
614 | description = "DKIM configuration"; | |
615 | type = attrsOf (submodule { | |
616 | options = { | |
617 | public = mkOption { | |
618 | type = attrsOf str; | |
619 | example = literalExample '' | |
620 | { | |
621 | v = "DKIM1"; | |
622 | k = "rsa"; | |
623 | p = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB"; | |
624 | } | |
625 | ''; | |
626 | description = "Public entry to put in DNS TXT field"; | |
627 | }; | |
628 | private = mkOption { type = nullOr str; default = null; description = "Private key"; }; | |
629 | }; | |
630 | }); | |
631 | }; | |
632 | postfix = mkOption { | |
633 | description = "Postfix configuration"; | |
634 | type = submodule { | |
635 | options = { | |
636 | mysql = mkMysqlOptions "Postfix" { | |
637 | password_encrypt = mkOption { type = str; description = "Key to encrypt relay password in database"; }; | |
638 | }; | |
639 | admins = mkOption { | |
640 | description = '' | |
641 | List of admins meant to receive common aliases | |
642 | ''; | |
643 | type = listOf str; | |
644 | }; | |
645 | common_aliases = mkOption { | |
646 | description = '' | |
647 | List of aliases common to all hosts, to forward to admins | |
648 | ''; | |
649 | type = listOf str; | |
650 | }; | |
651 | other_aliases = mkOption { | |
652 | description = '' | |
653 | Other list of aliases, to forward to admins | |
654 | ''; | |
655 | type = listOf str; | |
656 | }; | |
657 | }; | |
658 | }; | |
659 | }; | |
660 | dovecot = mkOption { | |
661 | description = "Dovecot configuration"; | |
662 | type = submodule { | |
663 | options = { | |
1cf1f916 | 664 | mysql = mkMysqlOptions "Dovecot" {}; |
1a64deeb IB |
665 | ldap = mkLdapOptions "Dovecot" { |
666 | pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; }; | |
667 | user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; }; | |
668 | iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; }; | |
669 | iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; }; | |
670 | postfix_mailbox_filter = mkOption { type = str; description = "Postfix filter to get mailboxes"; }; | |
671 | }; | |
672 | }; | |
673 | }; | |
674 | }; | |
675 | rspamd = mkOption { | |
676 | description = "rspamd configuration"; | |
677 | type = submodule { | |
678 | options = { | |
679 | redis = mkRedisOptions "Redis"; | |
680 | read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; }; | |
681 | write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; }; | |
682 | read_password = mkOption { | |
683 | type = str; | |
684 | description = "Read password for rspamd. Unused"; | |
685 | apply = x: ""; | |
686 | }; | |
687 | write_password = mkOption { | |
688 | type = str; | |
689 | description = "Write password for rspamd. Unused"; | |
690 | apply = x: ""; | |
691 | }; | |
692 | }; | |
693 | }; | |
694 | }; | |
695 | sympa = mkOption { | |
696 | description = "Sympa configuration"; | |
697 | type = submodule { | |
698 | options = { | |
699 | listmasters = mkOption { | |
700 | type = listOf str; | |
701 | description = "Listmasters"; | |
702 | }; | |
703 | postgresql = mkPsqlOptions "Sympa"; | |
704 | data_sources = mkOption { | |
705 | type = attrsOf str; | |
706 | default = {}; | |
707 | description = "Data sources to make available to sympa"; | |
708 | }; | |
709 | scenari = mkOption { | |
710 | type = attrsOf str; | |
711 | default = {}; | |
712 | description = "Scenari to make available to sympa"; | |
713 | }; | |
714 | }; | |
715 | }; | |
716 | }; | |
717 | }; | |
718 | }; | |
719 | }; | |
720 | coturn = mkOption { | |
721 | description = "Coturn configuration"; | |
722 | type = submodule { | |
723 | options = { | |
724 | auth_access_key = mkOption { type = str; description = "key to access coturn"; }; | |
725 | }; | |
726 | }; | |
727 | }; | |
728 | buildbot = mkOption { | |
729 | description = "Buildbot configuration"; | |
730 | type = submodule { | |
731 | options = { | |
732 | ssh_key = mkOption { | |
733 | description = "SSH key information"; | |
734 | type = submodule { | |
735 | options = { | |
736 | public = mkOption { type = str; description = "Public part of the key"; }; | |
737 | private = mkOption { type = lines; description = "Private part of the key"; }; | |
738 | }; | |
739 | }; | |
740 | }; | |
741 | workerPassword = mkOption { description = "Buildbot worker password"; type = str; }; | |
742 | user = mkOption { | |
743 | description = "Buildbot user"; | |
744 | type = submodule { | |
745 | options = { | |
746 | uid = mkOption { | |
747 | description = "user uid"; | |
748 | type = int; | |
749 | }; | |
750 | gid = mkOption { | |
751 | description = "user gid"; | |
752 | type = int; | |
753 | }; | |
754 | }; | |
755 | }; | |
756 | }; | |
757 | ldap = mkOption { | |
758 | description = "Ldap configuration for buildbot"; | |
759 | type = submodule { | |
760 | options = { | |
761 | password = mkOption { type = str; description = "Buildbot password"; }; | |
762 | }; | |
763 | }; | |
764 | }; | |
765 | projects = mkOption { | |
766 | description = "Projects to make a buildbot for"; | |
767 | type = attrsOf (submodule { | |
768 | options = { | |
769 | name = mkOption { type = str; description = "Project name"; }; | |
770 | src = mkOption { type = path; description = "source of the project configuration"; }; | |
771 | packages = mkOption { | |
772 | type = listOf package; | |
773 | example = literalExample '' | |
774 | [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ]; | |
775 | ''; | |
776 | description = '' | |
777 | Builds packages list to make available to buildbot project. | |
778 | ''; | |
779 | }; | |
780 | pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; }; | |
781 | workerPort = mkOption { type = port; description = "Port for the worker"; }; | |
782 | secrets = mkOption { | |
783 | type = attrsOf lines; | |
784 | description = "Secrets for the project to dump as files"; | |
785 | }; | |
786 | secretsDeps = mkOption { | |
787 | type = listOf package; | |
788 | default = []; | |
789 | description = "Dependencies of file that will land in secrets"; | |
790 | }; | |
791 | environment = mkOption { | |
792 | type = attrsOf str; | |
793 | description = '' | |
794 | Environment variables for the project. | |
795 | BUILDBOT_ is prefixed to the variable names | |
796 | ''; | |
797 | }; | |
798 | activationScript = mkOption { | |
799 | type = lines; | |
800 | description = '' | |
801 | Activation script to run during deployment | |
802 | ''; | |
803 | }; | |
804 | webhookTokens = mkOption { | |
805 | type = nullOr (listOf str); | |
806 | default = null; | |
807 | description = '' | |
808 | List of tokens allowed to push to project’s change_hook/base endpoint | |
809 | ''; | |
810 | }; | |
811 | }; | |
812 | }); | |
813 | }; | |
814 | }; | |
815 | }; | |
816 | }; | |
817 | tools = mkOption { | |
818 | description = "Tools configurations"; | |
819 | type = submodule { | |
820 | options = { | |
821 | contact = mkOption { type = str; description = "Contact e-mail address"; }; | |
822 | assets = mkOption { | |
823 | default = {}; | |
824 | type = attrsOf (submodule { | |
825 | options = { | |
826 | assetType = mkOption { type = enum ["tgz" "url" "googleFont"]; default = "url"; description = "Type of asset"; }; | |
827 | tgzRemoveComponents = mkOption { type = int; default = 0; description = "Remove components when extracting"; }; | |
828 | url = mkOption { type = str; description = "URL to fetch"; }; | |
829 | sha256 = mkOption { type = str; description = "Hash of the url"; }; | |
830 | }; | |
831 | }); | |
832 | description = "Assets to provide on assets.immae.eu"; | |
833 | }; | |
834 | davical = mkOption { | |
835 | description = "Davical configuration"; | |
836 | type = submodule { | |
837 | options = { | |
838 | postgresql = mkPsqlOptions "Davical"; | |
839 | ldap = mkLdapOptions "Davical" {}; | |
840 | }; | |
841 | }; | |
842 | }; | |
843 | diaspora = mkOption { | |
844 | description = "Diaspora configuration"; | |
845 | type = submodule { | |
846 | options = { | |
847 | postgresql = mkPsqlOptions "Diaspora"; | |
848 | redis = mkRedisOptions "Diaspora"; | |
849 | ldap = mkLdapOptions "Diaspora" {}; | |
850 | secret_token = mkOption { type = str; description = "Secret token"; }; | |
851 | }; | |
852 | }; | |
853 | }; | |
854 | dmarc_reports = mkOption { | |
855 | description = "DMARC reports configuration"; | |
856 | type = submodule { | |
857 | options = { | |
858 | mysql = mkMysqlOptions "DMARC" {}; | |
859 | anonymous_key = mkOption { type = str; description = "Anonymous hashing key"; }; | |
860 | }; | |
861 | }; | |
862 | }; | |
863 | etherpad-lite = mkOption { | |
864 | description = "Etherpad configuration"; | |
865 | type = submodule { | |
866 | options = { | |
867 | postgresql = mkPsqlOptions "Etherpad"; | |
868 | ldap = mkLdapOptions "Etherpad" { | |
869 | group_filter = mkOption { type = str; description = "Filter for groups"; }; | |
870 | }; | |
871 | adminPassword = mkOption { type = str; description = "Admin password for mypads / admin"; }; | |
872 | session_key = mkOption { type = str; description = "Session key"; }; | |
873 | api_key = mkOption { type = str; description = "API key"; }; | |
874 | }; | |
875 | }; | |
876 | }; | |
877 | gitolite = mkOption { | |
878 | description = "Gitolite configuration"; | |
879 | type = submodule { | |
880 | options = { | |
881 | ldap = mkLdapOptions "Gitolite" {}; | |
882 | ssh_key = mkOption { | |
883 | description = "SSH key information"; | |
884 | type = submodule { | |
885 | options = { | |
886 | public = mkOption { type = str; description = "Public part of the key"; }; | |
887 | private = mkOption { type = lines; description = "Private part of the key"; }; | |
888 | }; | |
889 | }; | |
890 | }; | |
891 | }; | |
892 | }; | |
893 | }; | |
894 | landing = mkOption { | |
895 | description = "Landing configuration"; | |
896 | type = submodule { | |
897 | options = { | |
898 | postgresql = mkPsqlOptions "Landing"; | |
899 | }; | |
900 | }; | |
901 | }; | |
902 | kanboard = mkOption { | |
903 | description = "Kanboard configuration"; | |
904 | type = submodule { | |
905 | options = { | |
906 | postgresql = mkPsqlOptions "Kanboard"; | |
907 | ldap = mkLdapOptions "Kanboard" { | |
908 | admin_dn = mkOption { type = str; description = "Admin DN"; }; | |
909 | }; | |
910 | }; | |
911 | }; | |
912 | }; | |
913 | mantisbt = mkOption { | |
914 | description = "Mantisbt configuration"; | |
915 | type = submodule { | |
916 | options = { | |
917 | postgresql = mkPsqlOptions "Mantisbt"; | |
918 | ldap = mkLdapOptions "Mantisbt" {}; | |
919 | master_salt = mkOption { type = str; description = "Master salt for password hash"; }; | |
920 | }; | |
921 | }; | |
922 | }; | |
923 | mastodon = mkOption { | |
924 | description = "Mastodon configuration"; | |
925 | type = submodule { | |
926 | options = { | |
927 | postgresql = mkPsqlOptions "Mastodon"; | |
928 | redis = mkRedisOptions "Mastodon"; | |
929 | ldap = mkLdapOptions "Mastodon" {}; | |
930 | paperclip_secret = mkOption { type = str; description = "Paperclip secret"; }; | |
931 | otp_secret = mkOption { type = str; description = "OTP secret"; }; | |
932 | secret_key_base = mkOption { type = str; description = "Secret key base"; }; | |
933 | vapid = mkOption { | |
934 | description = "vapid key"; | |
935 | type = submodule { | |
936 | options = { | |
937 | private = mkOption { type = str; description = "Private key"; }; | |
938 | public = mkOption { type = str; description = "Public key"; }; | |
939 | }; | |
940 | }; | |
941 | }; | |
942 | }; | |
943 | }; | |
944 | }; | |
945 | mediagoblin = mkOption { | |
946 | description = "Mediagoblin configuration"; | |
947 | type = submodule { | |
948 | options = { | |
949 | postgresql = mkPsqlOptions "Mediagoblin"; | |
950 | redis = mkRedisOptions "Mediagoblin"; | |
951 | ldap = mkLdapOptions "Mediagoblin" {}; | |
952 | }; | |
953 | }; | |
954 | }; | |
955 | nextcloud = mkOption { | |
956 | description = "Nextcloud configuration"; | |
957 | type = submodule { | |
958 | options = { | |
959 | postgresql = mkPsqlOptions "Nextcloud"; | |
960 | redis = mkRedisOptions "Nextcloud"; | |
961 | password_salt = mkOption { type = str; description = "Password salt"; }; | |
962 | instance_id = mkOption { type = str; description = "Instance ID"; }; | |
963 | secret = mkOption { type = str; description = "App secret"; }; | |
964 | }; | |
965 | }; | |
966 | }; | |
967 | peertube = mkOption { | |
968 | description = "Peertube configuration"; | |
969 | type = submodule { | |
970 | options = { | |
971 | listenPort = mkOption { type = port; description = "Port to listen to"; }; | |
972 | postgresql = mkPsqlOptions "Peertube"; | |
973 | redis = mkRedisOptions "Peertube"; | |
974 | ldap = mkLdapOptions "Peertube" {}; | |
975 | }; | |
976 | }; | |
977 | }; | |
978 | phpldapadmin = mkOption { | |
979 | description = "phpLdapAdmin configuration"; | |
980 | type = submodule { | |
981 | options = { | |
982 | ldap = mkLdapOptions "phpldapadmin" {}; | |
983 | }; | |
984 | }; | |
985 | }; | |
986 | rompr = mkOption { | |
987 | description = "Rompr configuration"; | |
988 | type = submodule { | |
989 | options = { | |
990 | mpd = mkOption { | |
991 | description = "MPD configuration"; | |
992 | type = submodule { | |
993 | options = { | |
994 | host = mkOption { type = str; description = "Host for MPD"; }; | |
995 | port = mkOption { type = port; description = "Port to access MPD host"; }; | |
996 | }; | |
997 | }; | |
998 | }; | |
999 | }; | |
1000 | }; | |
1001 | }; | |
1002 | roundcubemail = mkOption { | |
1003 | description = "Roundcubemail configuration"; | |
1004 | type = submodule { | |
1005 | options = { | |
1006 | postgresql = mkPsqlOptions "TT-RSS"; | |
1007 | secret = mkOption { type = str; description = "Secret"; }; | |
1008 | }; | |
1009 | }; | |
1010 | }; | |
1011 | shaarli = mkOption { | |
1012 | description = "Shaarli configuration"; | |
1013 | type = submodule { | |
1014 | options = { | |
1015 | ldap = mkLdapOptions "Shaarli" {}; | |
1016 | }; | |
1017 | }; | |
1018 | }; | |
1019 | status_engine = mkOption { | |
1020 | description = "Status Engine configuration"; | |
1021 | type = submodule { | |
1022 | options = { | |
1023 | mysql = mkMysqlOptions "StatusEngine" {}; | |
1024 | ldap = mkLdapOptions "StatusEngine" {}; | |
1025 | }; | |
1026 | }; | |
1027 | }; | |
1028 | task = mkOption { | |
1029 | description = "Taskwarrior configuration"; | |
1030 | type = submodule { | |
1031 | options = { | |
1032 | ldap = mkLdapOptions "Taskwarrior" {}; | |
1033 | taskwarrior-web = mkOption { | |
1034 | description = "taskwarrior-web profiles"; | |
1035 | default = {}; | |
1036 | type = attrsOf (submodule { | |
1037 | options = { | |
1038 | uid = mkOption { | |
1039 | type = listOf str; | |
1040 | description = "List of ldap uids having access to this profile"; | |
1041 | }; | |
1042 | org = mkOption { type = str; description = "Taskd organisation"; }; | |
1043 | key = mkOption { type = str; description = "Taskd key"; }; | |
1044 | date = mkOption { type = str; description = "Preferred date format"; }; | |
1045 | }; | |
1046 | }); | |
1047 | }; | |
1048 | }; | |
1049 | }; | |
1050 | }; | |
1051 | ttrss = mkOption { | |
1052 | description = "TT-RSS configuration"; | |
1053 | type = submodule { | |
1054 | options = { | |
1055 | postgresql = mkPsqlOptions "TT-RSS"; | |
1056 | ldap = mkLdapOptions "TT-RSS" {}; | |
1057 | }; | |
1058 | }; | |
1059 | }; | |
1060 | wallabag = mkOption { | |
1061 | description = "Wallabag configuration"; | |
1062 | type = submodule { | |
1063 | options = { | |
1064 | postgresql = mkPsqlOptions "Wallabag"; | |
1065 | ldap = mkLdapOptions "Wallabag" { | |
1066 | admin_filter = mkOption { type = str; description = "Admin users filter"; }; | |
1067 | }; | |
1068 | redis = mkRedisOptions "Wallabag"; | |
1069 | secret = mkOption { type = str; description = "App secret"; }; | |
1070 | }; | |
1071 | }; | |
1072 | }; | |
1073 | webhooks = mkOption { | |
1074 | type = attrsOf str; | |
1075 | description = "Mapping 'name'.php => script for webhooks"; | |
1076 | }; | |
1077 | csp_reports = mkOption { | |
1078 | description = "CSP report configuration"; | |
1079 | type = submodule { | |
1080 | options = { | |
1081 | report_uri = mkOption { type = str; description = "URI to report CSP violations to"; }; | |
1082 | policies = mkOption { type = attrsOf str; description = "CSP policies to apply"; }; | |
1083 | }; | |
1084 | }; | |
1085 | }; | |
1086 | commento = mkOption { | |
1087 | description = "Commento configuration"; | |
1088 | type = submodule { | |
1089 | options = { | |
1090 | listenPort = mkOption { type = port; description = "Port to listen to"; }; | |
1091 | postgresql = mkPsqlOptions "Commento"; | |
1092 | smtp = mkSmtpOptions "Commento"; | |
1093 | }; | |
1094 | }; | |
1095 | }; | |
1096 | cryptpad = mkOption { | |
1097 | description = "Cryptpad configuration"; | |
1098 | type = submodule { | |
1099 | options = { | |
1100 | email = mkOption { type = str; description = "Admin e-mail"; }; | |
1101 | admins = mkOption { type = listOf str; description = "Instance admin public keys"; }; | |
1102 | port = mkOption { type = port; description = "Port to listen to"; }; | |
1103 | }; | |
1104 | }; | |
1105 | }; | |
1106 | ympd = mkOption { | |
1107 | description = "Ympd configuration"; | |
1108 | type = submodule { | |
1109 | options = { | |
1110 | listenPort = mkOption { type = port; description = "Port to listen to"; }; | |
1111 | mpd = mkOption { | |
1112 | description = "MPD configuration"; | |
1113 | type = submodule { | |
1114 | options = { | |
1115 | password = mkOption { type = str; description = "Password to access MPD host"; }; | |
1116 | host = mkOption { type = str; description = "Host for MPD"; }; | |
1117 | port = mkOption { type = port; description = "Port to access MPD host"; }; | |
1118 | }; | |
1119 | }; | |
1120 | }; | |
1121 | }; | |
1122 | }; | |
1123 | }; | |
1124 | umami = mkOption { | |
1125 | description = "Umami configuration"; | |
1126 | type = submodule { | |
1127 | options = { | |
1128 | listenPort = mkOption { type = port; description = "Port to listen to"; }; | |
1129 | postgresql = mkPsqlOptions "Umami"; | |
1130 | hashSalt = mkOption { type = str; description = "Hash salt"; }; | |
1131 | }; | |
1132 | }; | |
1133 | }; | |
1134 | yourls = mkOption { | |
1135 | description = "Yourls configuration"; | |
1136 | type = submodule { | |
1137 | options = { | |
1138 | mysql = mkMysqlOptions "Yourls" {}; | |
1139 | ldap = mkLdapOptions "Yourls" {}; | |
1140 | cookieKey = mkOption { type = str; description = "Cookie key"; }; | |
1141 | }; | |
1142 | }; | |
1143 | }; | |
1144 | }; | |
1145 | }; | |
1146 | }; | |
1a64deeb IB |
1147 | }; |
1148 | options.hostEnv = mkOption { | |
1149 | readOnly = true; | |
1150 | type = hostEnv; | |
1151 | default = config.myEnv.servers."${name}"; | |
1152 | description = "Host environment"; | |
1153 | }; | |
1154 | }; | |
1155 | }; | |
1156 | } |