]> git.immae.eu Git - perso/Immae/Config/Nix.git/blame - modules/private/environment.nix
projects / perso / Immae / Config / Nix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Fix ttrss not synchronizing
[perso/Immae/Config/Nix.git] / modules / private / environment.nix
CommitLineData
619e4f46 1{ config, lib, name, ... }:
ab8f306d
IB		 2with lib;
3with types;
4with lists;
5let
6 ldapOptions = {
7 base = mkOption { description = "Base of the LDAP tree"; type = str; };
8 host = mkOption { description = "Host to access LDAP"; type = str; };
9 root_dn = mkOption { description = "DN of the root user"; type = str; };
10 root_pw = mkOption { description = "Hashed password of the root user"; type = str; };
11 replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; };
12 replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; };
13 };
14 mkLdapOptions = name: more: mkOption {
15 description = "${name} LDAP configuration";
16 type = submodule {
17 options = ldapOptions // {
18 dn = mkOption { description = "DN of the ${name} user"; type = str; };
19 password = mkOption { description = "password of the ${name} user"; type = str; };
20 filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; };
21 } // more;
22 };
23 };
24 mysqlOptions = {
25 host = mkOption { description = "Host to access Mysql"; type = str; };
619e4f46 26 remoteHost = mkOption { description = "Host to access Mysql from outside"; type = str; };
ab8f306d
IB		 27 port = mkOption { description = "Port to access Mysql"; type = str; };
28 socket = mkOption { description = "Socket to access Mysql"; type = path; };
29 systemUsers = mkOption {
30 description = "Attrs of user-passwords allowed to access mysql";
31 type = attrsOf str;
32 };
33 pam = mkOption {
34 description = "PAM configuration for mysql";
35 type = submodule {
36 options = {
37 dn = mkOption { description = "DN to connect as to check users"; type = str; };
38 password = mkOption { description = "DN password to connect as to check users"; type = str; };
39 filter = mkOption { description = "filter to match users"; type = str; };
40 };
41 };
42 };
43 };
87a8bffd 44 mkMysqlOptions = name: more: mkOption {
ab8f306d
IB		 45 description = "${name} mysql configuration";
46 type = submodule {
47 options = mysqlOptions // {
48 database = mkOption { description = "${name} database"; type = str; };
49 user = mkOption { description = "${name} user"; type = str; };
50 password = mkOption { description = "mysql password of the ${name} user"; type = str; };
87a8bffd 51 } // more;
ab8f306d
IB		 52 };
53 };
54 psqlOptions = {
55 host = mkOption { description = "Host to access Postgresql"; type = str; };
56 port = mkOption { description = "Port to access Postgresql"; type = str; };
57 socket = mkOption { description = "Socket to access Postgresql"; type = path; };
58 pam = mkOption {
59 description = "PAM configuration for psql";
60 type = submodule {
61 options = {
62 dn = mkOption { description = "DN to connect as to check users"; type = str; };
63 password = mkOption { description = "DN password to connect as to check users"; type = str; };
64 filter = mkOption { description = "filter to match users"; type = str; };
65 };
66 };
67 };
68 };
69 mkPsqlOptions = name: mkOption {
70 description = "${name} psql configuration";
71 type = submodule {
72 options = psqlOptions // {
73 database = mkOption { description = "${name} database"; type = str; };
74 schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; };
75 user = mkOption { description = "${name} user"; type = str; };
76 password = mkOption { description = "psql password of the ${name} user"; type = str; };
77 };
78 };
79 };
80 redisOptions = {
81 host = mkOption { description = "Host to access Redis"; type = str; };
82 port = mkOption { description = "Port to access Redis"; type = str; };
83 socket = mkOption { description = "Socket to access Redis"; type = path; };
84 dbs = mkOption {
85 description = "Attrs of db number. Each number should be unique to avoid collision!";
86 type = attrsOf str;
87 };
88 spiped_key = mkOption {
89 type = str;
90 description = ''
91 Key to use with spiped to make a secure channel to replication
92 '';
93 };
94 predixy = mkOption {
95 description = "Predixy configuration. Unused yet";
96 type = submodule {
97 options = {
98 read = mkOption { type = str; description = "Read password"; };
99 };
100 };
101 };
102 };
103 mkRedisOptions = name: mkOption {
104 description = "${name} redis configuration";
105 type = submodule {
106 options = redisOptions // {
107 db = mkOption { description = "${name} database"; type = str; };
108 };
109 };
110 };
6338573a
IB		 111 smtpOptions = {
112 host = mkOption { description = "Host to access SMTP"; type = str; };
113 port = mkOption { description = "Port to access SMTP"; type = str; };
114 };
115 mkSmtpOptions = name: mkOption {
116 description = "${name} smtp configuration";
117 type = submodule {
118 options = smtpOptions // {
119 email = mkOption { description = "${name} email"; type = str; };
120 password = mkOption { description = "SMTP password of the ${name} user"; type = str; };
121 };
122 };
123 };
619e4f46
IB		 124 hostEnv = submodule {
125 options = {
126 fqdn = mkOption {
127 description = "Host FQDN";
128 type = str;
129 };
8a304ef4
IB		 130 users = mkOption {
131 type = unspecified;
132 default = pkgs: [];
133 description = ''
134 Sublist of users from realUsers. Function that takes pkgs as
135 argument and gives an array as a result
136 '';
137 };
619e4f46
IB		 138 emails = mkOption {
139 default = [];
140 description = "List of e-mails that the server can be a sender of";
141 type = listOf str;
142 };
143 ldap = mkOption {
144 description = ''
145 LDAP credentials for the host
146 '';
147 type = submodule {
148 options = {
5400b9b6
IB		 149 password = mkOption { type = str; description = "Password for the LDAP connection"; };
150 dn = mkOption { type = str; description = "DN for the LDAP connection"; };
619e4f46
IB		 151 };
152 };
153 };
154 mx = mkOption {
155 description = "subdomain and priority for MX server";
156 default = { enable = false; };
157 type = submodule {
158 options = {
159 enable = mkEnableOption "Enable MX";
160 subdomain = mkOption { type = nullOr str; description = "Subdomain name (mx-*)"; };
161 priority = mkOption { type = nullOr str; description = "Priority"; };
162 };
163 };
164 };
165 ips = mkOption {
166 description = ''
167 attrs of ip4/ip6 grouped by section
168 '';
169 type = attrsOf (submodule {
170 options = {
171 ip4 = mkOption {
05becbbb
IB		 172 type = listOf str;
173 default = [];
619e4f46 174 description = ''
05becbbb 175 ip4 addresses of the host
619e4f46
IB		 176 '';
177 };
178 ip6 = mkOption {
5400b9b6 179 type = listOf str;
619e4f46
IB		 180 default = [];
181 description = ''
182 ip6 addresses of the host
183 '';
184 };
185 };
186 });
187 };
188 };
189 };
ab8f306d
IB		 190in
191{
192 options.myEnv = {
193 servers = mkOption {
194 description = ''
195 Attrs of servers information in the cluster (not necessarily handled by nixops)
196 '';
197 default = {};
619e4f46 198 type = attrsOf hostEnv;
ab8f306d
IB		 199 };
200 hetznerCloud = mkOption {
201 description = ''
202 Hetzner Cloud credential information
203 '';
204 type = submodule {
205 options = {
206 authToken = mkOption {
207 type = str;
208 description = ''
209 The API auth token.
210 '';
211 };
212 };
213 };
214 };
215 hetzner = mkOption {
216 description = ''
217 Hetzner credential information
218 '';
219 type = submodule {
220 options = {
221 user = mkOption { type = str; description = "User"; };
222 pass = mkOption { type = str; description = "Password"; };
223 };
224 };
225 };
226 sshd = mkOption {
227 description = ''
228 sshd service credential information
229 '';
230 type = submodule {
231 options = {
200690c9 232 rootKeys = mkOption { type = attrsOf str; description = "Keys of root users"; };
ab8f306d
IB		 233 ldap = mkOption {
234 description = ''
235 LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn
236 '';
237 type = submodule {
238 options = {
239 password = mkOption { description = "Password"; type = str; };
240 };
241 };
242 };
243 };
244 };
245 };
246 ports = mkOption {
247 description = ''
248 non-standard reserved ports. Must be unique!
249 '';
250 type = attrsOf port;
251 default = {};
252 apply = let
253 noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x));
254 in
255 x: if isAttrs x && noDupl x then x else throw "Non unique values for ports";
256 };
257 httpd = mkOption {
258 description = ''
259 httpd service credential information
260 '';
261 type = submodule {
262 options = {
263 ldap = mkOption {
264 description = ''
265 LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn
266 '';
267 type = submodule {
268 options = {
269 password = mkOption { description = "Password"; type = str; };
270 };
271 };
272 };
273 };
274 };
275 };
6338573a
IB		 276 smtp = mkOption {
277 type = submodule { options = smtpOptions; };
278 description = "SMTP configuration";
279 };
ab8f306d
IB		 280 ldap = mkOption {
281 description = ''
282 LDAP server configuration
283 '';
284 type = submodule {
285 options = ldapOptions;
286 };
287 };
288 databases = mkOption {
289 description = "Databases configuration";
290 type = submodule {
291 options = {
292 mysql = mkOption {
293 type = submodule { options = mysqlOptions; };
294 description = "Mysql configuration";
295 };
296 redis = mkOption {
297 type = submodule { options = redisOptions; };
298 description = "Redis configuration";
299 };
300 postgresql = mkOption {
301 type = submodule { options = psqlOptions; };
302 description = "Postgresql configuration";
303 };
304 };
305 };
306 };
307 jabber = mkOption {
308 description = "Jabber configuration";
309 type = submodule {
310 options = {
5b53d86f 311 postfix_user_filter = mkOption { type = str; description = "Postfix filter to get xmpp users"; };
ab8f306d
IB		 312 ldap = mkLdapOptions "Jabber" {};
313 postgresql = mkPsqlOptions "Jabber";
314 };
315 };
316 };
8a304ef4
IB		 317 realUsers = mkOption {
318 description = ''
319 Attrset of function taking pkgs as argument.
320 Real users settings, should provide a subattr of users.users.<name>
321 with at least: name, (hashed)Password, shell
322 '';
323 type = attrsOf unspecified;
324 };
ab8f306d
IB		 325 users = mkOption {
326 description = "System and regular users uid/gid";
327 type = attrsOf (submodule {
328 options = {
329 uid = mkOption {
330 description = "user uid";
331 type = int;
332 };
333 gid = mkOption {
334 description = "user gid";
335 type = int;
336 };
337 };
338 });
339 };
340 dns = mkOption {
341 description = "DNS configuration";
342 type = submodule {
343 options = {
344 soa = mkOption {
345 description = "SOA information";
346 type = submodule {
347 options = {
348 serial = mkOption {
349 description = "Serial number. Should be incremented at each change and unique";
350 type = str;
351 };
352 refresh = mkOption {
353 description = "Refresh time";
354 type = str;
355 };
356 retry = mkOption {
357 description = "Retry time";
358 type = str;
359 };
360 expire = mkOption {
361 description = "Expire time";
362 type = str;
363 };
364 ttl = mkOption {
365 description = "Default TTL time";
366 type = str;
367 };
368 email = mkOption {
369 description = "hostmaster e-mail";
370 type = str;
371 };
372 primary = mkOption {
373 description = "Primary NS";
374 type = str;
375 };
376 };
377 };
378 };
379 ns = mkOption {
380 description = "Attrs of NS servers group";
381 example = {
382 foo = {
383 "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ];
384 "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ];
385 };
386 };
387 type = attrsOf (attrsOf (listOf str));
388 };
8175055f
IB		 389 keys = mkOption {
390 default = {};
391 description = "DNS keys";
392 type = attrsOf (submodule {
393 options = {
394 algorithm = mkOption { type = str; description = "Algorithm"; };
395 secret = mkOption { type = str; description = "Secret"; };
396 };
397 });
398 };
ab8f306d
IB		 399 slaveZones = mkOption {
400 description = "List of slave zones";
401 type = listOf (submodule {
402 options = {
403 name = mkOption { type = str; description = "zone name"; };
404 masters = mkOption {
405 description = "NS master groups of this zone";
406 type = listOf str;
407 };
8175055f
IB		 408 keys = mkOption {
409 default = [];
410 description = "Keys associated to the server";
411 type = listOf str;
412 };
ab8f306d
IB		 413 };
414 });
415 };
416 masterZones = mkOption {
417 description = "List of master zones";
418 type = listOf (submodule {
419 options = {
420 name = mkOption { type = str; description = "zone name"; };
68ff82c6 421 withCAA = mkOption { type = nullOr str; description = "CAA entry"; default = null; };
ab8f306d
IB		 422 slaves = mkOption {
423 description = "NS slave groups of this zone";
424 type = listOf str;
425 };
426 ns = mkOption {
427 description = "groups names that should have their NS entries listed here";
428 type = listOf str;
429 };
430 extra = mkOption {
431 description = "Extra zone configuration for bind";
432 example = ''
433 notify yes;
434 '';
435 type = lines;
436 };
437 entries = mkOption { type = lines; description = "Regular entries of the NS zone"; };
438 withEmail = mkOption {
439 description = "List of domains that should have mail entries (MX, dkim, SPF, ...)";
440 default = [];
441 type = listOf (submodule {
442 options = {
443 domain = mkOption { type = str; description = "Which subdomain is concerned"; };
444 send = mkOption { type = bool; description = "Whether there can be e-mails originating from the subdomain"; };
445 receive = mkOption { type = bool; description = "Whether there can be e-mails arriving to the subdomain"; };
446 };
447 });
448 };
449 };
450 });
451 };
452 };
453 };
454 };
455 backup = mkOption {
456 description = ''
457 Remote backup with duplicity
458 '';
459 type = submodule {
460 options = {
461 password = mkOption { type = str; description = "Password for encrypting files"; };
5a61f6ad
IB		 462 remotes = mkOption {
463 type = attrsOf (submodule {
464 options = {
465 remote = mkOption {
466 type = unspecified;
467 example = literalExample ''
468 bucket: "s3://some_host/${bucket}";
469 '';
470 description = ''
471 Function.
472 Takes a bucket name as argument and returns a url
473 '';
474 };
475 accessKeyId = mkOption { type = str; description = "Remote access-key"; };
476 secretAccessKey = mkOption { type = str; description = "Remote access secret"; };
477 };
478 });
479 };
ab8f306d
IB		 480 };
481 };
482 };
5dda316b
IB		 483 zrepl_backup = mkOption {
484 type = submodule {
485 options = {
486 ssh_key = mkOption {
487 description = "SSH key information";
488 type = submodule {
489 options = {
490 public = mkOption { type = str; description = "Public part of the key"; };
491 private = mkOption { type = lines; description = "Private part of the key"; };
492 };
493 };
494 };
495 mysql = mkMysqlOptions "Zrepl" {};
17069bb6
IB		 496 certs = mkOption {
497 description = "Certificates";
498 type = attrsOf (submodule {
499 options = {
500 key = mkOption { type = str; description = "Key"; };
501 certificate = mkOption { type = str; description = "Certificate"; };
502 };
503 });
504 };
5dda316b
IB		 505 };
506 };
507 };
ab8f306d
IB		 508 rsync_backup = mkOption {
509 description =''
510 Rsync backup configuration from controlled host
511 '';
512 type = submodule {
513 options = {
ab8f306d
IB		 514 ssh_key = mkOption {
515 description = "SSH key information";
516 type = submodule {
517 options = {
518 public = mkOption { type = str; description = "Public part of the key"; };
519 private = mkOption { type = lines; description = "Private part of the key"; };
520 };
521 };
522 };
523 profiles = mkOption {
524 description = "Attrs of profiles to backup";
525 type = attrsOf (submodule {
526 options = {
527 keep = mkOption { type = int; description = "Number of backups to keep"; };
46b7e627 528 check_command = mkOption { type = str; description = "command to check if backup needs to be done"; default = "backup"; };
ab8f306d
IB		 529 login = mkOption { type = str; description = "Login to connect to host"; };
530 port = mkOption { type = str; default = "22"; description = "Port to connect to host"; };
531 host = mkOption { type = str; description = "Host to connect to"; };
532 host_key = mkOption { type = str; description = "Host key"; };
533 host_key_type = mkOption { type = str; description = "Host key type"; };
534 parts = mkOption {
535 description = "Parts to backup for this host";
536 type = attrsOf (submodule {
537 options = {
538 remote_folder = mkOption { type = path; description = "Remote folder to backup";};
539 exclude_from = mkOption {
540 type = listOf path;
541 default = [];
542 description = "List of folders/files to exclude from the backup";
543 };
544 files_from = mkOption {
545 type = listOf path;
546 default = [];
547 description = "List of folders/files to backup in the base folder";
548 };
549 args = mkOption {
550 type = nullOr str;
551 default = null;
552 description = "Extra arguments to pass to rsync";
553 };
554 };
555 });
556 };
557 };
558 });
559 };
560 };
561 };
562 };
563 monitoring = mkOption {
564 description = "Monitoring configuration";
565 type = submodule {
566 options = {
567 status_url = mkOption { type = str; description = "URL to push status to"; };
568 status_token = mkOption { type = str; description = "Token for the status url"; };
e820134d 569 http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; };
ab8f306d 570 email = mkOption { type = str; description = "Admin E-mail"; };
e820134d
IB		 571 ssh_public_key = mkOption { type = str; description = "SSH public key"; };
572 ssh_secret_key = mkOption { type = str; description = "SSH secret key"; };
573 imap_login = mkOption { type = str; description = "IMAP login"; };
574 imap_password = mkOption { type = str; description = "IMAP password"; };
25844101 575 eriomem_keys = mkOption { type = listOf (listOf str); description = "Eriomem keys"; default = []; };
6191bdeb
IB		 576 ovh_sms = mkOption {
577 description = "OVH credentials for sms script";
578 type = submodule {
579 options = {
580 endpoint = mkOption { type = str; default = "ovh-eu"; description = "OVH endpoint"; };
581 application_key = mkOption { type = str; description = "Application key"; };
582 application_secret = mkOption { type = str; description = "Application secret"; };
583 consumer_key = mkOption { type = str; description = "Consumer key"; };
584 account = mkOption { type = str; description = "Account"; };
585 };
586 };
587 };
e820134d
IB		 588 nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; };
589 slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; };
590 slack_channel = mkOption { type = str; description = "Slack channel to push status update"; };
e43fdf34
IB		 591 netdata_aggregator = mkOption { type = str; description = "Url where netdata information should be sent"; };
592 netdata_keys = mkOption { type = attrsOf str; description = "netdata host keys"; };
e820134d 593 contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; };
71a2425e
IB		 594 email_check = mkOption {
595 description = "Emails services to check";
596 type = attrsOf (submodule {
597 options = {
598 local = mkOption { type = bool; default = false; description = "Use local configuration"; };
599 port = mkOption { type = nullOr str; default = null; description = "Port to connect to ssh"; };
600 login = mkOption { type = nullOr str; default = null; description = "Login to connect to ssh"; };
601 targets = mkOption { type = listOf str; description = "Hosts to send E-mails to"; };
ef0a9217
IB		 602 mail_address = mkOption { type = nullOr str; default = null; description = "E-mail recipient part to send e-mail to"; };
603 mail_domain = mkOption { type = nullOr str; default = null; description = "E-mail domain part to send e-mail to"; };
71a2425e
IB		 604 };
605 });
606 };
ab8f306d
IB		 607 };
608 };
609 };
610 mpd = mkOption {
611 description = "MPD configuration";
612 type = submodule {
613 options = {
614 folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; };
615 password = mkOption { type = str; description = "Password to connect to the MPD instance"; };
616 host = mkOption { type = str; description = "Host to connect to the MPD instance"; };
617 port = mkOption { type = str; description = "Port to connect to the MPD instance"; };
618 };
619 };
620 };
621 ftp = mkOption {
622 description = "FTP configuration";
623 type = submodule {
624 options = {
fcbdf67a
IB		 625 ldap = mkLdapOptions "FTP" {
626 proftpd_filter = mkOption { type = str; description = "Filter for proftpd listing in LDAP"; };
627 pure-ftpd_filter = mkOption { type = str; description = "Filter for pure-ftpd listing in LDAP"; };
628 };
ab8f306d
IB		 629 };
630 };
631 };
ea9c6fe8
IB		 632 vpn = mkOption {
633 description = "VPN configuration";
634 type = attrsOf (submodule {
635 options = {
636 prefix = mkOption { type = str; description = "ipv6 prefix for the vpn subnet"; };
637 privateKey = mkOption { type = str; description = "Private key for the host"; };
638 publicKey = mkOption { type = str; description = "Public key for the host"; };
639 };
640 });
641 };
ab8f306d
IB		 642 mail = mkOption {
643 description = "Mail configuration";
644 type = submodule {
645 options = {
646 dmarc = mkOption {
647 description = "DMARC configuration";
648 type = submodule {
649 options = {
650 ignore_hosts = mkOption {
651 type = lines;
652 description = ''
653 Hosts to ignore when checking for dmarc
654 '';
655 };
656 };
657 };
658 };
659 dkim = mkOption {
660 description = "DKIM configuration";
661 type = attrsOf (submodule {
662 options = {
663 public = mkOption {
664 type = str;
665 example = ''
666 ( "v=DKIM1; k=rsa; "
667 "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB" )
668 '';
669 description = "Public entry to put in DNS TXT field";
670 };
671 private = mkOption { type = str; description = "Private key"; };
672 };
673 });
674 };
675 postfix = mkOption {
676 description = "Postfix configuration";
677 type = submodule {
678 options = {
679 additional_mailbox_domains = mkOption {
680 description = ''
681 List of domains that are used as mailbox final destination, in addition to those defined in the DNS records
682 '';
683 type = listOf str;
684 };
87a8bffd
IB		 685 mysql = mkMysqlOptions "Postfix" {
686 password_encrypt = mkOption { type = str; description = "Key to encrypt relay password in database"; };
687 };
ab8f306d
IB		 688 backup_domains = mkOption {
689 description = ''
690 Domains that are accepted for relay as backup domain
691 '';
692 type = attrsOf (submodule {
693 options = {
694 domains = mkOption { type = listOf str; description = "Domains list"; };
695 relay_restrictions = mkOption {
696 type = lines;
697 description = ''
698 Restrictions for relaying the e-mails from the domains
699 '';
700 };
701 recipient_maps = mkOption {
702 description = ''
703 Recipient map to accept relay for.
704 Must be specified for domain, the rules apply to everyone!
705 '';
706 type = listOf (submodule {
707 options = {
708 type = mkOption {
709 type = enum [ "hash" ];
710 description = "Map type";
711 };
712 content = mkOption {
713 type = str;
714 description = "Map content";
715 };
716 };
717 });
718 };
719 };
720 });
721 };
722 };
723 };
724 };
725 dovecot = mkOption {
726 description = "Dovecot configuration";
727 type = submodule {
728 options = {
729 ldap = mkLdapOptions "Dovecot" {
730 pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; };
731 user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; };
732 iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; };
733 iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; };
22b4bd78 734 postfix_mailbox_filter = mkOption { type = str; description = "Postfix filter to get mailboxes"; };
ab8f306d
IB		 735 };
736 };
737 };
738 };
739 rspamd = mkOption {
740 description = "rspamd configuration";
741 type = submodule {
742 options = {
743 redis = mkRedisOptions "Redis";
744 read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; };
745 write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; };
746 read_password = mkOption {
747 type = str;
748 description = "Read password for rspamd. Unused";
749 apply = x: "";
750 };
751 write_password = mkOption {
752 type = str;
753 description = "Write password for rspamd. Unused";
754 apply = x: "";
755 };
756 };
757 };
758 };
759 scripts = mkOption {
760 description = "Mail script recipients";
761 type = attrsOf (submodule {
762 options = {
5b53d86f 763 external = mkEnableOption "Create a script_<name>@mail.immae.eu external address";
ab8f306d
IB		 764 src = mkOption {
765 description = ''
766 git source to fetch the script from.
767 It must have a default.nix file as its root accepting a scriptEnv parameter
768 '';
769 type = submodule {
770 options = {
771 url = mkOption { type = str; description = "git url to fetch"; };
772 rev = mkOption { type = str; description = "git reference to fetch"; };
773 };
774 };
775 };
776 env = mkOption {
777 description = "Variables to pass to the script";
778 type = unspecified;
779 };
780 };
781 });
782 };
418a4ed7
IB		 783 sympa = mkOption {
784 description = "Sympa configuration";
785 type = submodule {
786 options = {
787 listmasters = mkOption {
788 type = listOf str;
789 description = "Listmasters";
790 };
791 postgresql = mkPsqlOptions "Sympa";
792 data_sources = mkOption {
793 type = attrsOf str;
794 default = {};
795 description = "Data sources to make available to sympa";
796 };
797 scenari = mkOption {
798 type = attrsOf str;
799 default = {};
800 description = "Scenari to make available to sympa";
801 };
802 };
803 };
804 };
ab8f306d
IB		 805 };
806 };
807 };
a3ac9c84
IB		 808 coturn = mkOption {
809 description = "Coturn configuration";
810 type = submodule {
811 options = {
812 auth_access_key = mkOption { type = str; description = "key to access coturn"; };
813 };
814 };
815 };
ab8f306d
IB		 816 buildbot = mkOption {
817 description = "Buildbot configuration";
818 type = submodule {
819 options = {
282c67a1
IB		 820 ssh_key = mkOption {
821 description = "SSH key information";
822 type = submodule {
823 options = {
824 public = mkOption { type = str; description = "Public part of the key"; };
825 private = mkOption { type = lines; description = "Private part of the key"; };
826 };
827 };
828 };
200690c9 829 workerPassword = mkOption { description = "Buildbot worker password"; type = str; };
ab8f306d
IB		 830 user = mkOption {
831 description = "Buildbot user";
832 type = submodule {
833 options = {
834 uid = mkOption {
835 description = "user uid";
836 type = int;
837 };
838 gid = mkOption {
839 description = "user gid";
840 type = int;
841 };
842 };
843 };
844 };
845 ldap = mkOption {
846 description = "Ldap configuration for buildbot";
847 type = submodule {
848 options = {
849 password = mkOption { type = str; description = "Buildbot password"; };
850 };
851 };
852 };
853 projects = mkOption {
854 description = "Projects to make a buildbot for";
855 type = attrsOf (submodule {
856 options = {
857 name = mkOption { type = str; description = "Project name"; };
858 packages = mkOption {
859 type = unspecified;
860 example = literalExample ''
861 pkgs: [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ];
862 '';
863 description = ''
864 Function.
865 Builds packages list to make available to buildbot project.
866 Takes pkgs as argument.
867 '';
868 };
ab8f306d 869 pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; };
200690c9 870 workerPort = mkOption { type = port; description = "Port for the worker"; };
ab8f306d 871 secrets = mkOption {
2ff9258e
IB		 872 #type = attrsOf (either str (functionTo str));
873 type = attrsOf unspecified;
874 description = "Secrets for the project to dump as files. Might be a function that takes pkgs as argument";
ab8f306d
IB		 875 };
876 environment = mkOption {
2ff9258e
IB		 877 #type = attrsOf (either str (functionTo str));
878 type = attrsOf unspecified;
ab8f306d 879 description = ''
2ff9258e 880 Environment variables for the project. Might be a function that takes pkgs as argument.
ab8f306d
IB		 881 BUILDBOT_ is prefixed to the variable names
882 '';
883 };
884 activationScript = mkOption {
885 type = lines;
886 description = ''
887 Activation script to run during deployment
888 '';
889 };
ab8f306d
IB		 890 webhookTokens = mkOption {
891 type = nullOr (listOf str);
892 default = null;
893 description = ''
894 List of tokens allowed to push to project’s change_hook/base endpoint
895 '';
896 };
897 };
898 });
899 };
900 };
901 };
902 };
903 tools = mkOption {
904 description = "Tools configurations";
905 type = submodule {
906 options = {
251c0a13 907 contact = mkOption { type = str; description = "Contact e-mail address"; };
4c42e0be
IB		 908 assets = mkOption {
909 default = {};
910 type = attrsOf (submodule {
911 options = {
912 url = mkOption { type = str; description = "URL to fetch"; };
913 sha256 = mkOption { type = str; description = "Hash of the url"; };
914 };
915 });
916 description = "Assets to provide on assets.immae.eu";
917 };
ab8f306d
IB		 918 davical = mkOption {
919 description = "Davical configuration";
920 type = submodule {
921 options = {
922 postgresql = mkPsqlOptions "Davical";
923 ldap = mkLdapOptions "Davical" {};
924 };
925 };
926 };
927 diaspora = mkOption {
928 description = "Diaspora configuration";
929 type = submodule {
930 options = {
931 postgresql = mkPsqlOptions "Diaspora";
932 redis = mkRedisOptions "Diaspora";
933 ldap = mkLdapOptions "Diaspora" {};
934 secret_token = mkOption { type = str; description = "Secret token"; };
935 };
936 };
937 };
7df5e532
IB		 938 dmarc_reports = mkOption {
939 description = "DMARC reports configuration";
940 type = submodule {
941 options = {
942 mysql = mkMysqlOptions "DMARC" {};
9c08c3bc 943 anonymous_key = mkOption { type = str; description = "Anonymous hashing key"; };
7df5e532
IB		 944 };
945 };
946 };
ab8f306d
IB		 947 etherpad-lite = mkOption {
948 description = "Etherpad configuration";
949 type = submodule {
950 options = {
951 postgresql = mkPsqlOptions "Etherpad";
952 ldap = mkLdapOptions "Etherpad" {
953 group_filter = mkOption { type = str; description = "Filter for groups"; };
954 };
f0d942ac 955 adminPassword = mkOption { type = str; description = "Admin password for mypads / admin"; };
ab8f306d
IB		 956 session_key = mkOption { type = str; description = "Session key"; };
957 api_key = mkOption { type = str; description = "API key"; };
ab8f306d
IB		 958 };
959 };
960 };
961 gitolite = mkOption {
962 description = "Gitolite configuration";
963 type = submodule {
964 options = {
965 ldap = mkLdapOptions "Gitolite" {};
282c67a1
IB		 966 ssh_key = mkOption {
967 description = "SSH key information";
968 type = submodule {
969 options = {
970 public = mkOption { type = str; description = "Public part of the key"; };
971 private = mkOption { type = lines; description = "Private part of the key"; };
972 };
973 };
974 };
ab8f306d
IB		 975 };
976 };
977 };
978 kanboard = mkOption {
979 description = "Kanboard configuration";
980 type = submodule {
981 options = {
982 postgresql = mkPsqlOptions "Kanboard";
983 ldap = mkLdapOptions "Kanboard" {
984 admin_dn = mkOption { type = str; description = "Admin DN"; };
985 };
986 };
987 };
988 };
989 mantisbt = mkOption {
990 description = "Mantisbt configuration";
991 type = submodule {
992 options = {
993 postgresql = mkPsqlOptions "Mantisbt";
994 ldap = mkLdapOptions "Mantisbt" {};
995 master_salt = mkOption { type = str; description = "Master salt for password hash"; };
996 };
997 };
998 };
999 mastodon = mkOption {
1000 description = "Mastodon configuration";
1001 type = submodule {
1002 options = {
1003 postgresql = mkPsqlOptions "Mastodon";
1004 redis = mkRedisOptions "Mastodon";
1005 ldap = mkLdapOptions "Mastodon" {};
1006 paperclip_secret = mkOption { type = str; description = "Paperclip secret"; };
1007 otp_secret = mkOption { type = str; description = "OTP secret"; };
1008 secret_key_base = mkOption { type = str; description = "Secret key base"; };
1009 vapid = mkOption {
1010 description = "vapid key";
1011 type = submodule {
1012 options = {
1013 private = mkOption { type = str; description = "Private key"; };
1014 public = mkOption { type = str; description = "Public key"; };
1015 };
1016 };
1017 };
1018 };
1019 };
1020 };
1021 mediagoblin = mkOption {
1022 description = "Mediagoblin configuration";
1023 type = submodule {
1024 options = {
1025 postgresql = mkPsqlOptions "Mediagoblin";
1026 redis = mkRedisOptions "Mediagoblin";
1027 ldap = mkLdapOptions "Mediagoblin" {};
1028 };
1029 };
1030 };
1031 nextcloud = mkOption {
1032 description = "Nextcloud configuration";
1033 type = submodule {
1034 options = {
1035 postgresql = mkPsqlOptions "Peertube";
1036 redis = mkRedisOptions "Peertube";
1037 password_salt = mkOption { type = str; description = "Password salt"; };
1038 instance_id = mkOption { type = str; description = "Instance ID"; };
1039 secret = mkOption { type = str; description = "App secret"; };
1040 };
1041 };
1042 };
1043 peertube = mkOption {
1044 description = "Peertube configuration";
1045 type = submodule {
1046 options = {
1047 listenPort = mkOption { type = port; description = "Port to listen to"; };
1048 postgresql = mkPsqlOptions "Peertube";
1049 redis = mkRedisOptions "Peertube";
1050 ldap = mkLdapOptions "Peertube" {};
1051 };
1052 };
1053 };
8a05c7fb
IB		 1054 syden_peertube = mkOption {
1055 description = "Peertube Syden configuration";
1056 type = submodule {
1057 options = {
1058 listenPort = mkOption { type = port; description = "Port to listen to"; };
1059 postgresql = mkPsqlOptions "Peertube";
1060 redis = mkRedisOptions "Peertube";
1061 };
1062 };
1063 };
ab8f306d
IB		 1064 phpldapadmin = mkOption {
1065 description = "phpLdapAdmin configuration";
1066 type = submodule {
1067 options = {
1068 ldap = mkLdapOptions "phpldapadmin" {};
1069 };
1070 };
1071 };
1072 rompr = mkOption {
1073 description = "Rompr configuration";
1074 type = submodule {
1075 options = {
1076 mpd = mkOption {
1077 description = "MPD configuration";
1078 type = submodule {
1079 options = {
1080 host = mkOption { type = str; description = "Host for MPD"; };
1081 port = mkOption { type = port; description = "Port to access MPD host"; };
1082 };
1083 };
1084 };
1085 };
1086 };
1087 };
1088 roundcubemail = mkOption {
1089 description = "Roundcubemail configuration";
1090 type = submodule {
1091 options = {
1092 postgresql = mkPsqlOptions "TT-RSS";
1093 secret = mkOption { type = str; description = "Secret"; };
1094 };
1095 };
1096 };
1097 shaarli = mkOption {
1098 description = "Shaarli configuration";
1099 type = submodule {
1100 options = {
1101 ldap = mkLdapOptions "Shaarli" {};
1102 };
1103 };
1104 };
a97118c4
IB		 1105 status_engine = mkOption {
1106 description = "Status Engine configuration";
1107 type = submodule {
1108 options = {
1109 mysql = mkMysqlOptions "StatusEngine" {};
1110 ldap = mkLdapOptions "StatusEngine" {};
1111 };
1112 };
1113 };
ab8f306d
IB		 1114 task = mkOption {
1115 description = "Taskwarrior configuration";
1116 type = submodule {
1117 options = {
1118 ldap = mkLdapOptions "Taskwarrior" {};
1119 taskwarrior-web = mkOption {
1120 description = "taskwarrior-web profiles";
1121 type = attrsOf (submodule {
1122 options = {
1123 uid = mkOption {
1124 type = listOf str;
1125 description = "List of ldap uids having access to this profile";
1126 };
1127 org = mkOption { type = str; description = "Taskd organisation"; };
1128 key = mkOption { type = str; description = "Taskd key"; };
1129 date = mkOption { type = str; description = "Preferred date format"; };
1130 };
1131 });
1132 };
1133 };
1134 };
1135 };
1136 ttrss = mkOption {
1137 description = "TT-RSS configuration";
1138 type = submodule {
1139 options = {
1140 postgresql = mkPsqlOptions "TT-RSS";
1141 ldap = mkLdapOptions "TT-RSS" {};
1142 };
1143 };
1144 };
1145 wallabag = mkOption {
1146 description = "Wallabag configuration";
1147 type = submodule {
1148 options = {
1149 postgresql = mkPsqlOptions "Wallabag";
1150 ldap = mkLdapOptions "Wallabag" {
1151 admin_filter = mkOption { type = str; description = "Admin users filter"; };
1152 };
1153 redis = mkRedisOptions "Wallabag";
1154 secret = mkOption { type = str; description = "App secret"; };
1155 };
1156 };
1157 };
251c0a13
IB		 1158 webhooks = mkOption {
1159 type = attrsOf str;
1160 description = "Mapping 'name'.php => script for webhooks";
1161 };
68c45ad5
IB		 1162 csp_reports = mkOption {
1163 description = "CSP report configuration";
1164 type = submodule {
1165 options = {
1166 report_uri = mkOption { type = str; description = "URI to report CSP violations to"; };
1167 policies = mkOption { type = attrsOf str; description = "CSP policies to apply"; };
68c45ad5
IB		 1168 };
1169 };
1170 };
6338573a
IB		 1171 commento = mkOption {
1172 description = "Commento configuration";
1173 type = submodule {
1174 options = {
1175 listenPort = mkOption { type = port; description = "Port to listen to"; };
1176 postgresql = mkPsqlOptions "Commento";
1177 smtp = mkSmtpOptions "Commento";
1178 };
1179 };
1180 };
8c91e92c
IB		 1181 cryptpad = mkOption {
1182 description = "Cryptpad configuration";
1183 type = attrsOf (submodule {
1184 options = {
1185 email = mkOption { type = str; description = "Admin e-mail"; };
1186 admins = mkOption { type = listOf str; description = "Instance admin public keys"; };
1187 port = mkOption { type = port; description = "Port to listen to"; };
1188 };
1189 });
1190 };
ab8f306d
IB		 1191 ympd = mkOption {
1192 description = "Ympd configuration";
1193 type = submodule {
1194 options = {
1195 listenPort = mkOption { type = port; description = "Port to listen to"; };
1196 mpd = mkOption {
1197 description = "MPD configuration";
1198 type = submodule {
1199 options = {
1200 password = mkOption { type = str; description = "Password to access MPD host"; };
1201 host = mkOption { type = str; description = "Host for MPD"; };
1202 port = mkOption { type = port; description = "Port to access MPD host"; };
1203 };
1204 };
1205 };
1206 };
1207 };
1208 };
a565d58b
IB		 1209 umami = mkOption {
1210 description = "Umami configuration";
1211 type = submodule {
1212 options = {
1213 listenPort = mkOption { type = port; description = "Port to listen to"; };
1214 postgresql = mkPsqlOptions "Umami";
1215 hashSalt = mkOption { type = str; description = "Hash salt"; };
1216 };
1217 };
1218 };
ab8f306d
IB		 1219 yourls = mkOption {
1220 description = "Yourls configuration";
1221 type = submodule {
1222 options = {
87a8bffd 1223 mysql = mkMysqlOptions "Yourls" {};
ab8f306d
IB		 1224 ldap = mkLdapOptions "Yourls" {};
1225 cookieKey = mkOption { type = str; description = "Cookie key"; };
1226 };
1227 };
1228 };
1229 };
1230 };
1231 };
75489e72 1232 serverSpecific = mkOption { type = attrsOf unspecified; description = "Server specific configuration"; };
ab8f306d
IB		 1233 websites = mkOption {
1234 description = "Websites configurations";
1235 type = submodule {
1236 options = {
5a412244
IB		 1237 christophe_carpentier = mkOption {
1238 description = "Christophe Carpentier configuration by environment";
1239 type = submodule {
1240 options = {
1241 agorakit = mkOption {
1242 description = "Agorakit configuration";
1243 type = submodule {
1244 options = {
1245 mysql = mkMysqlOptions "Agorakit" {};
1246 smtp = mkSmtpOptions "Agorakit";
1247 appkey = mkOption { type = str; description = "App key"; };
1248 };
1249 };
1250 };
1251 };
1252 };
1253 };
91b3d06b
IB		 1254 immae = mkOption {
1255 description = "Immae configuration by environment";
1256 type = submodule {
1257 options = {
1258 temp = mkOption {
1259 description = "Temp configuration";
1260 type = submodule {
1261 options = {
1262 ldap = mkLdapOptions "Immae temp" {
1263 filter = mkOption { type = str; description = "Filter for user access"; };
1264 };
1265 };
1266 };
1267 };
1268 };
1269 };
1270 };
829ef7f1
IB		 1271 isabelle = mkOption {
1272 description = "Isabelle configurations by environment";
ab8f306d
IB		 1273 type =
1274 let
1275 atenSubmodule = mkOption {
1276 description = "environment configuration";
1277 type = submodule {
1278 options = {
1279 environment = mkOption { type = str; description = "Symfony environment"; };
1280 secret = mkOption { type = str; description = "Symfony App secret"; };
1281 postgresql = mkPsqlOptions "Aten";
1282 };
1283 };
1284 };
1285 in
1286 submodule {
1287 options = {
829ef7f1
IB		 1288 aten_production = atenSubmodule;
1289 aten_integration = atenSubmodule;
423c3f1c
IB		 1290 iridologie = mkOption {
1291 description = "environment configuration";
1292 type = submodule {
1293 options = {
1294 environment = mkOption { type = str; description = "SPIP environment"; };
1295 mysql = mkMysqlOptions "Iridologie" {};
1296 ldap = mkLdapOptions "Iridologie" {};
1297 };
1298 };
1299 };
ab8f306d
IB		 1300 };
1301 };
1302 };
1303 chloe = mkOption {
1304 description = "Chloe configurations by environment";
1305 type =
1306 let
1307 chloeSubmodule = mkOption {
1308 description = "environment configuration";
1309 type = submodule {
1310 options = {
423c3f1c 1311 environment = mkOption { type = str; description = "SPIP environment"; };
87a8bffd 1312 mysql = mkMysqlOptions "Chloe" {};
ab8f306d
IB		 1313 ldap = mkLdapOptions "Chloe" {};
1314 };
1315 };
1316 };
1317 in
1318 submodule {
1319 options = {
1320 production = chloeSubmodule;
1321 integration = chloeSubmodule;
2ff9258e
IB		 1322 new = mkOption {
1323 description = "environment configuration";
1324 type = submodule {
1325 options = {
1326 mysql = mkMysqlOptions "ChloeNew" {};
1327 ldap = mkLdapOptions "ChloeNew" {};
1328 secret = mkOption { type = str; description = "Symfony App secret"; };
1329 };
1330 };
1331 };
ab8f306d
IB		 1332 };
1333 };
1334 };
1335 connexionswing = mkOption {
1336 description = "Connexionswing configurations by environment";
1337 type =
1338 let
1339 csSubmodule = mkOption {
1340 description = "environment configuration";
1341 type = submodule {
1342 options = {
1343 environment = mkOption { type = str; description = "Symfony environment"; };
87a8bffd 1344 mysql = mkMysqlOptions "Connexionswing" {};
ab8f306d
IB		 1345 secret = mkOption { type = str; description = "Symfony App secret"; };
1346 email = mkOption { type = str; description = "Symfony email notification"; };
1347 };
1348 };
1349 };
1350 in
1351 submodule {
1352 options = {
1353 production = csSubmodule;
1354 integration = csSubmodule;
1355 };
1356 };
1357 };
1358 jerome = mkOption {
1359 description = "Naturaloutil configuration";
1360 type = submodule {
1361 options = {
87a8bffd 1362 mysql = mkMysqlOptions "Naturaloutil" {};
ab8f306d
IB		 1363 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1364 };
1365 };
1366 };
d3452fc5 1367 telio_tortay = mkOption {
ab8f306d
IB		 1368 description = "Telio Tortay configuration";
1369 type = submodule {
1370 options = {
1371 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1372 };
1373 };
1374 };
d3452fc5 1375 ludivine = mkOption {
ab8f306d
IB		 1376 description = "Ludivinecassal configurations by environment";
1377 type =
1378 let
1379 lcSubmodule = mkOption {
1380 description = "environment configuration";
1381 type = submodule {
1382 options = {
1383 environment = mkOption { type = str; description = "Symfony environment"; };
87a8bffd 1384 mysql = mkMysqlOptions "LudivineCassal" {};
ab8f306d
IB		 1385 ldap = mkLdapOptions "LudivineCassal" {};
1386 secret = mkOption { type = str; description = "Symfony App secret"; };
1387 };
1388 };
1389 };
1390 in
1391 submodule {
1392 options = {
1393 production = lcSubmodule;
1394 integration = lcSubmodule;
1395 };
1396 };
1397 };
965b61c2
IB		 1398 nicecoop = mkOption {
1399 description = "Nicecoop configuration";
1400 type = submodule {
1401 options = {
1402 odoo = {
1403 port = mkOption { description = "Port to listen to"; type = port; };
1404 longpoll_port = mkOption { description = "Port to listen to"; type = port; };
1405 postgresql = mkPsqlOptions "Odoo";
1406 admin_password = mkOption { type = str; description = "Admin password"; };
1407 };
1408 gestion-compte = {
27da4e10 1409 smtp = mkSmtpOptions "GestionCompte";
965b61c2
IB		 1410 mysql = mkMysqlOptions "gestion-compte" {};
1411 secret = mkOption { type = str; description = "Application secret"; };
1412 adminpassword = mkOption { type = str; description = "Admin password"; };
1413 };
1414 gestion-compte-integration = {
1415 smtp = mkSmtpOptions "GestionCompte";
1416 mysql = mkMysqlOptions "gestion-compte" {};
1417 secret = mkOption { type = str; description = "Application secret"; };
1418 adminpassword = mkOption { type = str; description = "Admin password"; };
1419 };
27da4e10
IB		 1420 copanier = {
1421 smtp = mkSmtpOptions "Copanier";
1422 staff = mkOption { type = listOf str; description = "List of staff members"; };
1423 };
965b61c2
IB		 1424 };
1425 };
1426 };
ab8f306d
IB		 1427 emilia = mkOption {
1428 description = "Emilia configuration";
1429 type = submodule {
1430 options = {
1431 postgresql = mkPsqlOptions "Emilia";
1432 };
1433 };
1434 };
1435 florian = mkOption {
1436 description = "Florian configuration";
1437 type = submodule {
1438 options = {
1439 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1440 };
1441 };
1442 };
1443 nassime = mkOption {
1444 description = "Nassime configuration";
1445 type = submodule {
1446 options = {
1447 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1448 };
1449 };
1450 };
1451 piedsjaloux = mkOption {
1452 description = "Piedsjaloux configurations by environment";
1453 type =
1454 let
1455 pjSubmodule = mkOption {
1456 description = "environment configuration";
1457 type = submodule {
1458 options = {
1459 environment = mkOption { type = str; description = "Symfony environment"; };
87a8bffd 1460 mysql = mkMysqlOptions "Piedsjaloux" {};
ab8f306d
IB		 1461 secret = mkOption { type = str; description = "Symfony App secret"; };
1462 };
1463 };
1464 };
1465 in
1466 submodule {
1467 options = {
1468 production = pjSubmodule;
1469 integration = pjSubmodule;
1470 };
1471 };
1472 };
91b75ffe
IB		 1473 richie = mkOption {
1474 description = "Europe Richie configurations by environment";
1475 type = submodule {
1476 options = {
87a8bffd 1477 mysql = mkMysqlOptions "Richie" {};
91b75ffe
IB		 1478 smtp_mailer = mkOption {
1479 description = "SMTP mailer configuration";
1480 type = submodule {
1481 options = {
1482 user = mkOption { type = str; description = "Username"; };
1483 password = mkOption { type = str; description = "Password"; };
1484 };
1485 };
1486 };
1487 };
1488 };
1489 };
6c95e93c
IB		 1490 caldance = mkOption {
1491 description = "Caldance configurations by environment";
1492 type = submodule {
1493 options = {
1494 integration = mkOption {
1495 description = "environment configuration";
1496 type = submodule {
1497 options = {
1498 password = mkOption { type = str; description = "Password file content for basic auth"; };
1499 };
1500 };
1501 };
1502 };
1503 };
1504 };
ab8f306d
IB		 1505 tellesflorian = mkOption {
1506 description = "Tellesflorian configurations by environment";
1507 type =
1508 let
1509 tfSubmodule = mkOption {
1510 description = "environment configuration";
1511 type = submodule {
1512 options = {
1513 environment = mkOption { type = str; description = "Symfony environment"; };
87a8bffd 1514 mysql = mkMysqlOptions "Tellesflorian" {};
ab8f306d
IB		 1515 secret = mkOption { type = str; description = "Symfony App secret"; };
1516 invite_passwords = mkOption { type = str; description = "Password basic auth"; };
1517 };
1518 };
1519 };
1520 in
1521 submodule {
1522 options = {
1523 integration = tfSubmodule;
1524 };
1525 };
1526 };
1527 };
1528 };
1529 };
ab8f306d 1530 };
619e4f46
IB		 1531 options.hostEnv = mkOption {
1532 readOnly = true;
1533 type = hostEnv;
1534 default = config.myEnv.servers."${name}";
1535 description = "Host environment";
ab8f306d
IB		 1536 };
1537}
My infrastructure configuration