]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/environment.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Improve assets generation
[perso/Immae/Config/Nix.git] / modules / private / environment.nix
1 { config, lib, name, ... }:
2 with lib;
3 with types;
4 with lists;
5 let
6 ldapOptions = {
7 base = mkOption { description = "Base of the LDAP tree"; type = str; };
8 host = mkOption { description = "Host to access LDAP"; type = str; };
9 root_dn = mkOption { description = "DN of the root user"; type = str; };
10 root_pw = mkOption { description = "Hashed password of the root user"; type = str; };
11 replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; };
12 replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; };
13 };
14 mkLdapOptions = name: more: mkOption {
15 description = "${name} LDAP configuration";
16 type = submodule {
17 options = ldapOptions // {
18 dn = mkOption { description = "DN of the ${name} user"; type = str; };
19 password = mkOption { description = "password of the ${name} user"; type = str; };
20 filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; };
21 } // more;
22 };
23 };
24 mysqlOptions = {
25 host = mkOption { description = "Host to access Mysql"; type = str; };
26 remoteHost = mkOption { description = "Host to access Mysql from outside"; type = str; };
27 port = mkOption { description = "Port to access Mysql"; type = str; };
28 socket = mkOption { description = "Socket to access Mysql"; type = path; };
29 systemUsers = mkOption {
30 description = "Attrs of user-passwords allowed to access mysql";
31 type = attrsOf str;
32 };
33 pam = mkOption {
34 description = "PAM configuration for mysql";
35 type = submodule {
36 options = {
37 dn = mkOption { description = "DN to connect as to check users"; type = str; };
38 password = mkOption { description = "DN password to connect as to check users"; type = str; };
39 filter = mkOption { description = "filter to match users"; type = str; };
40 };
41 };
42 };
43 };
44 mkMysqlOptions = name: more: mkOption {
45 description = "${name} mysql configuration";
46 type = submodule {
47 options = mysqlOptions // {
48 database = mkOption { description = "${name} database"; type = str; };
49 user = mkOption { description = "${name} user"; type = str; };
50 password = mkOption { description = "mysql password of the ${name} user"; type = str; };
51 } // more;
52 };
53 };
54 psqlOptions = {
55 host = mkOption { description = "Host to access Postgresql"; type = str; };
56 port = mkOption { description = "Port to access Postgresql"; type = str; };
57 socket = mkOption { description = "Socket to access Postgresql"; type = path; };
58 pam = mkOption {
59 description = "PAM configuration for psql";
60 type = submodule {
61 options = {
62 dn = mkOption { description = "DN to connect as to check users"; type = str; };
63 password = mkOption { description = "DN password to connect as to check users"; type = str; };
64 filter = mkOption { description = "filter to match users"; type = str; };
65 };
66 };
67 };
68 };
69 mkPsqlOptions = name: mkOption {
70 description = "${name} psql configuration";
71 type = submodule {
72 options = psqlOptions // {
73 database = mkOption { description = "${name} database"; type = str; };
74 schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; };
75 user = mkOption { description = "${name} user"; type = str; };
76 password = mkOption { description = "psql password of the ${name} user"; type = str; };
77 };
78 };
79 };
80 redisOptions = {
81 host = mkOption { description = "Host to access Redis"; type = str; };
82 port = mkOption { description = "Port to access Redis"; type = str; };
83 socket = mkOption { description = "Socket to access Redis"; type = path; };
84 dbs = mkOption {
85 description = "Attrs of db number. Each number should be unique to avoid collision!";
86 type = attrsOf str;
87 };
88 spiped_key = mkOption {
89 type = str;
90 description = ''
91 Key to use with spiped to make a secure channel to replication
92 '';
93 };
94 predixy = mkOption {
95 description = "Predixy configuration. Unused yet";
96 type = submodule {
97 options = {
98 read = mkOption { type = str; description = "Read password"; };
99 };
100 };
101 };
102 };
103 mkRedisOptions = name: mkOption {
104 description = "${name} redis configuration";
105 type = submodule {
106 options = redisOptions // {
107 db = mkOption { description = "${name} database"; type = str; };
108 };
109 };
110 };
111 smtpOptions = {
112 host = mkOption { description = "Host to access SMTP"; type = str; };
113 port = mkOption { description = "Port to access SMTP"; type = str; };
114 };
115 mkSmtpOptions = name: mkOption {
116 description = "${name} smtp configuration";
117 type = submodule {
118 options = smtpOptions // {
119 email = mkOption { description = "${name} email"; type = str; };
120 password = mkOption { description = "SMTP password of the ${name} user"; type = str; };
121 };
122 };
123 };
124 hostEnv = submodule {
125 options = {
126 fqdn = mkOption {
127 description = "Host FQDN";
128 type = str;
129 };
130 users = mkOption {
131 type = unspecified;
132 default = pkgs: [];
133 description = ''
134 Sublist of users from realUsers. Function that takes pkgs as
135 argument and gives an array as a result
136 '';
137 };
138 emails = mkOption {
139 default = [];
140 description = "List of e-mails that the server can be a sender of";
141 type = listOf str;
142 };
143 ldap = mkOption {
144 description = ''
145 LDAP credentials for the host
146 '';
147 type = submodule {
148 options = {
149 password = mkOption { type = str; description = "Password for the LDAP connection"; };
150 dn = mkOption { type = str; description = "DN for the LDAP connection"; };
151 };
152 };
153 };
154 mx = mkOption {
155 description = "subdomain and priority for MX server";
156 default = { enable = false; };
157 type = submodule {
158 options = {
159 enable = mkEnableOption "Enable MX";
160 subdomain = mkOption { type = nullOr str; description = "Subdomain name (mx-*)"; };
161 priority = mkOption { type = nullOr str; description = "Priority"; };
162 };
163 };
164 };
165 ips = mkOption {
166 description = ''
167 attrs of ip4/ip6 grouped by section
168 '';
169 type = attrsOf (submodule {
170 options = {
171 ip4 = mkOption {
172 type = listOf str;
173 default = [];
174 description = ''
175 ip4 addresses of the host
176 '';
177 };
178 ip6 = mkOption {
179 type = listOf str;
180 default = [];
181 description = ''
182 ip6 addresses of the host
183 '';
184 };
185 };
186 });
187 };
188 };
189 };
190 in
191 {
192 options.myEnv = {
193 servers = mkOption {
194 description = ''
195 Attrs of servers information in the cluster (not necessarily handled by nixops)
196 '';
197 default = {};
198 type = attrsOf hostEnv;
199 };
200 hetznerCloud = mkOption {
201 description = ''
202 Hetzner Cloud credential information
203 '';
204 type = submodule {
205 options = {
206 authToken = mkOption {
207 type = str;
208 description = ''
209 The API auth token.
210 '';
211 };
212 };
213 };
214 };
215 hetzner = mkOption {
216 description = ''
217 Hetzner credential information
218 '';
219 type = submodule {
220 options = {
221 user = mkOption { type = str; description = "User"; };
222 pass = mkOption { type = str; description = "Password"; };
223 };
224 };
225 };
226 sshd = mkOption {
227 description = ''
228 sshd service credential information
229 '';
230 type = submodule {
231 options = {
232 rootKeys = mkOption { type = attrsOf str; description = "Keys of root users"; };
233 ldap = mkOption {
234 description = ''
235 LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn
236 '';
237 type = submodule {
238 options = {
239 password = mkOption { description = "Password"; type = str; };
240 };
241 };
242 };
243 };
244 };
245 };
246 ports = mkOption {
247 description = ''
248 non-standard reserved ports. Must be unique!
249 '';
250 type = attrsOf port;
251 default = {};
252 apply = let
253 noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x));
254 in
255 x: if isAttrs x && noDupl x then x else throw "Non unique values for ports";
256 };
257 httpd = mkOption {
258 description = ''
259 httpd service credential information
260 '';
261 type = submodule {
262 options = {
263 ldap = mkOption {
264 description = ''
265 LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn
266 '';
267 type = submodule {
268 options = {
269 password = mkOption { description = "Password"; type = str; };
270 };
271 };
272 };
273 };
274 };
275 };
276 smtp = mkOption {
277 type = submodule { options = smtpOptions; };
278 description = "SMTP configuration";
279 };
280 ldap = mkOption {
281 description = ''
282 LDAP server configuration
283 '';
284 type = submodule {
285 options = ldapOptions;
286 };
287 };
288 databases = mkOption {
289 description = "Databases configuration";
290 type = submodule {
291 options = {
292 mysql = mkOption {
293 type = submodule { options = mysqlOptions; };
294 description = "Mysql configuration";
295 };
296 redis = mkOption {
297 type = submodule { options = redisOptions; };
298 description = "Redis configuration";
299 };
300 postgresql = mkOption {
301 type = submodule { options = psqlOptions; };
302 description = "Postgresql configuration";
303 };
304 };
305 };
306 };
307 jabber = mkOption {
308 description = "Jabber configuration";
309 type = submodule {
310 options = {
311 postfix_user_filter = mkOption { type = str; description = "Postfix filter to get xmpp users"; };
312 ldap = mkLdapOptions "Jabber" {};
313 postgresql = mkPsqlOptions "Jabber";
314 };
315 };
316 };
317 realUsers = mkOption {
318 description = ''
319 Attrset of function taking pkgs as argument.
320 Real users settings, should provide a subattr of users.users.<name>
321 with at least: name, (hashed)Password, shell
322 '';
323 type = attrsOf unspecified;
324 };
325 users = mkOption {
326 description = "System and regular users uid/gid";
327 type = attrsOf (submodule {
328 options = {
329 uid = mkOption {
330 description = "user uid";
331 type = int;
332 };
333 gid = mkOption {
334 description = "user gid";
335 type = int;
336 };
337 };
338 });
339 };
340 dns = mkOption {
341 description = "DNS configuration";
342 type = submodule {
343 options = {
344 soa = mkOption {
345 description = "SOA information";
346 type = submodule {
347 options = {
348 serial = mkOption {
349 description = "Serial number. Should be incremented at each change and unique";
350 type = str;
351 };
352 refresh = mkOption {
353 description = "Refresh time";
354 type = str;
355 };
356 retry = mkOption {
357 description = "Retry time";
358 type = str;
359 };
360 expire = mkOption {
361 description = "Expire time";
362 type = str;
363 };
364 ttl = mkOption {
365 description = "Default TTL time";
366 type = str;
367 };
368 email = mkOption {
369 description = "hostmaster e-mail";
370 type = str;
371 };
372 primary = mkOption {
373 description = "Primary NS";
374 type = str;
375 };
376 };
377 };
378 };
379 ns = mkOption {
380 description = "Attrs of NS servers group";
381 example = {
382 foo = {
383 "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ];
384 "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ];
385 };
386 };
387 type = attrsOf (attrsOf (listOf str));
388 };
389 keys = mkOption {
390 default = {};
391 description = "DNS keys";
392 type = attrsOf (submodule {
393 options = {
394 algorithm = mkOption { type = str; description = "Algorithm"; };
395 secret = mkOption { type = str; description = "Secret"; };
396 };
397 });
398 };
399 slaveZones = mkOption {
400 description = "List of slave zones";
401 type = listOf (submodule {
402 options = {
403 name = mkOption { type = str; description = "zone name"; };
404 masters = mkOption {
405 description = "NS master groups of this zone";
406 type = listOf str;
407 };
408 keys = mkOption {
409 default = [];
410 description = "Keys associated to the server";
411 type = listOf str;
412 };
413 };
414 });
415 };
416 masterZones = mkOption {
417 description = "List of master zones";
418 type = listOf (submodule {
419 options = {
420 name = mkOption { type = str; description = "zone name"; };
421 withCAA = mkOption { type = nullOr str; description = "CAA entry"; default = null; };
422 slaves = mkOption {
423 description = "NS slave groups of this zone";
424 type = listOf str;
425 };
426 ns = mkOption {
427 description = "groups names that should have their NS entries listed here";
428 type = listOf str;
429 };
430 extra = mkOption {
431 description = "Extra zone configuration for bind";
432 example = ''
433 notify yes;
434 '';
435 type = lines;
436 };
437 entries = mkOption { type = lines; description = "Regular entries of the NS zone"; };
438 withEmail = mkOption {
439 description = "List of domains that should have mail entries (MX, dkim, SPF, ...)";
440 default = [];
441 type = listOf (submodule {
442 options = {
443 domain = mkOption { type = str; description = "Which subdomain is concerned"; };
444 send = mkOption { type = bool; description = "Whether there can be e-mails originating from the subdomain"; };
445 receive = mkOption { type = bool; description = "Whether there can be e-mails arriving to the subdomain"; };
446 };
447 });
448 };
449 };
450 });
451 };
452 };
453 };
454 };
455 backup = mkOption {
456 description = ''
457 Remote backup with duplicity
458 '';
459 type = submodule {
460 options = {
461 password = mkOption { type = str; description = "Password for encrypting files"; };
462 remotes = mkOption {
463 type = attrsOf (submodule {
464 options = {
465 remote = mkOption {
466 type = unspecified;
467 example = literalExample ''
468 bucket: "s3://some_host/${bucket}";
469 '';
470 description = ''
471 Function.
472 Takes a bucket name as argument and returns a url
473 '';
474 };
475 accessKeyId = mkOption { type = str; description = "Remote access-key"; };
476 secretAccessKey = mkOption { type = str; description = "Remote access secret"; };
477 };
478 });
479 };
480 };
481 };
482 };
483 zrepl_backup = mkOption {
484 type = submodule {
485 options = {
486 ssh_key = mkOption {
487 description = "SSH key information";
488 type = submodule {
489 options = {
490 public = mkOption { type = str; description = "Public part of the key"; };
491 private = mkOption { type = lines; description = "Private part of the key"; };
492 };
493 };
494 };
495 mysql = mkMysqlOptions "Zrepl" {};
496 certs = mkOption {
497 description = "Certificates";
498 type = attrsOf (submodule {
499 options = {
500 key = mkOption { type = str; description = "Key"; };
501 certificate = mkOption { type = str; description = "Certificate"; };
502 };
503 });
504 };
505 };
506 };
507 };
508 rsync_backup = mkOption {
509 description =''
510 Rsync backup configuration from controlled host
511 '';
512 type = submodule {
513 options = {
514 ssh_key = mkOption {
515 description = "SSH key information";
516 type = submodule {
517 options = {
518 public = mkOption { type = str; description = "Public part of the key"; };
519 private = mkOption { type = lines; description = "Private part of the key"; };
520 };
521 };
522 };
523 profiles = mkOption {
524 description = "Attrs of profiles to backup";
525 type = attrsOf (submodule {
526 options = {
527 keep = mkOption { type = int; description = "Number of backups to keep"; };
528 check_command = mkOption { type = str; description = "command to check if backup needs to be done"; default = "backup"; };
529 login = mkOption { type = str; description = "Login to connect to host"; };
530 port = mkOption { type = str; default = "22"; description = "Port to connect to host"; };
531 host = mkOption { type = str; description = "Host to connect to"; };
532 host_key = mkOption { type = str; description = "Host key"; };
533 host_key_type = mkOption { type = str; description = "Host key type"; };
534 parts = mkOption {
535 description = "Parts to backup for this host";
536 type = attrsOf (submodule {
537 options = {
538 remote_folder = mkOption { type = path; description = "Remote folder to backup";};
539 exclude_from = mkOption {
540 type = listOf path;
541 default = [];
542 description = "List of folders/files to exclude from the backup";
543 };
544 files_from = mkOption {
545 type = listOf path;
546 default = [];
547 description = "List of folders/files to backup in the base folder";
548 };
549 args = mkOption {
550 type = nullOr str;
551 default = null;
552 description = "Extra arguments to pass to rsync";
553 };
554 };
555 });
556 };
557 };
558 });
559 };
560 };
561 };
562 };
563 monitoring = mkOption {
564 description = "Monitoring configuration";
565 type = submodule {
566 options = {
567 status_url = mkOption { type = str; description = "URL to push status to"; };
568 status_token = mkOption { type = str; description = "Token for the status url"; };
569 http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; };
570 email = mkOption { type = str; description = "Admin E-mail"; };
571 ssh_public_key = mkOption { type = str; description = "SSH public key"; };
572 ssh_secret_key = mkOption { type = str; description = "SSH secret key"; };
573 imap_login = mkOption { type = str; description = "IMAP login"; };
574 imap_password = mkOption { type = str; description = "IMAP password"; };
575 eriomem_keys = mkOption { type = listOf (listOf str); description = "Eriomem keys"; default = []; };
576 ovh_sms = mkOption {
577 description = "OVH credentials for sms script";
578 type = submodule {
579 options = {
580 endpoint = mkOption { type = str; default = "ovh-eu"; description = "OVH endpoint"; };
581 application_key = mkOption { type = str; description = "Application key"; };
582 application_secret = mkOption { type = str; description = "Application secret"; };
583 consumer_key = mkOption { type = str; description = "Consumer key"; };
584 account = mkOption { type = str; description = "Account"; };
585 };
586 };
587 };
588 nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; };
589 apprise_urls = mkOption { type = str; description = "Apprise space-separated urls to push status update"; };
590 netdata_aggregator = mkOption { type = str; description = "Url where netdata information should be sent"; };
591 netdata_keys = mkOption { type = attrsOf str; description = "netdata host keys"; };
592 contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; };
593 email_check = mkOption {
594 description = "Emails services to check";
595 type = attrsOf (submodule {
596 options = {
597 local = mkOption { type = bool; default = false; description = "Use local configuration"; };
598 port = mkOption { type = nullOr str; default = null; description = "Port to connect to ssh"; };
599 login = mkOption { type = nullOr str; default = null; description = "Login to connect to ssh"; };
600 targets = mkOption { type = listOf str; description = "Hosts to send E-mails to"; };
601 mail_address = mkOption { type = nullOr str; default = null; description = "E-mail recipient part to send e-mail to"; };
602 mail_domain = mkOption { type = nullOr str; default = null; description = "E-mail domain part to send e-mail to"; };
603 };
604 });
605 };
606 };
607 };
608 };
609 mpd = mkOption {
610 description = "MPD configuration";
611 type = submodule {
612 options = {
613 folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; };
614 password = mkOption { type = str; description = "Password to connect to the MPD instance"; };
615 host = mkOption { type = str; description = "Host to connect to the MPD instance"; };
616 port = mkOption { type = str; description = "Port to connect to the MPD instance"; };
617 };
618 };
619 };
620 ftp = mkOption {
621 description = "FTP configuration";
622 type = submodule {
623 options = {
624 ldap = mkLdapOptions "FTP" {
625 proftpd_filter = mkOption { type = str; description = "Filter for proftpd listing in LDAP"; };
626 pure-ftpd_filter = mkOption { type = str; description = "Filter for pure-ftpd listing in LDAP"; };
627 };
628 };
629 };
630 };
631 vpn = mkOption {
632 description = "VPN configuration";
633 type = attrsOf (submodule {
634 options = {
635 prefix = mkOption { type = str; description = "ipv6 prefix for the vpn subnet"; };
636 privateKey = mkOption { type = str; description = "Private key for the host"; };
637 publicKey = mkOption { type = str; description = "Public key for the host"; };
638 };
639 });
640 };
641 mail = mkOption {
642 description = "Mail configuration";
643 type = submodule {
644 options = {
645 dmarc = mkOption {
646 description = "DMARC configuration";
647 type = submodule {
648 options = {
649 ignore_hosts = mkOption {
650 type = lines;
651 description = ''
652 Hosts to ignore when checking for dmarc
653 '';
654 };
655 };
656 };
657 };
658 dkim = mkOption {
659 description = "DKIM configuration";
660 type = attrsOf (submodule {
661 options = {
662 public = mkOption {
663 type = str;
664 example = ''
665 ( "v=DKIM1; k=rsa; "
666 "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB" )
667 '';
668 description = "Public entry to put in DNS TXT field";
669 };
670 private = mkOption { type = str; description = "Private key"; };
671 };
672 });
673 };
674 postfix = mkOption {
675 description = "Postfix configuration";
676 type = submodule {
677 options = {
678 additional_mailbox_domains = mkOption {
679 description = ''
680 List of domains that are used as mailbox final destination, in addition to those defined in the DNS records
681 '';
682 type = listOf str;
683 };
684 mysql = mkMysqlOptions "Postfix" {
685 password_encrypt = mkOption { type = str; description = "Key to encrypt relay password in database"; };
686 };
687 backup_domains = mkOption {
688 description = ''
689 Domains that are accepted for relay as backup domain
690 '';
691 type = attrsOf (submodule {
692 options = {
693 domains = mkOption { type = listOf str; description = "Domains list"; };
694 relay_restrictions = mkOption {
695 type = lines;
696 description = ''
697 Restrictions for relaying the e-mails from the domains
698 '';
699 };
700 recipient_maps = mkOption {
701 description = ''
702 Recipient map to accept relay for.
703 Must be specified for domain, the rules apply to everyone!
704 '';
705 type = listOf (submodule {
706 options = {
707 type = mkOption {
708 type = enum [ "hash" ];
709 description = "Map type";
710 };
711 content = mkOption {
712 type = str;
713 description = "Map content";
714 };
715 };
716 });
717 };
718 };
719 });
720 };
721 };
722 };
723 };
724 dovecot = mkOption {
725 description = "Dovecot configuration";
726 type = submodule {
727 options = {
728 ldap = mkLdapOptions "Dovecot" {
729 pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; };
730 user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; };
731 iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; };
732 iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; };
733 postfix_mailbox_filter = mkOption { type = str; description = "Postfix filter to get mailboxes"; };
734 };
735 };
736 };
737 };
738 rspamd = mkOption {
739 description = "rspamd configuration";
740 type = submodule {
741 options = {
742 redis = mkRedisOptions "Redis";
743 read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; };
744 write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; };
745 read_password = mkOption {
746 type = str;
747 description = "Read password for rspamd. Unused";
748 apply = x: "";
749 };
750 write_password = mkOption {
751 type = str;
752 description = "Write password for rspamd. Unused";
753 apply = x: "";
754 };
755 };
756 };
757 };
758 scripts = mkOption {
759 description = "Mail script recipients";
760 type = attrsOf (submodule {
761 options = {
762 external = mkEnableOption "Create a script_<name>@mail.immae.eu external address";
763 src = mkOption {
764 description = ''
765 git source to fetch the script from.
766 It must have a default.nix file as its root accepting a scriptEnv parameter
767 '';
768 type = submodule {
769 options = {
770 url = mkOption { type = str; description = "git url to fetch"; };
771 rev = mkOption { type = str; description = "git reference to fetch"; };
772 };
773 };
774 };
775 env = mkOption {
776 description = "Variables to pass to the script";
777 type = unspecified;
778 };
779 };
780 });
781 };
782 sympa = mkOption {
783 description = "Sympa configuration";
784 type = submodule {
785 options = {
786 listmasters = mkOption {
787 type = listOf str;
788 description = "Listmasters";
789 };
790 postgresql = mkPsqlOptions "Sympa";
791 data_sources = mkOption {
792 type = attrsOf str;
793 default = {};
794 description = "Data sources to make available to sympa";
795 };
796 scenari = mkOption {
797 type = attrsOf str;
798 default = {};
799 description = "Scenari to make available to sympa";
800 };
801 };
802 };
803 };
804 };
805 };
806 };
807 coturn = mkOption {
808 description = "Coturn configuration";
809 type = submodule {
810 options = {
811 auth_access_key = mkOption { type = str; description = "key to access coturn"; };
812 };
813 };
814 };
815 buildbot = mkOption {
816 description = "Buildbot configuration";
817 type = submodule {
818 options = {
819 ssh_key = mkOption {
820 description = "SSH key information";
821 type = submodule {
822 options = {
823 public = mkOption { type = str; description = "Public part of the key"; };
824 private = mkOption { type = lines; description = "Private part of the key"; };
825 };
826 };
827 };
828 workerPassword = mkOption { description = "Buildbot worker password"; type = str; };
829 user = mkOption {
830 description = "Buildbot user";
831 type = submodule {
832 options = {
833 uid = mkOption {
834 description = "user uid";
835 type = int;
836 };
837 gid = mkOption {
838 description = "user gid";
839 type = int;
840 };
841 };
842 };
843 };
844 ldap = mkOption {
845 description = "Ldap configuration for buildbot";
846 type = submodule {
847 options = {
848 password = mkOption { type = str; description = "Buildbot password"; };
849 };
850 };
851 };
852 projects = mkOption {
853 description = "Projects to make a buildbot for";
854 type = attrsOf (submodule {
855 options = {
856 name = mkOption { type = str; description = "Project name"; };
857 packages = mkOption {
858 type = unspecified;
859 example = literalExample ''
860 pkgs: [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ];
861 '';
862 description = ''
863 Function.
864 Builds packages list to make available to buildbot project.
865 Takes pkgs as argument.
866 '';
867 };
868 pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; };
869 workerPort = mkOption { type = port; description = "Port for the worker"; };
870 secrets = mkOption {
871 #type = attrsOf (either str (functionTo str));
872 type = attrsOf unspecified;
873 description = "Secrets for the project to dump as files. Might be a function that takes pkgs as argument";
874 };
875 environment = mkOption {
876 #type = attrsOf (either str (functionTo str));
877 type = attrsOf unspecified;
878 description = ''
879 Environment variables for the project. Might be a function that takes pkgs as argument.
880 BUILDBOT_ is prefixed to the variable names
881 '';
882 };
883 activationScript = mkOption {
884 type = lines;
885 description = ''
886 Activation script to run during deployment
887 '';
888 };
889 webhookTokens = mkOption {
890 type = nullOr (listOf str);
891 default = null;
892 description = ''
893 List of tokens allowed to push to project’s change_hook/base endpoint
894 '';
895 };
896 };
897 });
898 };
899 };
900 };
901 };
902 tools = mkOption {
903 description = "Tools configurations";
904 type = submodule {
905 options = {
906 contact = mkOption { type = str; description = "Contact e-mail address"; };
907 assets = mkOption {
908 default = {};
909 type = attrsOf (submodule {
910 options = {
911 assetType = mkOption { type = enum ["tgz" "url" "googleFont"]; default = "url"; description = "Type of asset"; };
912 tgzRemoveComponents = mkOption { type = int; default = 0; description = "Remove components when extracting"; };
913 url = mkOption { type = str; description = "URL to fetch"; };
914 sha256 = mkOption { type = str; description = "Hash of the url"; };
915 };
916 });
917 description = "Assets to provide on assets.immae.eu";
918 };
919 davical = mkOption {
920 description = "Davical configuration";
921 type = submodule {
922 options = {
923 postgresql = mkPsqlOptions "Davical";
924 ldap = mkLdapOptions "Davical" {};
925 };
926 };
927 };
928 diaspora = mkOption {
929 description = "Diaspora configuration";
930 type = submodule {
931 options = {
932 postgresql = mkPsqlOptions "Diaspora";
933 redis = mkRedisOptions "Diaspora";
934 ldap = mkLdapOptions "Diaspora" {};
935 secret_token = mkOption { type = str; description = "Secret token"; };
936 };
937 };
938 };
939 dmarc_reports = mkOption {
940 description = "DMARC reports configuration";
941 type = submodule {
942 options = {
943 mysql = mkMysqlOptions "DMARC" {};
944 anonymous_key = mkOption { type = str; description = "Anonymous hashing key"; };
945 };
946 };
947 };
948 etherpad-lite = mkOption {
949 description = "Etherpad configuration";
950 type = submodule {
951 options = {
952 postgresql = mkPsqlOptions "Etherpad";
953 ldap = mkLdapOptions "Etherpad" {
954 group_filter = mkOption { type = str; description = "Filter for groups"; };
955 };
956 adminPassword = mkOption { type = str; description = "Admin password for mypads / admin"; };
957 session_key = mkOption { type = str; description = "Session key"; };
958 api_key = mkOption { type = str; description = "API key"; };
959 };
960 };
961 };
962 gitolite = mkOption {
963 description = "Gitolite configuration";
964 type = submodule {
965 options = {
966 ldap = mkLdapOptions "Gitolite" {};
967 ssh_key = mkOption {
968 description = "SSH key information";
969 type = submodule {
970 options = {
971 public = mkOption { type = str; description = "Public part of the key"; };
972 private = mkOption { type = lines; description = "Private part of the key"; };
973 };
974 };
975 };
976 };
977 };
978 };
979 kanboard = mkOption {
980 description = "Kanboard configuration";
981 type = submodule {
982 options = {
983 postgresql = mkPsqlOptions "Kanboard";
984 ldap = mkLdapOptions "Kanboard" {
985 admin_dn = mkOption { type = str; description = "Admin DN"; };
986 };
987 };
988 };
989 };
990 mantisbt = mkOption {
991 description = "Mantisbt configuration";
992 type = submodule {
993 options = {
994 postgresql = mkPsqlOptions "Mantisbt";
995 ldap = mkLdapOptions "Mantisbt" {};
996 master_salt = mkOption { type = str; description = "Master salt for password hash"; };
997 };
998 };
999 };
1000 mastodon = mkOption {
1001 description = "Mastodon configuration";
1002 type = submodule {
1003 options = {
1004 postgresql = mkPsqlOptions "Mastodon";
1005 redis = mkRedisOptions "Mastodon";
1006 ldap = mkLdapOptions "Mastodon" {};
1007 paperclip_secret = mkOption { type = str; description = "Paperclip secret"; };
1008 otp_secret = mkOption { type = str; description = "OTP secret"; };
1009 secret_key_base = mkOption { type = str; description = "Secret key base"; };
1010 vapid = mkOption {
1011 description = "vapid key";
1012 type = submodule {
1013 options = {
1014 private = mkOption { type = str; description = "Private key"; };
1015 public = mkOption { type = str; description = "Public key"; };
1016 };
1017 };
1018 };
1019 };
1020 };
1021 };
1022 mediagoblin = mkOption {
1023 description = "Mediagoblin configuration";
1024 type = submodule {
1025 options = {
1026 postgresql = mkPsqlOptions "Mediagoblin";
1027 redis = mkRedisOptions "Mediagoblin";
1028 ldap = mkLdapOptions "Mediagoblin" {};
1029 };
1030 };
1031 };
1032 nextcloud = mkOption {
1033 description = "Nextcloud configuration";
1034 type = submodule {
1035 options = {
1036 postgresql = mkPsqlOptions "Peertube";
1037 redis = mkRedisOptions "Peertube";
1038 password_salt = mkOption { type = str; description = "Password salt"; };
1039 instance_id = mkOption { type = str; description = "Instance ID"; };
1040 secret = mkOption { type = str; description = "App secret"; };
1041 };
1042 };
1043 };
1044 peertube = mkOption {
1045 description = "Peertube configuration";
1046 type = submodule {
1047 options = {
1048 listenPort = mkOption { type = port; description = "Port to listen to"; };
1049 postgresql = mkPsqlOptions "Peertube";
1050 redis = mkRedisOptions "Peertube";
1051 ldap = mkLdapOptions "Peertube" {};
1052 };
1053 };
1054 };
1055 syden_peertube = mkOption {
1056 description = "Peertube Syden configuration";
1057 type = submodule {
1058 options = {
1059 listenPort = mkOption { type = port; description = "Port to listen to"; };
1060 postgresql = mkPsqlOptions "Peertube";
1061 redis = mkRedisOptions "Peertube";
1062 };
1063 };
1064 };
1065 phpldapadmin = mkOption {
1066 description = "phpLdapAdmin configuration";
1067 type = submodule {
1068 options = {
1069 ldap = mkLdapOptions "phpldapadmin" {};
1070 };
1071 };
1072 };
1073 rompr = mkOption {
1074 description = "Rompr configuration";
1075 type = submodule {
1076 options = {
1077 mpd = mkOption {
1078 description = "MPD configuration";
1079 type = submodule {
1080 options = {
1081 host = mkOption { type = str; description = "Host for MPD"; };
1082 port = mkOption { type = port; description = "Port to access MPD host"; };
1083 };
1084 };
1085 };
1086 };
1087 };
1088 };
1089 roundcubemail = mkOption {
1090 description = "Roundcubemail configuration";
1091 type = submodule {
1092 options = {
1093 postgresql = mkPsqlOptions "TT-RSS";
1094 secret = mkOption { type = str; description = "Secret"; };
1095 };
1096 };
1097 };
1098 shaarli = mkOption {
1099 description = "Shaarli configuration";
1100 type = submodule {
1101 options = {
1102 ldap = mkLdapOptions "Shaarli" {};
1103 };
1104 };
1105 };
1106 status_engine = mkOption {
1107 description = "Status Engine configuration";
1108 type = submodule {
1109 options = {
1110 mysql = mkMysqlOptions "StatusEngine" {};
1111 ldap = mkLdapOptions "StatusEngine" {};
1112 };
1113 };
1114 };
1115 task = mkOption {
1116 description = "Taskwarrior configuration";
1117 type = submodule {
1118 options = {
1119 ldap = mkLdapOptions "Taskwarrior" {};
1120 taskwarrior-web = mkOption {
1121 description = "taskwarrior-web profiles";
1122 type = attrsOf (submodule {
1123 options = {
1124 uid = mkOption {
1125 type = listOf str;
1126 description = "List of ldap uids having access to this profile";
1127 };
1128 org = mkOption { type = str; description = "Taskd organisation"; };
1129 key = mkOption { type = str; description = "Taskd key"; };
1130 date = mkOption { type = str; description = "Preferred date format"; };
1131 };
1132 });
1133 };
1134 };
1135 };
1136 };
1137 ttrss = mkOption {
1138 description = "TT-RSS configuration";
1139 type = submodule {
1140 options = {
1141 postgresql = mkPsqlOptions "TT-RSS";
1142 ldap = mkLdapOptions "TT-RSS" {};
1143 };
1144 };
1145 };
1146 wallabag = mkOption {
1147 description = "Wallabag configuration";
1148 type = submodule {
1149 options = {
1150 postgresql = mkPsqlOptions "Wallabag";
1151 ldap = mkLdapOptions "Wallabag" {
1152 admin_filter = mkOption { type = str; description = "Admin users filter"; };
1153 };
1154 redis = mkRedisOptions "Wallabag";
1155 secret = mkOption { type = str; description = "App secret"; };
1156 };
1157 };
1158 };
1159 webhooks = mkOption {
1160 type = attrsOf str;
1161 description = "Mapping 'name'.php => script for webhooks";
1162 };
1163 csp_reports = mkOption {
1164 description = "CSP report configuration";
1165 type = submodule {
1166 options = {
1167 report_uri = mkOption { type = str; description = "URI to report CSP violations to"; };
1168 policies = mkOption { type = attrsOf str; description = "CSP policies to apply"; };
1169 };
1170 };
1171 };
1172 commento = mkOption {
1173 description = "Commento configuration";
1174 type = submodule {
1175 options = {
1176 listenPort = mkOption { type = port; description = "Port to listen to"; };
1177 postgresql = mkPsqlOptions "Commento";
1178 smtp = mkSmtpOptions "Commento";
1179 };
1180 };
1181 };
1182 cryptpad = mkOption {
1183 description = "Cryptpad configuration";
1184 type = attrsOf (submodule {
1185 options = {
1186 email = mkOption { type = str; description = "Admin e-mail"; };
1187 admins = mkOption { type = listOf str; description = "Instance admin public keys"; };
1188 port = mkOption { type = port; description = "Port to listen to"; };
1189 };
1190 });
1191 };
1192 ympd = mkOption {
1193 description = "Ympd configuration";
1194 type = submodule {
1195 options = {
1196 listenPort = mkOption { type = port; description = "Port to listen to"; };
1197 mpd = mkOption {
1198 description = "MPD configuration";
1199 type = submodule {
1200 options = {
1201 password = mkOption { type = str; description = "Password to access MPD host"; };
1202 host = mkOption { type = str; description = "Host for MPD"; };
1203 port = mkOption { type = port; description = "Port to access MPD host"; };
1204 };
1205 };
1206 };
1207 };
1208 };
1209 };
1210 umami = mkOption {
1211 description = "Umami configuration";
1212 type = submodule {
1213 options = {
1214 listenPort = mkOption { type = port; description = "Port to listen to"; };
1215 postgresql = mkPsqlOptions "Umami";
1216 hashSalt = mkOption { type = str; description = "Hash salt"; };
1217 };
1218 };
1219 };
1220 yourls = mkOption {
1221 description = "Yourls configuration";
1222 type = submodule {
1223 options = {
1224 mysql = mkMysqlOptions "Yourls" {};
1225 ldap = mkLdapOptions "Yourls" {};
1226 cookieKey = mkOption { type = str; description = "Cookie key"; };
1227 };
1228 };
1229 };
1230 };
1231 };
1232 };
1233 serverSpecific = mkOption { type = attrsOf unspecified; description = "Server specific configuration"; };
1234 websites = mkOption {
1235 description = "Websites configurations";
1236 type = submodule {
1237 options = {
1238 christophe_carpentier = mkOption {
1239 description = "Christophe Carpentier configuration by environment";
1240 type = submodule {
1241 options = {
1242 agorakit = mkOption {
1243 description = "Agorakit configuration";
1244 type = submodule {
1245 options = {
1246 mysql = mkMysqlOptions "Agorakit" {};
1247 smtp = mkSmtpOptions "Agorakit";
1248 appkey = mkOption { type = str; description = "App key"; };
1249 };
1250 };
1251 };
1252 };
1253 };
1254 };
1255 immae = mkOption {
1256 description = "Immae configuration by environment";
1257 type = submodule {
1258 options = {
1259 temp = mkOption {
1260 description = "Temp configuration";
1261 type = submodule {
1262 options = {
1263 ldap = mkLdapOptions "Immae temp" {
1264 filter = mkOption { type = str; description = "Filter for user access"; };
1265 };
1266 };
1267 };
1268 };
1269 };
1270 };
1271 };
1272 isabelle = mkOption {
1273 description = "Isabelle configurations by environment";
1274 type =
1275 let
1276 atenSubmodule = mkOption {
1277 description = "environment configuration";
1278 type = submodule {
1279 options = {
1280 environment = mkOption { type = str; description = "Symfony environment"; };
1281 secret = mkOption { type = str; description = "Symfony App secret"; };
1282 postgresql = mkPsqlOptions "Aten";
1283 };
1284 };
1285 };
1286 in
1287 submodule {
1288 options = {
1289 aten_production = atenSubmodule;
1290 aten_integration = atenSubmodule;
1291 iridologie = mkOption {
1292 description = "environment configuration";
1293 type = submodule {
1294 options = {
1295 environment = mkOption { type = str; description = "SPIP environment"; };
1296 mysql = mkMysqlOptions "Iridologie" {};
1297 ldap = mkLdapOptions "Iridologie" {};
1298 };
1299 };
1300 };
1301 };
1302 };
1303 };
1304 chloe = mkOption {
1305 description = "Chloe configurations by environment";
1306 type =
1307 let
1308 chloeSubmodule = mkOption {
1309 description = "environment configuration";
1310 type = submodule {
1311 options = {
1312 environment = mkOption { type = str; description = "SPIP environment"; };
1313 mysql = mkMysqlOptions "Chloe" {};
1314 ldap = mkLdapOptions "Chloe" {};
1315 };
1316 };
1317 };
1318 in
1319 submodule {
1320 options = {
1321 production = chloeSubmodule;
1322 integration = chloeSubmodule;
1323 new = mkOption {
1324 description = "environment configuration";
1325 type = submodule {
1326 options = {
1327 mysql = mkMysqlOptions "ChloeNew" {};
1328 ldap = mkLdapOptions "ChloeNew" {};
1329 secret = mkOption { type = str; description = "Symfony App secret"; };
1330 };
1331 };
1332 };
1333 };
1334 };
1335 };
1336 connexionswing = mkOption {
1337 description = "Connexionswing configurations by environment";
1338 type =
1339 let
1340 csSubmodule = mkOption {
1341 description = "environment configuration";
1342 type = submodule {
1343 options = {
1344 environment = mkOption { type = str; description = "Symfony environment"; };
1345 mysql = mkMysqlOptions "Connexionswing" {};
1346 secret = mkOption { type = str; description = "Symfony App secret"; };
1347 email = mkOption { type = str; description = "Symfony email notification"; };
1348 };
1349 };
1350 };
1351 in
1352 submodule {
1353 options = {
1354 production = csSubmodule;
1355 integration = csSubmodule;
1356 };
1357 };
1358 };
1359 jerome = mkOption {
1360 description = "Naturaloutil configuration";
1361 type = submodule {
1362 options = {
1363 mysql = mkMysqlOptions "Naturaloutil" {};
1364 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1365 };
1366 };
1367 };
1368 telio_tortay = mkOption {
1369 description = "Telio Tortay configuration";
1370 type = submodule {
1371 options = {
1372 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1373 };
1374 };
1375 };
1376 ludivine = mkOption {
1377 description = "Ludivinecassal configurations by environment";
1378 type =
1379 let
1380 lcSubmodule = mkOption {
1381 description = "environment configuration";
1382 type = submodule {
1383 options = {
1384 environment = mkOption { type = str; description = "Symfony environment"; };
1385 mysql = mkMysqlOptions "LudivineCassal" {};
1386 ldap = mkLdapOptions "LudivineCassal" {};
1387 secret = mkOption { type = str; description = "Symfony App secret"; };
1388 };
1389 };
1390 };
1391 in
1392 submodule {
1393 options = {
1394 production = lcSubmodule;
1395 integration = lcSubmodule;
1396 };
1397 };
1398 };
1399 nicecoop = mkOption {
1400 description = "Nicecoop configuration";
1401 type = submodule {
1402 options = {
1403 odoo = {
1404 port = mkOption { description = "Port to listen to"; type = port; };
1405 longpoll_port = mkOption { description = "Port to listen to"; type = port; };
1406 postgresql = mkPsqlOptions "Odoo";
1407 admin_password = mkOption { type = str; description = "Admin password"; };
1408 };
1409 gestion-compte = {
1410 smtp = mkSmtpOptions "GestionCompte";
1411 mysql = mkMysqlOptions "gestion-compte" {};
1412 secret = mkOption { type = str; description = "Application secret"; };
1413 adminpassword = mkOption { type = str; description = "Admin password"; };
1414 };
1415 gestion-compte-integration = {
1416 smtp = mkSmtpOptions "GestionCompte";
1417 mysql = mkMysqlOptions "gestion-compte" {};
1418 secret = mkOption { type = str; description = "Application secret"; };
1419 adminpassword = mkOption { type = str; description = "Admin password"; };
1420 };
1421 copanier = {
1422 smtp = mkSmtpOptions "Copanier";
1423 staff = mkOption { type = listOf str; description = "List of staff members"; };
1424 };
1425 };
1426 };
1427 };
1428 emilia = mkOption {
1429 description = "Emilia configuration";
1430 type = submodule {
1431 options = {
1432 postgresql = mkPsqlOptions "Emilia";
1433 };
1434 };
1435 };
1436 florian = mkOption {
1437 description = "Florian configuration";
1438 type = submodule {
1439 options = {
1440 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1441 };
1442 };
1443 };
1444 nassime = mkOption {
1445 description = "Nassime configuration";
1446 type = submodule {
1447 options = {
1448 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1449 };
1450 };
1451 };
1452 piedsjaloux = mkOption {
1453 description = "Piedsjaloux configurations by environment";
1454 type =
1455 let
1456 pjSubmodule = mkOption {
1457 description = "environment configuration";
1458 type = submodule {
1459 options = {
1460 environment = mkOption { type = str; description = "Symfony environment"; };
1461 mysql = mkMysqlOptions "Piedsjaloux" {};
1462 secret = mkOption { type = str; description = "Symfony App secret"; };
1463 };
1464 };
1465 };
1466 in
1467 submodule {
1468 options = {
1469 production = pjSubmodule;
1470 integration = pjSubmodule;
1471 };
1472 };
1473 };
1474 richie = mkOption {
1475 description = "Europe Richie configurations by environment";
1476 type = submodule {
1477 options = {
1478 mysql = mkMysqlOptions "Richie" {};
1479 smtp_mailer = mkOption {
1480 description = "SMTP mailer configuration";
1481 type = submodule {
1482 options = {
1483 user = mkOption { type = str; description = "Username"; };
1484 password = mkOption { type = str; description = "Password"; };
1485 };
1486 };
1487 };
1488 };
1489 };
1490 };
1491 caldance = mkOption {
1492 description = "Caldance configurations by environment";
1493 type = submodule {
1494 options = {
1495 integration = mkOption {
1496 description = "environment configuration";
1497 type = submodule {
1498 options = {
1499 password = mkOption { type = str; description = "Password file content for basic auth"; };
1500 };
1501 };
1502 };
1503 };
1504 };
1505 };
1506 tellesflorian = mkOption {
1507 description = "Tellesflorian configurations by environment";
1508 type =
1509 let
1510 tfSubmodule = mkOption {
1511 description = "environment configuration";
1512 type = submodule {
1513 options = {
1514 environment = mkOption { type = str; description = "Symfony environment"; };
1515 mysql = mkMysqlOptions "Tellesflorian" {};
1516 secret = mkOption { type = str; description = "Symfony App secret"; };
1517 invite_passwords = mkOption { type = str; description = "Password basic auth"; };
1518 };
1519 };
1520 };
1521 in
1522 submodule {
1523 options = {
1524 integration = tfSubmodule;
1525 };
1526 };
1527 };
1528 };
1529 };
1530 };
1531 };
1532 options.hostEnv = mkOption {
1533 readOnly = true;
1534 type = hostEnv;
1535 default = config.myEnv.servers."${name}";
1536 description = "Host environment";
1537 };
1538 }
My infrastructure configuration