7 base = mkOption { description = "Base of the LDAP tree"; type = str; };
8 host = mkOption { description = "Host to access LDAP"; type = str; };
9 root_dn = mkOption { description = "DN of the root user"; type = str; };
10 root_pw = mkOption { description = "Hashed password of the root user"; type = str; };
11 replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; };
12 replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; };
14 mkLdapOptions = name: more: mkOption {
15 description = "${name} LDAP configuration";
17 options = ldapOptions // {
18 dn = mkOption { description = "DN of the ${name} user"; type = str; };
19 password = mkOption { description = "password of the ${name} user"; type = str; };
20 filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; };
25 host = mkOption { description = "Host to access Mysql"; type = str; };
26 port = mkOption { description = "Port to access Mysql"; type = str; };
27 socket = mkOption { description = "Socket to access Mysql"; type = path; };
28 systemUsers = mkOption {
29 description = "Attrs of user-passwords allowed to access mysql";
33 description = "PAM configuration for mysql";
36 dn = mkOption { description = "DN to connect as to check users"; type = str; };
37 password = mkOption { description = "DN password to connect as to check users"; type = str; };
38 filter = mkOption { description = "filter to match users"; type = str; };
43 mkMysqlOptions = name: mkOption {
44 description = "${name} mysql configuration";
46 options = mysqlOptions // {
47 database = mkOption { description = "${name} database"; type = str; };
48 user = mkOption { description = "${name} user"; type = str; };
49 password = mkOption { description = "mysql password of the ${name} user"; type = str; };
54 host = mkOption { description = "Host to access Postgresql"; type = str; };
55 port = mkOption { description = "Port to access Postgresql"; type = str; };
56 socket = mkOption { description = "Socket to access Postgresql"; type = path; };
58 description = "PAM configuration for psql";
61 dn = mkOption { description = "DN to connect as to check users"; type = str; };
62 password = mkOption { description = "DN password to connect as to check users"; type = str; };
63 filter = mkOption { description = "filter to match users"; type = str; };
68 mkPsqlOptions = name: mkOption {
69 description = "${name} psql configuration";
71 options = psqlOptions // {
72 database = mkOption { description = "${name} database"; type = str; };
73 schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; };
74 user = mkOption { description = "${name} user"; type = str; };
75 password = mkOption { description = "psql password of the ${name} user"; type = str; };
80 host = mkOption { description = "Host to access Redis"; type = str; };
81 port = mkOption { description = "Port to access Redis"; type = str; };
82 socket = mkOption { description = "Socket to access Redis"; type = path; };
84 description = "Attrs of db number. Each number should be unique to avoid collision!";
87 spiped_key = mkOption {
90 Key to use with spiped to make a secure channel to replication
94 description = "Predixy configuration. Unused yet";
97 read = mkOption { type = str; description = "Read password"; };
102 mkRedisOptions = name: mkOption {
103 description = "${name} redis configuration";
105 options = redisOptions // {
106 db = mkOption { description = "${name} database"; type = str; };
115 Attrs of servers information in the cluster (not necessarily handled by nixops)
118 type = attrsOf (submodule {
122 description = "List of e-mails that the server can be a sender of";
127 LDAP credentials for the host
131 password = mkOption { type = string; description = "Password for the LDAP connection"; };
132 dn = mkOption { type = string; description = "DN for the LDAP connection"; };
138 attrs of ip4/ip6 grouped by section
140 type = attrsOf (submodule {
145 ip4 address of the host
149 type = listOf string;
152 ip6 addresses of the host
161 hetznerCloud = mkOption {
163 Hetzner Cloud credential information
167 authToken = mkOption {
178 Hetzner credential information
182 user = mkOption { type = str; description = "User"; };
183 pass = mkOption { type = str; description = "Password"; };
189 sshd service credential information
195 LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn
199 password = mkOption { description = "Password"; type = str; };
208 non-standard reserved ports. Must be unique!
213 noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x));
215 x: if isAttrs x && noDupl x then x else throw "Non unique values for ports";
219 httpd service credential information
225 LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn
229 password = mkOption { description = "Password"; type = str; };
238 LDAP server configuration
241 options = ldapOptions;
244 databases = mkOption {
245 description = "Databases configuration";
249 type = submodule { options = mysqlOptions; };
250 description = "Mysql configuration";
253 type = submodule { options = redisOptions; };
254 description = "Redis configuration";
256 postgresql = mkOption {
257 type = submodule { options = psqlOptions; };
258 description = "Postgresql configuration";
264 description = "Jabber configuration";
267 postfix_user_filter = mkOption { type = str; description = "Postfix filter to get xmpp users"; };
268 ldap = mkLdapOptions "Jabber" {};
269 postgresql = mkPsqlOptions "Jabber";
274 description = "System and regular users uid/gid";
275 type = attrsOf (submodule {
278 description = "user uid";
282 description = "user gid";
289 description = "DNS configuration";
293 description = "SOA information";
297 description = "Serial number. Should be incremented at each change and unique";
301 description = "Refresh time";
305 description = "Retry time";
309 description = "Expire time";
313 description = "Default TTL time";
317 description = "hostmaster e-mail";
321 description = "Primary NS";
328 description = "Attrs of NS servers group";
331 "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ];
332 "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ];
335 type = attrsOf (attrsOf (listOf str));
337 slaveZones = mkOption {
338 description = "List of slave zones";
339 type = listOf (submodule {
341 name = mkOption { type = str; description = "zone name"; };
343 description = "NS master groups of this zone";
349 masterZones = mkOption {
350 description = "List of master zones";
351 type = listOf (submodule {
353 name = mkOption { type = str; description = "zone name"; };
355 description = "NS slave groups of this zone";
359 description = "groups names that should have their NS entries listed here";
363 description = "Extra zone configuration for bind";
369 entries = mkOption { type = lines; description = "Regular entries of the NS zone"; };
370 withEmail = mkOption {
371 description = "List of domains that should have mail entries (MX, dkim, SPF, ...)";
373 type = listOf (submodule {
375 domain = mkOption { type = str; description = "Which subdomain is concerned"; };
376 send = mkOption { type = bool; description = "Whether there can be e-mails originating from the subdomain"; };
377 receive = mkOption { type = bool; description = "Whether there can be e-mails arriving to the subdomain"; };
389 Remote backup with duplicity
393 password = mkOption { type = str; description = "Password for encrypting files"; };
394 remote = mkOption { type = str; description = "Remote url access"; };
395 accessKeyId = mkOption { type = str; description = "Remote access-key"; };
396 secretAccessKey = mkOption { type = str; description = "Remote access secret"; };
400 rsync_backup = mkOption {
402 Rsync backup configuration from controlled host
406 mailto = mkOption { type = str; description = "Where to e-mail on error"; };
408 description = "SSH key information";
411 public = mkOption { type = str; description = "Public part of the key"; };
412 private = mkOption { type = lines; description = "Private part of the key"; };
416 profiles = mkOption {
417 description = "Attrs of profiles to backup";
418 type = attrsOf (submodule {
420 keep = mkOption { type = int; description = "Number of backups to keep"; };
421 login = mkOption { type = str; description = "Login to connect to host"; };
422 port = mkOption { type = str; default = "22"; description = "Port to connect to host"; };
423 host = mkOption { type = str; description = "Host to connect to"; };
424 host_key = mkOption { type = str; description = "Host key"; };
425 host_key_type = mkOption { type = str; description = "Host key type"; };
427 description = "Parts to backup for this host";
428 type = attrsOf (submodule {
430 remote_folder = mkOption { type = path; description = "Remote folder to backup";};
431 exclude_from = mkOption {
434 description = "List of folders/files to exclude from the backup";
436 files_from = mkOption {
439 description = "List of folders/files to backup in the base folder";
444 description = "Extra arguments to pass to rsync";
455 monitoring = mkOption {
456 description = "Monitoring configuration";
459 status_url = mkOption { type = str; description = "URL to push status to"; };
460 status_token = mkOption { type = str; description = "Token for the status url"; };
461 http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; };
462 email = mkOption { type = str; description = "Admin E-mail"; };
463 ssh_public_key = mkOption { type = str; description = "SSH public key"; };
464 ssh_secret_key = mkOption { type = str; description = "SSH secret key"; };
465 imap_login = mkOption { type = str; description = "IMAP login"; };
466 imap_password = mkOption { type = str; description = "IMAP password"; };
467 nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; };
468 slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; };
469 slack_channel = mkOption { type = str; description = "Slack channel to push status update"; };
470 contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; };
475 description = "MPD configuration";
478 folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; };
479 password = mkOption { type = str; description = "Password to connect to the MPD instance"; };
480 host = mkOption { type = str; description = "Host to connect to the MPD instance"; };
481 port = mkOption { type = str; description = "Port to connect to the MPD instance"; };
486 description = "FTP configuration";
489 ldap = mkLdapOptions "FTP" {};
494 description = "Mail configuration";
498 description = "DMARC configuration";
501 ignore_hosts = mkOption {
504 Hosts to ignore when checking for dmarc
511 description = "DKIM configuration";
512 type = attrsOf (submodule {
518 "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB" )
520 description = "Public entry to put in DNS TXT field";
522 private = mkOption { type = str; description = "Private key"; };
527 description = "Postfix configuration";
530 additional_mailbox_domains = mkOption {
532 List of domains that are used as mailbox final destination, in addition to those defined in the DNS records
536 mysql = mkMysqlOptions "Postfix";
537 backup_domains = mkOption {
539 Domains that are accepted for relay as backup domain
541 type = attrsOf (submodule {
543 domains = mkOption { type = listOf str; description = "Domains list"; };
544 relay_restrictions = mkOption {
547 Restrictions for relaying the e-mails from the domains
550 recipient_maps = mkOption {
552 Recipient map to accept relay for.
553 Must be specified for domain, the rules apply to everyone!
555 type = listOf (submodule {
558 type = enum [ "hash" ];
559 description = "Map type";
563 description = "Map content";
575 description = "Dovecot configuration";
578 ldap = mkLdapOptions "Dovecot" {
579 pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; };
580 user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; };
581 iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; };
582 iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; };
588 description = "rspamd configuration";
591 redis = mkRedisOptions "Redis";
592 read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; };
593 write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; };
594 read_password = mkOption {
596 description = "Read password for rspamd. Unused";
599 write_password = mkOption {
601 description = "Write password for rspamd. Unused";
608 description = "Mail script recipients";
609 type = attrsOf (submodule {
611 external = mkEnableOption "Create a script_<name>@mail.immae.eu external address";
614 git source to fetch the script from.
615 It must have a default.nix file as its root accepting a scriptEnv parameter
619 url = mkOption { type = str; description = "git url to fetch"; };
620 rev = mkOption { type = str; description = "git reference to fetch"; };
625 description = "Variables to pass to the script";
634 buildbot = mkOption {
635 description = "Buildbot configuration";
639 description = "Buildbot user";
643 description = "user uid";
647 description = "user gid";
654 description = "Ldap configuration for buildbot";
657 password = mkOption { type = str; description = "Buildbot password"; };
661 projects = mkOption {
662 description = "Projects to make a buildbot for";
663 type = attrsOf (submodule {
665 name = mkOption { type = str; description = "Project name"; };
666 packages = mkOption {
668 example = literalExample ''
669 pkgs: [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ];
673 Builds packages list to make available to buildbot project.
674 Takes pkgs as argument.
677 pythonPackages = mkOption {
679 example = literalExample ''
680 p: pkgs: [ pkgs.python3Packages.pip ];
684 Builds python packages list to make available to buildbot project.
685 Takes buildbot python module as first argument and pkgs as second argument in order to augment the python modules list.
688 pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; };
691 description = "Secrets for the project to dump as files";
693 environment = mkOption {
696 Environment variables for the project.
697 BUILDBOT_ is prefixed to the variable names
700 activationScript = mkOption {
703 Activation script to run during deployment
706 builderPaths = mkOption {
707 type = attrsOf unspecified;
710 Attrs of functions to make accessible specifically per builder.
711 Takes pkgs as argument and should return a single path containing binaries.
712 This path will be accessible as BUILDBOT_PATH_<attrskey>
715 webhookTokens = mkOption {
716 type = nullOr (listOf str);
719 List of tokens allowed to push to project’s change_hook/base endpoint
729 description = "Tools configurations";
733 description = "Davical configuration";
736 postgresql = mkPsqlOptions "Davical";
737 ldap = mkLdapOptions "Davical" {};
741 diaspora = mkOption {
742 description = "Diaspora configuration";
745 postgresql = mkPsqlOptions "Diaspora";
746 redis = mkRedisOptions "Diaspora";
747 ldap = mkLdapOptions "Diaspora" {};
748 secret_token = mkOption { type = str; description = "Secret token"; };
752 etherpad-lite = mkOption {
753 description = "Etherpad configuration";
756 postgresql = mkPsqlOptions "Etherpad";
757 ldap = mkLdapOptions "Etherpad" {
758 group_filter = mkOption { type = str; description = "Filter for groups"; };
760 session_key = mkOption { type = str; description = "Session key"; };
761 api_key = mkOption { type = str; description = "API key"; };
762 redirects = mkOption { type = str; description = "Redirects for apache"; };
766 gitolite = mkOption {
767 description = "Gitolite configuration";
770 ldap = mkLdapOptions "Gitolite" {};
774 kanboard = mkOption {
775 description = "Kanboard configuration";
778 postgresql = mkPsqlOptions "Kanboard";
779 ldap = mkLdapOptions "Kanboard" {
780 admin_dn = mkOption { type = str; description = "Admin DN"; };
785 mantisbt = mkOption {
786 description = "Mantisbt configuration";
789 postgresql = mkPsqlOptions "Mantisbt";
790 ldap = mkLdapOptions "Mantisbt" {};
791 master_salt = mkOption { type = str; description = "Master salt for password hash"; };
795 mastodon = mkOption {
796 description = "Mastodon configuration";
799 postgresql = mkPsqlOptions "Mastodon";
800 redis = mkRedisOptions "Mastodon";
801 ldap = mkLdapOptions "Mastodon" {};
802 paperclip_secret = mkOption { type = str; description = "Paperclip secret"; };
803 otp_secret = mkOption { type = str; description = "OTP secret"; };
804 secret_key_base = mkOption { type = str; description = "Secret key base"; };
806 description = "vapid key";
809 private = mkOption { type = str; description = "Private key"; };
810 public = mkOption { type = str; description = "Public key"; };
817 mediagoblin = mkOption {
818 description = "Mediagoblin configuration";
821 postgresql = mkPsqlOptions "Mediagoblin";
822 redis = mkRedisOptions "Mediagoblin";
823 ldap = mkLdapOptions "Mediagoblin" {};
827 nextcloud = mkOption {
828 description = "Nextcloud configuration";
831 postgresql = mkPsqlOptions "Peertube";
832 redis = mkRedisOptions "Peertube";
833 password_salt = mkOption { type = str; description = "Password salt"; };
834 instance_id = mkOption { type = str; description = "Instance ID"; };
835 secret = mkOption { type = str; description = "App secret"; };
839 peertube = mkOption {
840 description = "Peertube configuration";
843 listenPort = mkOption { type = port; description = "Port to listen to"; };
844 postgresql = mkPsqlOptions "Peertube";
845 redis = mkRedisOptions "Peertube";
846 ldap = mkLdapOptions "Peertube" {};
850 phpldapadmin = mkOption {
851 description = "phpLdapAdmin configuration";
854 ldap = mkLdapOptions "phpldapadmin" {};
859 description = "Rompr configuration";
863 description = "MPD configuration";
866 host = mkOption { type = str; description = "Host for MPD"; };
867 port = mkOption { type = port; description = "Port to access MPD host"; };
874 roundcubemail = mkOption {
875 description = "Roundcubemail configuration";
878 postgresql = mkPsqlOptions "TT-RSS";
879 secret = mkOption { type = str; description = "Secret"; };
884 description = "Shaarli configuration";
887 ldap = mkLdapOptions "Shaarli" {};
892 description = "Taskwarrior configuration";
895 ldap = mkLdapOptions "Taskwarrior" {};
896 taskwarrior-web = mkOption {
897 description = "taskwarrior-web profiles";
898 type = attrsOf (submodule {
902 description = "List of ldap uids having access to this profile";
904 org = mkOption { type = str; description = "Taskd organisation"; };
905 key = mkOption { type = str; description = "Taskd key"; };
906 date = mkOption { type = str; description = "Preferred date format"; };
914 description = "TT-RSS configuration";
917 postgresql = mkPsqlOptions "TT-RSS";
918 ldap = mkLdapOptions "TT-RSS" {};
922 wallabag = mkOption {
923 description = "Wallabag configuration";
926 postgresql = mkPsqlOptions "Wallabag";
927 ldap = mkLdapOptions "Wallabag" {
928 admin_filter = mkOption { type = str; description = "Admin users filter"; };
930 redis = mkRedisOptions "Wallabag";
931 secret = mkOption { type = str; description = "App secret"; };
936 description = "Ympd configuration";
939 listenPort = mkOption { type = port; description = "Port to listen to"; };
941 description = "MPD configuration";
944 password = mkOption { type = str; description = "Password to access MPD host"; };
945 host = mkOption { type = str; description = "Host for MPD"; };
946 port = mkOption { type = port; description = "Port to access MPD host"; };
954 description = "Yourls configuration";
957 mysql = mkMysqlOptions "Yourls";
958 ldap = mkLdapOptions "Yourls" {};
959 cookieKey = mkOption { type = str; description = "Cookie key"; };
966 websites = mkOption {
967 description = "Websites configurations";
970 isabelle = mkOption {
971 description = "Isabelle configurations by environment";
974 atenSubmodule = mkOption {
975 description = "environment configuration";
978 environment = mkOption { type = str; description = "Symfony environment"; };
979 secret = mkOption { type = str; description = "Symfony App secret"; };
980 postgresql = mkPsqlOptions "Aten";
987 aten_production = atenSubmodule;
988 aten_integration = atenSubmodule;
993 description = "Chloe configurations by environment";
996 chloeSubmodule = mkOption {
997 description = "environment configuration";
1000 environment = mkOption { type = str; description = "Symfony environment"; };
1001 mysql = mkMysqlOptions "Chloe";
1002 ldap = mkLdapOptions "Chloe" {};
1009 production = chloeSubmodule;
1010 integration = chloeSubmodule;
1014 connexionswing = mkOption {
1015 description = "Connexionswing configurations by environment";
1018 csSubmodule = mkOption {
1019 description = "environment configuration";
1022 environment = mkOption { type = str; description = "Symfony environment"; };
1023 mysql = mkMysqlOptions "Connexionswing";
1024 secret = mkOption { type = str; description = "Symfony App secret"; };
1025 email = mkOption { type = str; description = "Symfony email notification"; };
1032 production = csSubmodule;
1033 integration = csSubmodule;
1038 description = "Naturaloutil configuration";
1041 mysql = mkMysqlOptions "Naturaloutil";
1042 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1046 telioTortay = mkOption {
1047 description = "Telio Tortay configuration";
1050 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1054 ludivinecassal = mkOption {
1055 description = "Ludivinecassal configurations by environment";
1058 lcSubmodule = mkOption {
1059 description = "environment configuration";
1062 environment = mkOption { type = str; description = "Symfony environment"; };
1063 mysql = mkMysqlOptions "LudivineCassal";
1064 ldap = mkLdapOptions "LudivineCassal" {};
1065 secret = mkOption { type = str; description = "Symfony App secret"; };
1072 production = lcSubmodule;
1073 integration = lcSubmodule;
1078 description = "Emilia configuration";
1081 postgresql = mkPsqlOptions "Emilia";
1085 florian = mkOption {
1086 description = "Florian configuration";
1089 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1093 nassime = mkOption {
1094 description = "Nassime configuration";
1097 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1101 piedsjaloux = mkOption {
1102 description = "Piedsjaloux configurations by environment";
1105 pjSubmodule = mkOption {
1106 description = "environment configuration";
1109 environment = mkOption { type = str; description = "Symfony environment"; };
1110 mysql = mkMysqlOptions "Piedsjaloux";
1111 secret = mkOption { type = str; description = "Symfony App secret"; };
1118 production = pjSubmodule;
1119 integration = pjSubmodule;
1124 description = "Europe Richie configurations by environment";
1127 mysql = mkMysqlOptions "Richie";
1128 smtp_mailer = mkOption {
1129 description = "SMTP mailer configuration";
1132 user = mkOption { type = str; description = "Username"; };
1133 password = mkOption { type = str; description = "Password"; };
1140 tellesflorian = mkOption {
1141 description = "Tellesflorian configurations by environment";
1144 tfSubmodule = mkOption {
1145 description = "environment configuration";
1148 environment = mkOption { type = str; description = "Symfony environment"; };
1149 mysql = mkMysqlOptions "Tellesflorian";
1150 secret = mkOption { type = str; description = "Symfony App secret"; };
1151 invite_passwords = mkOption { type = str; description = "Password basic auth"; };
1158 integration = tfSubmodule;
1166 privateFiles = mkOption {
1169 Path to secret files to make available during build
1177 FQDN of the current host.