7 base = mkOption { description = "Base of the LDAP tree"; type = str; };
8 host = mkOption { description = "Host to access LDAP"; type = str; };
9 root_dn = mkOption { description = "DN of the root user"; type = str; };
10 root_pw = mkOption { description = "Hashed password of the root user"; type = str; };
11 replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; };
12 replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; };
14 mkLdapOptions = name: more: mkOption {
15 description = "${name} LDAP configuration";
17 options = ldapOptions // {
18 dn = mkOption { description = "DN of the ${name} user"; type = str; };
19 password = mkOption { description = "password of the ${name} user"; type = str; };
20 filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; };
25 host = mkOption { description = "Host to access Mysql"; type = str; };
26 port = mkOption { description = "Port to access Mysql"; type = str; };
27 socket = mkOption { description = "Socket to access Mysql"; type = path; };
28 systemUsers = mkOption {
29 description = "Attrs of user-passwords allowed to access mysql";
33 description = "PAM configuration for mysql";
36 dn = mkOption { description = "DN to connect as to check users"; type = str; };
37 password = mkOption { description = "DN password to connect as to check users"; type = str; };
38 filter = mkOption { description = "filter to match users"; type = str; };
43 mkMysqlOptions = name: more: mkOption {
44 description = "${name} mysql configuration";
46 options = mysqlOptions // {
47 database = mkOption { description = "${name} database"; type = str; };
48 user = mkOption { description = "${name} user"; type = str; };
49 password = mkOption { description = "mysql password of the ${name} user"; type = str; };
54 host = mkOption { description = "Host to access Postgresql"; type = str; };
55 port = mkOption { description = "Port to access Postgresql"; type = str; };
56 socket = mkOption { description = "Socket to access Postgresql"; type = path; };
58 description = "PAM configuration for psql";
61 dn = mkOption { description = "DN to connect as to check users"; type = str; };
62 password = mkOption { description = "DN password to connect as to check users"; type = str; };
63 filter = mkOption { description = "filter to match users"; type = str; };
68 mkPsqlOptions = name: mkOption {
69 description = "${name} psql configuration";
71 options = psqlOptions // {
72 database = mkOption { description = "${name} database"; type = str; };
73 schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; };
74 user = mkOption { description = "${name} user"; type = str; };
75 password = mkOption { description = "psql password of the ${name} user"; type = str; };
80 host = mkOption { description = "Host to access Redis"; type = str; };
81 port = mkOption { description = "Port to access Redis"; type = str; };
82 socket = mkOption { description = "Socket to access Redis"; type = path; };
84 description = "Attrs of db number. Each number should be unique to avoid collision!";
87 spiped_key = mkOption {
90 Key to use with spiped to make a secure channel to replication
94 description = "Predixy configuration. Unused yet";
97 read = mkOption { type = str; description = "Read password"; };
102 mkRedisOptions = name: mkOption {
103 description = "${name} redis configuration";
105 options = redisOptions // {
106 db = mkOption { description = "${name} database"; type = str; };
115 Attrs of servers information in the cluster (not necessarily handled by nixops)
118 type = attrsOf (submodule {
122 description = "List of e-mails that the server can be a sender of";
127 LDAP credentials for the host
131 password = mkOption { type = string; description = "Password for the LDAP connection"; };
132 dn = mkOption { type = string; description = "DN for the LDAP connection"; };
138 attrs of ip4/ip6 grouped by section
140 type = attrsOf (submodule {
145 ip4 address of the host
149 type = listOf string;
152 ip6 addresses of the host
161 hetznerCloud = mkOption {
163 Hetzner Cloud credential information
167 authToken = mkOption {
178 Hetzner credential information
182 user = mkOption { type = str; description = "User"; };
183 pass = mkOption { type = str; description = "Password"; };
189 sshd service credential information
195 LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn
199 password = mkOption { description = "Password"; type = str; };
208 non-standard reserved ports. Must be unique!
213 noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x));
215 x: if isAttrs x && noDupl x then x else throw "Non unique values for ports";
219 httpd service credential information
225 LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn
229 password = mkOption { description = "Password"; type = str; };
238 LDAP server configuration
241 options = ldapOptions;
244 databases = mkOption {
245 description = "Databases configuration";
249 type = submodule { options = mysqlOptions; };
250 description = "Mysql configuration";
253 type = submodule { options = redisOptions; };
254 description = "Redis configuration";
256 postgresql = mkOption {
257 type = submodule { options = psqlOptions; };
258 description = "Postgresql configuration";
264 description = "Jabber configuration";
267 postfix_user_filter = mkOption { type = str; description = "Postfix filter to get xmpp users"; };
268 ldap = mkLdapOptions "Jabber" {};
269 postgresql = mkPsqlOptions "Jabber";
274 description = "System and regular users uid/gid";
275 type = attrsOf (submodule {
278 description = "user uid";
282 description = "user gid";
289 description = "DNS configuration";
293 description = "SOA information";
297 description = "Serial number. Should be incremented at each change and unique";
301 description = "Refresh time";
305 description = "Retry time";
309 description = "Expire time";
313 description = "Default TTL time";
317 description = "hostmaster e-mail";
321 description = "Primary NS";
328 description = "Attrs of NS servers group";
331 "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ];
332 "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ];
335 type = attrsOf (attrsOf (listOf str));
337 slaveZones = mkOption {
338 description = "List of slave zones";
339 type = listOf (submodule {
341 name = mkOption { type = str; description = "zone name"; };
343 description = "NS master groups of this zone";
349 masterZones = mkOption {
350 description = "List of master zones";
351 type = listOf (submodule {
353 name = mkOption { type = str; description = "zone name"; };
355 description = "NS slave groups of this zone";
359 description = "groups names that should have their NS entries listed here";
363 description = "Extra zone configuration for bind";
369 entries = mkOption { type = lines; description = "Regular entries of the NS zone"; };
370 withEmail = mkOption {
371 description = "List of domains that should have mail entries (MX, dkim, SPF, ...)";
373 type = listOf (submodule {
375 domain = mkOption { type = str; description = "Which subdomain is concerned"; };
376 send = mkOption { type = bool; description = "Whether there can be e-mails originating from the subdomain"; };
377 receive = mkOption { type = bool; description = "Whether there can be e-mails arriving to the subdomain"; };
389 Remote backup with duplicity
393 password = mkOption { type = str; description = "Password for encrypting files"; };
394 remote = mkOption { type = str; description = "Remote url access"; };
395 accessKeyId = mkOption { type = str; description = "Remote access-key"; };
396 secretAccessKey = mkOption { type = str; description = "Remote access secret"; };
400 rsync_backup = mkOption {
402 Rsync backup configuration from controlled host
406 mailto = mkOption { type = str; description = "Where to e-mail on error"; };
408 description = "SSH key information";
411 public = mkOption { type = str; description = "Public part of the key"; };
412 private = mkOption { type = lines; description = "Private part of the key"; };
416 profiles = mkOption {
417 description = "Attrs of profiles to backup";
418 type = attrsOf (submodule {
420 keep = mkOption { type = int; description = "Number of backups to keep"; };
421 login = mkOption { type = str; description = "Login to connect to host"; };
422 port = mkOption { type = str; default = "22"; description = "Port to connect to host"; };
423 host = mkOption { type = str; description = "Host to connect to"; };
424 host_key = mkOption { type = str; description = "Host key"; };
425 host_key_type = mkOption { type = str; description = "Host key type"; };
427 description = "Parts to backup for this host";
428 type = attrsOf (submodule {
430 remote_folder = mkOption { type = path; description = "Remote folder to backup";};
431 exclude_from = mkOption {
434 description = "List of folders/files to exclude from the backup";
436 files_from = mkOption {
439 description = "List of folders/files to backup in the base folder";
444 description = "Extra arguments to pass to rsync";
455 monitoring = mkOption {
456 description = "Monitoring configuration";
459 status_url = mkOption { type = str; description = "URL to push status to"; };
460 status_token = mkOption { type = str; description = "Token for the status url"; };
461 http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; };
462 email = mkOption { type = str; description = "Admin E-mail"; };
463 ssh_public_key = mkOption { type = str; description = "SSH public key"; };
464 ssh_secret_key = mkOption { type = str; description = "SSH secret key"; };
465 imap_login = mkOption { type = str; description = "IMAP login"; };
466 imap_password = mkOption { type = str; description = "IMAP password"; };
467 nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; };
468 slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; };
469 slack_channel = mkOption { type = str; description = "Slack channel to push status update"; };
470 contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; };
475 description = "MPD configuration";
478 folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; };
479 password = mkOption { type = str; description = "Password to connect to the MPD instance"; };
480 host = mkOption { type = str; description = "Host to connect to the MPD instance"; };
481 port = mkOption { type = str; description = "Port to connect to the MPD instance"; };
486 description = "FTP configuration";
489 ldap = mkLdapOptions "FTP" {};
494 description = "Mail configuration";
498 description = "DMARC configuration";
501 ignore_hosts = mkOption {
504 Hosts to ignore when checking for dmarc
511 description = "DKIM configuration";
512 type = attrsOf (submodule {
518 "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB" )
520 description = "Public entry to put in DNS TXT field";
522 private = mkOption { type = str; description = "Private key"; };
527 description = "Postfix configuration";
530 additional_mailbox_domains = mkOption {
532 List of domains that are used as mailbox final destination, in addition to those defined in the DNS records
536 mysql = mkMysqlOptions "Postfix" {
537 password_encrypt = mkOption { type = str; description = "Key to encrypt relay password in database"; };
539 backup_domains = mkOption {
541 Domains that are accepted for relay as backup domain
543 type = attrsOf (submodule {
545 domains = mkOption { type = listOf str; description = "Domains list"; };
546 relay_restrictions = mkOption {
549 Restrictions for relaying the e-mails from the domains
552 recipient_maps = mkOption {
554 Recipient map to accept relay for.
555 Must be specified for domain, the rules apply to everyone!
557 type = listOf (submodule {
560 type = enum [ "hash" ];
561 description = "Map type";
565 description = "Map content";
577 description = "Dovecot configuration";
580 ldap = mkLdapOptions "Dovecot" {
581 pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; };
582 user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; };
583 iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; };
584 iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; };
590 description = "rspamd configuration";
593 redis = mkRedisOptions "Redis";
594 read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; };
595 write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; };
596 read_password = mkOption {
598 description = "Read password for rspamd. Unused";
601 write_password = mkOption {
603 description = "Write password for rspamd. Unused";
610 description = "Mail script recipients";
611 type = attrsOf (submodule {
613 external = mkEnableOption "Create a script_<name>@mail.immae.eu external address";
616 git source to fetch the script from.
617 It must have a default.nix file as its root accepting a scriptEnv parameter
621 url = mkOption { type = str; description = "git url to fetch"; };
622 rev = mkOption { type = str; description = "git reference to fetch"; };
627 description = "Variables to pass to the script";
636 buildbot = mkOption {
637 description = "Buildbot configuration";
641 description = "Buildbot user";
645 description = "user uid";
649 description = "user gid";
656 description = "Ldap configuration for buildbot";
659 password = mkOption { type = str; description = "Buildbot password"; };
663 projects = mkOption {
664 description = "Projects to make a buildbot for";
665 type = attrsOf (submodule {
667 name = mkOption { type = str; description = "Project name"; };
668 packages = mkOption {
670 example = literalExample ''
671 pkgs: [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ];
675 Builds packages list to make available to buildbot project.
676 Takes pkgs as argument.
679 pythonPackages = mkOption {
681 example = literalExample ''
682 p: pkgs: [ pkgs.python3Packages.pip ];
686 Builds python packages list to make available to buildbot project.
687 Takes buildbot python module as first argument and pkgs as second argument in order to augment the python modules list.
690 pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; };
693 description = "Secrets for the project to dump as files";
695 environment = mkOption {
698 Environment variables for the project.
699 BUILDBOT_ is prefixed to the variable names
702 activationScript = mkOption {
705 Activation script to run during deployment
708 builderPaths = mkOption {
709 type = attrsOf unspecified;
712 Attrs of functions to make accessible specifically per builder.
713 Takes pkgs as argument and should return a single path containing binaries.
714 This path will be accessible as BUILDBOT_PATH_<attrskey>
717 webhookTokens = mkOption {
718 type = nullOr (listOf str);
721 List of tokens allowed to push to project’s change_hook/base endpoint
731 description = "Tools configurations";
735 description = "Davical configuration";
738 postgresql = mkPsqlOptions "Davical";
739 ldap = mkLdapOptions "Davical" {};
743 diaspora = mkOption {
744 description = "Diaspora configuration";
747 postgresql = mkPsqlOptions "Diaspora";
748 redis = mkRedisOptions "Diaspora";
749 ldap = mkLdapOptions "Diaspora" {};
750 secret_token = mkOption { type = str; description = "Secret token"; };
754 etherpad-lite = mkOption {
755 description = "Etherpad configuration";
758 postgresql = mkPsqlOptions "Etherpad";
759 ldap = mkLdapOptions "Etherpad" {
760 group_filter = mkOption { type = str; description = "Filter for groups"; };
762 session_key = mkOption { type = str; description = "Session key"; };
763 api_key = mkOption { type = str; description = "API key"; };
764 redirects = mkOption { type = str; description = "Redirects for apache"; };
768 gitolite = mkOption {
769 description = "Gitolite configuration";
772 ldap = mkLdapOptions "Gitolite" {};
776 kanboard = mkOption {
777 description = "Kanboard configuration";
780 postgresql = mkPsqlOptions "Kanboard";
781 ldap = mkLdapOptions "Kanboard" {
782 admin_dn = mkOption { type = str; description = "Admin DN"; };
787 mantisbt = mkOption {
788 description = "Mantisbt configuration";
791 postgresql = mkPsqlOptions "Mantisbt";
792 ldap = mkLdapOptions "Mantisbt" {};
793 master_salt = mkOption { type = str; description = "Master salt for password hash"; };
797 mastodon = mkOption {
798 description = "Mastodon configuration";
801 postgresql = mkPsqlOptions "Mastodon";
802 redis = mkRedisOptions "Mastodon";
803 ldap = mkLdapOptions "Mastodon" {};
804 paperclip_secret = mkOption { type = str; description = "Paperclip secret"; };
805 otp_secret = mkOption { type = str; description = "OTP secret"; };
806 secret_key_base = mkOption { type = str; description = "Secret key base"; };
808 description = "vapid key";
811 private = mkOption { type = str; description = "Private key"; };
812 public = mkOption { type = str; description = "Public key"; };
819 mediagoblin = mkOption {
820 description = "Mediagoblin configuration";
823 postgresql = mkPsqlOptions "Mediagoblin";
824 redis = mkRedisOptions "Mediagoblin";
825 ldap = mkLdapOptions "Mediagoblin" {};
829 nextcloud = mkOption {
830 description = "Nextcloud configuration";
833 postgresql = mkPsqlOptions "Peertube";
834 redis = mkRedisOptions "Peertube";
835 password_salt = mkOption { type = str; description = "Password salt"; };
836 instance_id = mkOption { type = str; description = "Instance ID"; };
837 secret = mkOption { type = str; description = "App secret"; };
841 peertube = mkOption {
842 description = "Peertube configuration";
845 listenPort = mkOption { type = port; description = "Port to listen to"; };
846 postgresql = mkPsqlOptions "Peertube";
847 redis = mkRedisOptions "Peertube";
848 ldap = mkLdapOptions "Peertube" {};
852 phpldapadmin = mkOption {
853 description = "phpLdapAdmin configuration";
856 ldap = mkLdapOptions "phpldapadmin" {};
861 description = "Rompr configuration";
865 description = "MPD configuration";
868 host = mkOption { type = str; description = "Host for MPD"; };
869 port = mkOption { type = port; description = "Port to access MPD host"; };
876 roundcubemail = mkOption {
877 description = "Roundcubemail configuration";
880 postgresql = mkPsqlOptions "TT-RSS";
881 secret = mkOption { type = str; description = "Secret"; };
886 description = "Shaarli configuration";
889 ldap = mkLdapOptions "Shaarli" {};
894 description = "Taskwarrior configuration";
897 ldap = mkLdapOptions "Taskwarrior" {};
898 taskwarrior-web = mkOption {
899 description = "taskwarrior-web profiles";
900 type = attrsOf (submodule {
904 description = "List of ldap uids having access to this profile";
906 org = mkOption { type = str; description = "Taskd organisation"; };
907 key = mkOption { type = str; description = "Taskd key"; };
908 date = mkOption { type = str; description = "Preferred date format"; };
916 description = "TT-RSS configuration";
919 postgresql = mkPsqlOptions "TT-RSS";
920 ldap = mkLdapOptions "TT-RSS" {};
924 wallabag = mkOption {
925 description = "Wallabag configuration";
928 postgresql = mkPsqlOptions "Wallabag";
929 ldap = mkLdapOptions "Wallabag" {
930 admin_filter = mkOption { type = str; description = "Admin users filter"; };
932 redis = mkRedisOptions "Wallabag";
933 secret = mkOption { type = str; description = "App secret"; };
938 description = "Ympd configuration";
941 listenPort = mkOption { type = port; description = "Port to listen to"; };
943 description = "MPD configuration";
946 password = mkOption { type = str; description = "Password to access MPD host"; };
947 host = mkOption { type = str; description = "Host for MPD"; };
948 port = mkOption { type = port; description = "Port to access MPD host"; };
956 description = "Yourls configuration";
959 mysql = mkMysqlOptions "Yourls" {};
960 ldap = mkLdapOptions "Yourls" {};
961 cookieKey = mkOption { type = str; description = "Cookie key"; };
968 websites = mkOption {
969 description = "Websites configurations";
972 isabelle = mkOption {
973 description = "Isabelle configurations by environment";
976 atenSubmodule = mkOption {
977 description = "environment configuration";
980 environment = mkOption { type = str; description = "Symfony environment"; };
981 secret = mkOption { type = str; description = "Symfony App secret"; };
982 postgresql = mkPsqlOptions "Aten";
989 aten_production = atenSubmodule;
990 aten_integration = atenSubmodule;
995 description = "Chloe configurations by environment";
998 chloeSubmodule = mkOption {
999 description = "environment configuration";
1002 environment = mkOption { type = str; description = "Symfony environment"; };
1003 mysql = mkMysqlOptions "Chloe" {};
1004 ldap = mkLdapOptions "Chloe" {};
1011 production = chloeSubmodule;
1012 integration = chloeSubmodule;
1016 connexionswing = mkOption {
1017 description = "Connexionswing configurations by environment";
1020 csSubmodule = mkOption {
1021 description = "environment configuration";
1024 environment = mkOption { type = str; description = "Symfony environment"; };
1025 mysql = mkMysqlOptions "Connexionswing" {};
1026 secret = mkOption { type = str; description = "Symfony App secret"; };
1027 email = mkOption { type = str; description = "Symfony email notification"; };
1034 production = csSubmodule;
1035 integration = csSubmodule;
1040 description = "Naturaloutil configuration";
1043 mysql = mkMysqlOptions "Naturaloutil" {};
1044 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1048 telioTortay = mkOption {
1049 description = "Telio Tortay configuration";
1052 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1056 ludivinecassal = mkOption {
1057 description = "Ludivinecassal configurations by environment";
1060 lcSubmodule = mkOption {
1061 description = "environment configuration";
1064 environment = mkOption { type = str; description = "Symfony environment"; };
1065 mysql = mkMysqlOptions "LudivineCassal" {};
1066 ldap = mkLdapOptions "LudivineCassal" {};
1067 secret = mkOption { type = str; description = "Symfony App secret"; };
1074 production = lcSubmodule;
1075 integration = lcSubmodule;
1080 description = "Emilia configuration";
1083 postgresql = mkPsqlOptions "Emilia";
1087 florian = mkOption {
1088 description = "Florian configuration";
1091 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1095 nassime = mkOption {
1096 description = "Nassime configuration";
1099 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1103 piedsjaloux = mkOption {
1104 description = "Piedsjaloux configurations by environment";
1107 pjSubmodule = mkOption {
1108 description = "environment configuration";
1111 environment = mkOption { type = str; description = "Symfony environment"; };
1112 mysql = mkMysqlOptions "Piedsjaloux" {};
1113 secret = mkOption { type = str; description = "Symfony App secret"; };
1120 production = pjSubmodule;
1121 integration = pjSubmodule;
1126 description = "Europe Richie configurations by environment";
1129 mysql = mkMysqlOptions "Richie" {};
1130 smtp_mailer = mkOption {
1131 description = "SMTP mailer configuration";
1134 user = mkOption { type = str; description = "Username"; };
1135 password = mkOption { type = str; description = "Password"; };
1142 tellesflorian = mkOption {
1143 description = "Tellesflorian configurations by environment";
1146 tfSubmodule = mkOption {
1147 description = "environment configuration";
1150 environment = mkOption { type = str; description = "Symfony environment"; };
1151 mysql = mkMysqlOptions "Tellesflorian" {};
1152 secret = mkOption { type = str; description = "Symfony App secret"; };
1153 invite_passwords = mkOption { type = str; description = "Password basic auth"; };
1160 integration = tfSubmodule;
1168 privateFiles = mkOption {
1171 Path to secret files to make available during build
1179 FQDN of the current host.