]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/environment.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Flake webapps
[perso/Immae/Config/Nix.git] / modules / private / environment.nix
1 { config, lib, name, ... }:
2 with lib;
3 with types;
4 with lists;
5 let
6 ldapOptions = {
7 base = mkOption { description = "Base of the LDAP tree"; type = str; };
8 host = mkOption { description = "Host to access LDAP"; type = str; };
9 root_dn = mkOption { description = "DN of the root user"; type = str; };
10 root_pw = mkOption { description = "Hashed password of the root user"; type = str; };
11 replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; };
12 replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; };
13 };
14 mkLdapOptions = name: more: mkOption {
15 description = "${name} LDAP configuration";
16 type = submodule {
17 options = ldapOptions // {
18 dn = mkOption { description = "DN of the ${name} user"; type = str; };
19 password = mkOption { description = "password of the ${name} user"; type = str; };
20 filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; };
21 } // more;
22 };
23 };
24 mysqlOptions = {
25 host = mkOption { description = "Host to access Mysql"; type = str; };
26 remoteHost = mkOption { description = "Host to access Mysql from outside"; type = str; };
27 port = mkOption { description = "Port to access Mysql"; type = str; };
28 socket = mkOption { description = "Socket to access Mysql"; type = path; };
29 systemUsers = mkOption {
30 description = "Attrs of user-passwords allowed to access mysql";
31 type = attrsOf str;
32 };
33 pam = mkOption {
34 description = "PAM configuration for mysql";
35 type = submodule {
36 options = {
37 dn = mkOption { description = "DN to connect as to check users"; type = str; };
38 password = mkOption { description = "DN password to connect as to check users"; type = str; };
39 filter = mkOption { description = "filter to match users"; type = str; };
40 };
41 };
42 };
43 };
44 mkMysqlOptions = name: more: mkOption {
45 description = "${name} mysql configuration";
46 type = submodule {
47 options = mysqlOptions // {
48 database = mkOption { description = "${name} database"; type = str; };
49 user = mkOption { description = "${name} user"; type = str; };
50 password = mkOption { description = "mysql password of the ${name} user"; type = str; };
51 } // more;
52 };
53 };
54 psqlOptions = {
55 host = mkOption { description = "Host to access Postgresql"; type = str; };
56 port = mkOption { description = "Port to access Postgresql"; type = str; };
57 socket = mkOption { description = "Socket to access Postgresql"; type = path; };
58 pam = mkOption {
59 description = "PAM configuration for psql";
60 type = submodule {
61 options = {
62 dn = mkOption { description = "DN to connect as to check users"; type = str; };
63 password = mkOption { description = "DN password to connect as to check users"; type = str; };
64 filter = mkOption { description = "filter to match users"; type = str; };
65 };
66 };
67 };
68 };
69 mkPsqlOptions = name: mkOption {
70 description = "${name} psql configuration";
71 type = submodule {
72 options = psqlOptions // {
73 database = mkOption { description = "${name} database"; type = str; };
74 schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; };
75 user = mkOption { description = "${name} user"; type = str; };
76 password = mkOption { description = "psql password of the ${name} user"; type = str; };
77 };
78 };
79 };
80 redisOptions = {
81 host = mkOption { description = "Host to access Redis"; type = str; };
82 port = mkOption { description = "Port to access Redis"; type = str; };
83 socket = mkOption { description = "Socket to access Redis"; type = path; };
84 dbs = mkOption {
85 description = "Attrs of db number. Each number should be unique to avoid collision!";
86 type = attrsOf str;
87 };
88 spiped_key = mkOption {
89 type = str;
90 description = ''
91 Key to use with spiped to make a secure channel to replication
92 '';
93 };
94 predixy = mkOption {
95 description = "Predixy configuration. Unused yet";
96 type = submodule {
97 options = {
98 read = mkOption { type = str; description = "Read password"; };
99 };
100 };
101 };
102 };
103 mkRedisOptions = name: mkOption {
104 description = "${name} redis configuration";
105 type = submodule {
106 options = redisOptions // {
107 db = mkOption { description = "${name} database"; type = str; };
108 };
109 };
110 };
111 smtpOptions = {
112 host = mkOption { description = "Host to access SMTP"; type = str; };
113 port = mkOption { description = "Port to access SMTP"; type = str; };
114 };
115 mkSmtpOptions = name: mkOption {
116 description = "${name} smtp configuration";
117 type = submodule {
118 options = smtpOptions // {
119 email = mkOption { description = "${name} email"; type = str; };
120 password = mkOption { description = "SMTP password of the ${name} user"; type = str; };
121 };
122 };
123 };
124 hostEnv = submodule {
125 options = {
126 fqdn = mkOption {
127 description = "Host FQDN";
128 type = str;
129 };
130 users = mkOption {
131 type = unspecified;
132 default = pkgs: [];
133 description = ''
134 Sublist of users from realUsers. Function that takes pkgs as
135 argument and gives an array as a result
136 '';
137 };
138 emails = mkOption {
139 default = [];
140 description = "List of e-mails that the server can be a sender of";
141 type = listOf str;
142 };
143 ldap = mkOption {
144 description = ''
145 LDAP credentials for the host
146 '';
147 type = submodule {
148 options = {
149 password = mkOption { type = str; description = "Password for the LDAP connection"; };
150 dn = mkOption { type = str; description = "DN for the LDAP connection"; };
151 };
152 };
153 };
154 mx = mkOption {
155 description = "subdomain and priority for MX server";
156 default = { enable = false; };
157 type = submodule {
158 options = {
159 enable = mkEnableOption "Enable MX";
160 subdomain = mkOption { type = nullOr str; description = "Subdomain name (mx-*)"; };
161 priority = mkOption { type = nullOr str; description = "Priority"; };
162 };
163 };
164 };
165 ips = mkOption {
166 description = ''
167 attrs of ip4/ip6 grouped by section
168 '';
169 type = attrsOf (submodule {
170 options = {
171 ip4 = mkOption {
172 type = listOf str;
173 default = [];
174 description = ''
175 ip4 addresses of the host
176 '';
177 };
178 ip6 = mkOption {
179 type = listOf str;
180 default = [];
181 description = ''
182 ip6 addresses of the host
183 '';
184 };
185 };
186 });
187 };
188 };
189 };
190 in
191 {
192 options.myEnv = {
193 servers = mkOption {
194 description = ''
195 Attrs of servers information in the cluster (not necessarily handled by nixops)
196 '';
197 default = {};
198 type = attrsOf hostEnv;
199 };
200 hetznerCloud = mkOption {
201 description = ''
202 Hetzner Cloud credential information
203 '';
204 type = submodule {
205 options = {
206 authToken = mkOption {
207 type = str;
208 description = ''
209 The API auth token.
210 '';
211 };
212 };
213 };
214 };
215 hetzner = mkOption {
216 description = ''
217 Hetzner credential information
218 '';
219 type = submodule {
220 options = {
221 user = mkOption { type = str; description = "User"; };
222 pass = mkOption { type = str; description = "Password"; };
223 };
224 };
225 };
226 sshd = mkOption {
227 description = ''
228 sshd service credential information
229 '';
230 type = submodule {
231 options = {
232 rootKeys = mkOption { type = attrsOf str; description = "Keys of root users"; };
233 ldap = mkOption {
234 description = ''
235 LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn
236 '';
237 type = submodule {
238 options = {
239 password = mkOption { description = "Password"; type = str; };
240 };
241 };
242 };
243 };
244 };
245 };
246 ports = mkOption {
247 description = ''
248 non-standard reserved ports. Must be unique!
249 '';
250 type = attrsOf port;
251 default = {};
252 apply = let
253 noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x));
254 in
255 x: if isAttrs x && noDupl x then x else throw "Non unique values for ports";
256 };
257 httpd = mkOption {
258 description = ''
259 httpd service credential information
260 '';
261 type = submodule {
262 options = {
263 ldap = mkOption {
264 description = ''
265 LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn
266 '';
267 type = submodule {
268 options = {
269 password = mkOption { description = "Password"; type = str; };
270 };
271 };
272 };
273 };
274 };
275 };
276 smtp = mkOption {
277 type = submodule { options = smtpOptions; };
278 description = "SMTP configuration";
279 };
280 ldap = mkOption {
281 description = ''
282 LDAP server configuration
283 '';
284 type = submodule {
285 options = ldapOptions;
286 };
287 };
288 databases = mkOption {
289 description = "Databases configuration";
290 type = submodule {
291 options = {
292 mysql = mkOption {
293 type = submodule { options = mysqlOptions; };
294 description = "Mysql configuration";
295 };
296 redis = mkOption {
297 type = submodule { options = redisOptions; };
298 description = "Redis configuration";
299 };
300 postgresql = mkOption {
301 type = submodule { options = psqlOptions; };
302 description = "Postgresql configuration";
303 };
304 };
305 };
306 };
307 jabber = mkOption {
308 description = "Jabber configuration";
309 type = submodule {
310 options = {
311 postfix_user_filter = mkOption { type = str; description = "Postfix filter to get xmpp users"; };
312 ldap = mkLdapOptions "Jabber" {};
313 postgresql = mkPsqlOptions "Jabber";
314 };
315 };
316 };
317 realUsers = mkOption {
318 description = ''
319 Attrset of function taking pkgs as argument.
320 Real users settings, should provide a subattr of users.users.<name>
321 with at least: name, (hashed)Password, shell
322 '';
323 type = attrsOf unspecified;
324 };
325 users = mkOption {
326 description = "System and regular users uid/gid";
327 type = attrsOf (submodule {
328 options = {
329 uid = mkOption {
330 description = "user uid";
331 type = int;
332 };
333 gid = mkOption {
334 description = "user gid";
335 type = int;
336 };
337 };
338 });
339 };
340 dns = mkOption {
341 description = "DNS configuration";
342 type = submodule {
343 options = {
344 soa = mkOption {
345 description = "SOA information";
346 type = submodule {
347 options = {
348 serial = mkOption {
349 description = "Serial number. Should be incremented at each change and unique";
350 type = str;
351 };
352 refresh = mkOption {
353 description = "Refresh time";
354 type = str;
355 };
356 retry = mkOption {
357 description = "Retry time";
358 type = str;
359 };
360 expire = mkOption {
361 description = "Expire time";
362 type = str;
363 };
364 ttl = mkOption {
365 description = "Default TTL time";
366 type = str;
367 };
368 email = mkOption {
369 description = "hostmaster e-mail";
370 type = str;
371 };
372 primary = mkOption {
373 description = "Primary NS";
374 type = str;
375 };
376 };
377 };
378 };
379 ns = mkOption {
380 description = "Attrs of NS servers group";
381 example = {
382 foo = {
383 "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ];
384 "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ];
385 };
386 };
387 type = attrsOf (attrsOf (listOf str));
388 };
389 keys = mkOption {
390 default = {};
391 description = "DNS keys";
392 type = attrsOf (submodule {
393 options = {
394 algorithm = mkOption { type = str; description = "Algorithm"; };
395 secret = mkOption { type = str; description = "Secret"; };
396 };
397 });
398 };
399 slaveZones = mkOption {
400 description = "List of slave zones";
401 type = listOf (submodule {
402 options = {
403 name = mkOption { type = str; description = "zone name"; };
404 masters = mkOption {
405 description = "NS master groups of this zone";
406 type = listOf str;
407 };
408 keys = mkOption {
409 default = [];
410 description = "Keys associated to the server";
411 type = listOf str;
412 };
413 };
414 });
415 };
416 masterZones = mkOption {
417 description = "List of master zones";
418 type = listOf (submodule {
419 options = {
420 name = mkOption { type = str; description = "zone name"; };
421 withCAA = mkOption { type = nullOr str; description = "CAA entry"; default = null; };
422 slaves = mkOption {
423 description = "NS slave groups of this zone";
424 type = listOf str;
425 };
426 ns = mkOption {
427 description = "groups names that should have their NS entries listed here";
428 type = listOf str;
429 };
430 extra = mkOption {
431 description = "Extra zone configuration for bind";
432 example = ''
433 notify yes;
434 '';
435 type = lines;
436 };
437 entries = mkOption { type = lines; description = "Regular entries of the NS zone"; };
438 withEmail = mkOption {
439 description = "List of domains that should have mail entries (MX, dkim, SPF, ...)";
440 default = [];
441 type = listOf (submodule {
442 options = {
443 domain = mkOption { type = str; description = "Which subdomain is concerned"; };
444 send = mkOption { type = bool; description = "Whether there can be e-mails originating from the subdomain"; };
445 receive = mkOption { type = bool; description = "Whether there can be e-mails arriving to the subdomain"; };
446 };
447 });
448 };
449 };
450 });
451 };
452 };
453 };
454 };
455 backup = mkOption {
456 description = ''
457 Remote backup with duplicity
458 '';
459 type = submodule {
460 options = {
461 password = mkOption { type = str; description = "Password for encrypting files"; };
462 remotes = mkOption {
463 type = attrsOf (submodule {
464 options = {
465 remote = mkOption {
466 type = unspecified;
467 example = literalExample ''
468 bucket: "s3://some_host/${bucket}";
469 '';
470 description = ''
471 Function.
472 Takes a bucket name as argument and returns a url
473 '';
474 };
475 accessKeyId = mkOption { type = str; description = "Remote access-key"; };
476 secretAccessKey = mkOption { type = str; description = "Remote access secret"; };
477 };
478 });
479 };
480 };
481 };
482 };
483 zrepl_backup = mkOption {
484 type = submodule {
485 options = {
486 ssh_key = mkOption {
487 description = "SSH key information";
488 type = submodule {
489 options = {
490 public = mkOption { type = str; description = "Public part of the key"; };
491 private = mkOption { type = lines; description = "Private part of the key"; };
492 };
493 };
494 };
495 mysql = mkMysqlOptions "Zrepl" {};
496 certs = mkOption {
497 description = "Certificates";
498 type = attrsOf (submodule {
499 options = {
500 key = mkOption { type = str; description = "Key"; };
501 certificate = mkOption { type = str; description = "Certificate"; };
502 };
503 });
504 };
505 };
506 };
507 };
508 rsync_backup = mkOption {
509 description =''
510 Rsync backup configuration from controlled host
511 '';
512 type = submodule {
513 options = {
514 ssh_key = mkOption {
515 description = "SSH key information";
516 type = submodule {
517 options = {
518 public = mkOption { type = str; description = "Public part of the key"; };
519 private = mkOption { type = lines; description = "Private part of the key"; };
520 };
521 };
522 };
523 profiles = mkOption {
524 description = "Attrs of profiles to backup";
525 type = attrsOf (submodule {
526 options = {
527 keep = mkOption { type = int; description = "Number of backups to keep"; };
528 check_command = mkOption { type = str; description = "command to check if backup needs to be done"; default = "backup"; };
529 login = mkOption { type = str; description = "Login to connect to host"; };
530 port = mkOption { type = str; default = "22"; description = "Port to connect to host"; };
531 host = mkOption { type = str; description = "Host to connect to"; };
532 host_key = mkOption { type = str; description = "Host key"; };
533 host_key_type = mkOption { type = str; description = "Host key type"; };
534 parts = mkOption {
535 description = "Parts to backup for this host";
536 type = attrsOf (submodule {
537 options = {
538 remote_folder = mkOption { type = path; description = "Remote folder to backup";};
539 exclude_from = mkOption {
540 type = listOf path;
541 default = [];
542 description = "List of folders/files to exclude from the backup";
543 };
544 files_from = mkOption {
545 type = listOf path;
546 default = [];
547 description = "List of folders/files to backup in the base folder";
548 };
549 args = mkOption {
550 type = nullOr str;
551 default = null;
552 description = "Extra arguments to pass to rsync";
553 };
554 };
555 });
556 };
557 };
558 });
559 };
560 };
561 };
562 };
563 monitoring = mkOption {
564 description = "Monitoring configuration";
565 type = submodule {
566 options = {
567 status_url = mkOption { type = str; description = "URL to push status to"; };
568 status_token = mkOption { type = str; description = "Token for the status url"; };
569 http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; };
570 email = mkOption { type = str; description = "Admin E-mail"; };
571 ssh_public_key = mkOption { type = str; description = "SSH public key"; };
572 ssh_secret_key = mkOption { type = str; description = "SSH secret key"; };
573 imap_login = mkOption { type = str; description = "IMAP login"; };
574 imap_password = mkOption { type = str; description = "IMAP password"; };
575 eriomem_keys = mkOption { type = listOf (listOf str); description = "Eriomem keys"; default = []; };
576 ovh_sms = mkOption {
577 description = "OVH credentials for sms script";
578 type = submodule {
579 options = {
580 endpoint = mkOption { type = str; default = "ovh-eu"; description = "OVH endpoint"; };
581 application_key = mkOption { type = str; description = "Application key"; };
582 application_secret = mkOption { type = str; description = "Application secret"; };
583 consumer_key = mkOption { type = str; description = "Consumer key"; };
584 account = mkOption { type = str; description = "Account"; };
585 };
586 };
587 };
588 nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; };
589 slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; };
590 slack_channel = mkOption { type = str; description = "Slack channel to push status update"; };
591 netdata_aggregator = mkOption { type = str; description = "Url where netdata information should be sent"; };
592 netdata_keys = mkOption { type = attrsOf str; description = "netdata host keys"; };
593 contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; };
594 email_check = mkOption {
595 description = "Emails services to check";
596 type = attrsOf (submodule {
597 options = {
598 local = mkOption { type = bool; default = false; description = "Use local configuration"; };
599 port = mkOption { type = nullOr str; default = null; description = "Port to connect to ssh"; };
600 login = mkOption { type = nullOr str; default = null; description = "Login to connect to ssh"; };
601 targets = mkOption { type = listOf str; description = "Hosts to send E-mails to"; };
602 mail_address = mkOption { type = nullOr str; default = null; description = "E-mail recipient part to send e-mail to"; };
603 mail_domain = mkOption { type = nullOr str; default = null; description = "E-mail domain part to send e-mail to"; };
604 };
605 });
606 };
607 };
608 };
609 };
610 mpd = mkOption {
611 description = "MPD configuration";
612 type = submodule {
613 options = {
614 folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; };
615 password = mkOption { type = str; description = "Password to connect to the MPD instance"; };
616 host = mkOption { type = str; description = "Host to connect to the MPD instance"; };
617 port = mkOption { type = str; description = "Port to connect to the MPD instance"; };
618 };
619 };
620 };
621 ftp = mkOption {
622 description = "FTP configuration";
623 type = submodule {
624 options = {
625 ldap = mkLdapOptions "FTP" {
626 proftpd_filter = mkOption { type = str; description = "Filter for proftpd listing in LDAP"; };
627 pure-ftpd_filter = mkOption { type = str; description = "Filter for pure-ftpd listing in LDAP"; };
628 };
629 };
630 };
631 };
632 vpn = mkOption {
633 description = "VPN configuration";
634 type = attrsOf (submodule {
635 options = {
636 prefix = mkOption { type = str; description = "ipv6 prefix for the vpn subnet"; };
637 privateKey = mkOption { type = str; description = "Private key for the host"; };
638 publicKey = mkOption { type = str; description = "Public key for the host"; };
639 };
640 });
641 };
642 mail = mkOption {
643 description = "Mail configuration";
644 type = submodule {
645 options = {
646 dmarc = mkOption {
647 description = "DMARC configuration";
648 type = submodule {
649 options = {
650 ignore_hosts = mkOption {
651 type = lines;
652 description = ''
653 Hosts to ignore when checking for dmarc
654 '';
655 };
656 };
657 };
658 };
659 dkim = mkOption {
660 description = "DKIM configuration";
661 type = attrsOf (submodule {
662 options = {
663 public = mkOption {
664 type = str;
665 example = ''
666 ( "v=DKIM1; k=rsa; "
667 "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB" )
668 '';
669 description = "Public entry to put in DNS TXT field";
670 };
671 private = mkOption { type = str; description = "Private key"; };
672 };
673 });
674 };
675 postfix = mkOption {
676 description = "Postfix configuration";
677 type = submodule {
678 options = {
679 additional_mailbox_domains = mkOption {
680 description = ''
681 List of domains that are used as mailbox final destination, in addition to those defined in the DNS records
682 '';
683 type = listOf str;
684 };
685 mysql = mkMysqlOptions "Postfix" {
686 password_encrypt = mkOption { type = str; description = "Key to encrypt relay password in database"; };
687 };
688 backup_domains = mkOption {
689 description = ''
690 Domains that are accepted for relay as backup domain
691 '';
692 type = attrsOf (submodule {
693 options = {
694 domains = mkOption { type = listOf str; description = "Domains list"; };
695 relay_restrictions = mkOption {
696 type = lines;
697 description = ''
698 Restrictions for relaying the e-mails from the domains
699 '';
700 };
701 recipient_maps = mkOption {
702 description = ''
703 Recipient map to accept relay for.
704 Must be specified for domain, the rules apply to everyone!
705 '';
706 type = listOf (submodule {
707 options = {
708 type = mkOption {
709 type = enum [ "hash" ];
710 description = "Map type";
711 };
712 content = mkOption {
713 type = str;
714 description = "Map content";
715 };
716 };
717 });
718 };
719 };
720 });
721 };
722 };
723 };
724 };
725 dovecot = mkOption {
726 description = "Dovecot configuration";
727 type = submodule {
728 options = {
729 ldap = mkLdapOptions "Dovecot" {
730 pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; };
731 user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; };
732 iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; };
733 iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; };
734 postfix_mailbox_filter = mkOption { type = str; description = "Postfix filter to get mailboxes"; };
735 };
736 };
737 };
738 };
739 rspamd = mkOption {
740 description = "rspamd configuration";
741 type = submodule {
742 options = {
743 redis = mkRedisOptions "Redis";
744 read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; };
745 write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; };
746 read_password = mkOption {
747 type = str;
748 description = "Read password for rspamd. Unused";
749 apply = x: "";
750 };
751 write_password = mkOption {
752 type = str;
753 description = "Write password for rspamd. Unused";
754 apply = x: "";
755 };
756 };
757 };
758 };
759 scripts = mkOption {
760 description = "Mail script recipients";
761 type = attrsOf (submodule {
762 options = {
763 external = mkEnableOption "Create a script_<name>@mail.immae.eu external address";
764 src = mkOption {
765 description = ''
766 git source to fetch the script from.
767 It must have a default.nix file as its root accepting a scriptEnv parameter
768 '';
769 type = submodule {
770 options = {
771 url = mkOption { type = str; description = "git url to fetch"; };
772 rev = mkOption { type = str; description = "git reference to fetch"; };
773 };
774 };
775 };
776 env = mkOption {
777 description = "Variables to pass to the script";
778 type = unspecified;
779 };
780 };
781 });
782 };
783 sympa = mkOption {
784 description = "Sympa configuration";
785 type = submodule {
786 options = {
787 listmasters = mkOption {
788 type = listOf str;
789 description = "Listmasters";
790 };
791 postgresql = mkPsqlOptions "Sympa";
792 data_sources = mkOption {
793 type = attrsOf str;
794 default = {};
795 description = "Data sources to make available to sympa";
796 };
797 scenari = mkOption {
798 type = attrsOf str;
799 default = {};
800 description = "Scenari to make available to sympa";
801 };
802 };
803 };
804 };
805 };
806 };
807 };
808 coturn = mkOption {
809 description = "Coturn configuration";
810 type = submodule {
811 options = {
812 auth_access_key = mkOption { type = str; description = "key to access coturn"; };
813 };
814 };
815 };
816 buildbot = mkOption {
817 description = "Buildbot configuration";
818 type = submodule {
819 options = {
820 ssh_key = mkOption {
821 description = "SSH key information";
822 type = submodule {
823 options = {
824 public = mkOption { type = str; description = "Public part of the key"; };
825 private = mkOption { type = lines; description = "Private part of the key"; };
826 };
827 };
828 };
829 workerPassword = mkOption { description = "Buildbot worker password"; type = str; };
830 user = mkOption {
831 description = "Buildbot user";
832 type = submodule {
833 options = {
834 uid = mkOption {
835 description = "user uid";
836 type = int;
837 };
838 gid = mkOption {
839 description = "user gid";
840 type = int;
841 };
842 };
843 };
844 };
845 ldap = mkOption {
846 description = "Ldap configuration for buildbot";
847 type = submodule {
848 options = {
849 password = mkOption { type = str; description = "Buildbot password"; };
850 };
851 };
852 };
853 projects = mkOption {
854 description = "Projects to make a buildbot for";
855 type = attrsOf (submodule {
856 options = {
857 name = mkOption { type = str; description = "Project name"; };
858 packages = mkOption {
859 type = unspecified;
860 example = literalExample ''
861 pkgs: [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ];
862 '';
863 description = ''
864 Function.
865 Builds packages list to make available to buildbot project.
866 Takes pkgs as argument.
867 '';
868 };
869 pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; };
870 workerPort = mkOption { type = port; description = "Port for the worker"; };
871 secrets = mkOption {
872 #type = attrsOf (either str (functionTo str));
873 type = attrsOf unspecified;
874 description = "Secrets for the project to dump as files. Might be a function that takes pkgs as argument";
875 };
876 environment = mkOption {
877 #type = attrsOf (either str (functionTo str));
878 type = attrsOf unspecified;
879 description = ''
880 Environment variables for the project. Might be a function that takes pkgs as argument.
881 BUILDBOT_ is prefixed to the variable names
882 '';
883 };
884 activationScript = mkOption {
885 type = lines;
886 description = ''
887 Activation script to run during deployment
888 '';
889 };
890 builderPaths = mkOption {
891 type = attrsOf unspecified;
892 default = {};
893 description = ''
894 Attrs of functions to make accessible specifically per builder.
895 Takes pkgs as argument and should return a single path containing binaries.
896 This path will be accessible as BUILDBOT_PATH_<attrskey>
897 '';
898 };
899 webhookTokens = mkOption {
900 type = nullOr (listOf str);
901 default = null;
902 description = ''
903 List of tokens allowed to push to project’s change_hook/base endpoint
904 '';
905 };
906 };
907 });
908 };
909 };
910 };
911 };
912 tools = mkOption {
913 description = "Tools configurations";
914 type = submodule {
915 options = {
916 contact = mkOption { type = str; description = "Contact e-mail address"; };
917 assets = mkOption {
918 default = {};
919 type = attrsOf (submodule {
920 options = {
921 url = mkOption { type = str; description = "URL to fetch"; };
922 sha256 = mkOption { type = str; description = "Hash of the url"; };
923 };
924 });
925 description = "Assets to provide on assets.immae.eu";
926 };
927 davical = mkOption {
928 description = "Davical configuration";
929 type = submodule {
930 options = {
931 postgresql = mkPsqlOptions "Davical";
932 ldap = mkLdapOptions "Davical" {};
933 };
934 };
935 };
936 diaspora = mkOption {
937 description = "Diaspora configuration";
938 type = submodule {
939 options = {
940 postgresql = mkPsqlOptions "Diaspora";
941 redis = mkRedisOptions "Diaspora";
942 ldap = mkLdapOptions "Diaspora" {};
943 secret_token = mkOption { type = str; description = "Secret token"; };
944 };
945 };
946 };
947 dmarc_reports = mkOption {
948 description = "DMARC reports configuration";
949 type = submodule {
950 options = {
951 mysql = mkMysqlOptions "DMARC" {};
952 anonymous_key = mkOption { type = str; description = "Anonymous hashing key"; };
953 };
954 };
955 };
956 etherpad-lite = mkOption {
957 description = "Etherpad configuration";
958 type = submodule {
959 options = {
960 postgresql = mkPsqlOptions "Etherpad";
961 ldap = mkLdapOptions "Etherpad" {
962 group_filter = mkOption { type = str; description = "Filter for groups"; };
963 };
964 adminPassword = mkOption { type = str; description = "Admin password for mypads / admin"; };
965 session_key = mkOption { type = str; description = "Session key"; };
966 api_key = mkOption { type = str; description = "API key"; };
967 };
968 };
969 };
970 gitolite = mkOption {
971 description = "Gitolite configuration";
972 type = submodule {
973 options = {
974 ldap = mkLdapOptions "Gitolite" {};
975 ssh_key = mkOption {
976 description = "SSH key information";
977 type = submodule {
978 options = {
979 public = mkOption { type = str; description = "Public part of the key"; };
980 private = mkOption { type = lines; description = "Private part of the key"; };
981 };
982 };
983 };
984 };
985 };
986 };
987 kanboard = mkOption {
988 description = "Kanboard configuration";
989 type = submodule {
990 options = {
991 postgresql = mkPsqlOptions "Kanboard";
992 ldap = mkLdapOptions "Kanboard" {
993 admin_dn = mkOption { type = str; description = "Admin DN"; };
994 };
995 };
996 };
997 };
998 mantisbt = mkOption {
999 description = "Mantisbt configuration";
1000 type = submodule {
1001 options = {
1002 postgresql = mkPsqlOptions "Mantisbt";
1003 ldap = mkLdapOptions "Mantisbt" {};
1004 master_salt = mkOption { type = str; description = "Master salt for password hash"; };
1005 };
1006 };
1007 };
1008 mastodon = mkOption {
1009 description = "Mastodon configuration";
1010 type = submodule {
1011 options = {
1012 postgresql = mkPsqlOptions "Mastodon";
1013 redis = mkRedisOptions "Mastodon";
1014 ldap = mkLdapOptions "Mastodon" {};
1015 paperclip_secret = mkOption { type = str; description = "Paperclip secret"; };
1016 otp_secret = mkOption { type = str; description = "OTP secret"; };
1017 secret_key_base = mkOption { type = str; description = "Secret key base"; };
1018 vapid = mkOption {
1019 description = "vapid key";
1020 type = submodule {
1021 options = {
1022 private = mkOption { type = str; description = "Private key"; };
1023 public = mkOption { type = str; description = "Public key"; };
1024 };
1025 };
1026 };
1027 };
1028 };
1029 };
1030 mediagoblin = mkOption {
1031 description = "Mediagoblin configuration";
1032 type = submodule {
1033 options = {
1034 postgresql = mkPsqlOptions "Mediagoblin";
1035 redis = mkRedisOptions "Mediagoblin";
1036 ldap = mkLdapOptions "Mediagoblin" {};
1037 };
1038 };
1039 };
1040 nextcloud = mkOption {
1041 description = "Nextcloud configuration";
1042 type = submodule {
1043 options = {
1044 postgresql = mkPsqlOptions "Peertube";
1045 redis = mkRedisOptions "Peertube";
1046 password_salt = mkOption { type = str; description = "Password salt"; };
1047 instance_id = mkOption { type = str; description = "Instance ID"; };
1048 secret = mkOption { type = str; description = "App secret"; };
1049 };
1050 };
1051 };
1052 peertube = mkOption {
1053 description = "Peertube configuration";
1054 type = submodule {
1055 options = {
1056 listenPort = mkOption { type = port; description = "Port to listen to"; };
1057 postgresql = mkPsqlOptions "Peertube";
1058 redis = mkRedisOptions "Peertube";
1059 ldap = mkLdapOptions "Peertube" {};
1060 };
1061 };
1062 };
1063 syden_peertube = mkOption {
1064 description = "Peertube Syden configuration";
1065 type = submodule {
1066 options = {
1067 listenPort = mkOption { type = port; description = "Port to listen to"; };
1068 postgresql = mkPsqlOptions "Peertube";
1069 redis = mkRedisOptions "Peertube";
1070 };
1071 };
1072 };
1073 phpldapadmin = mkOption {
1074 description = "phpLdapAdmin configuration";
1075 type = submodule {
1076 options = {
1077 ldap = mkLdapOptions "phpldapadmin" {};
1078 };
1079 };
1080 };
1081 rompr = mkOption {
1082 description = "Rompr configuration";
1083 type = submodule {
1084 options = {
1085 mpd = mkOption {
1086 description = "MPD configuration";
1087 type = submodule {
1088 options = {
1089 host = mkOption { type = str; description = "Host for MPD"; };
1090 port = mkOption { type = port; description = "Port to access MPD host"; };
1091 };
1092 };
1093 };
1094 };
1095 };
1096 };
1097 roundcubemail = mkOption {
1098 description = "Roundcubemail configuration";
1099 type = submodule {
1100 options = {
1101 postgresql = mkPsqlOptions "TT-RSS";
1102 secret = mkOption { type = str; description = "Secret"; };
1103 };
1104 };
1105 };
1106 shaarli = mkOption {
1107 description = "Shaarli configuration";
1108 type = submodule {
1109 options = {
1110 ldap = mkLdapOptions "Shaarli" {};
1111 };
1112 };
1113 };
1114 status_engine = mkOption {
1115 description = "Status Engine configuration";
1116 type = submodule {
1117 options = {
1118 mysql = mkMysqlOptions "StatusEngine" {};
1119 ldap = mkLdapOptions "StatusEngine" {};
1120 };
1121 };
1122 };
1123 task = mkOption {
1124 description = "Taskwarrior configuration";
1125 type = submodule {
1126 options = {
1127 ldap = mkLdapOptions "Taskwarrior" {};
1128 taskwarrior-web = mkOption {
1129 description = "taskwarrior-web profiles";
1130 type = attrsOf (submodule {
1131 options = {
1132 uid = mkOption {
1133 type = listOf str;
1134 description = "List of ldap uids having access to this profile";
1135 };
1136 org = mkOption { type = str; description = "Taskd organisation"; };
1137 key = mkOption { type = str; description = "Taskd key"; };
1138 date = mkOption { type = str; description = "Preferred date format"; };
1139 };
1140 });
1141 };
1142 };
1143 };
1144 };
1145 ttrss = mkOption {
1146 description = "TT-RSS configuration";
1147 type = submodule {
1148 options = {
1149 postgresql = mkPsqlOptions "TT-RSS";
1150 ldap = mkLdapOptions "TT-RSS" {};
1151 };
1152 };
1153 };
1154 wallabag = mkOption {
1155 description = "Wallabag configuration";
1156 type = submodule {
1157 options = {
1158 postgresql = mkPsqlOptions "Wallabag";
1159 ldap = mkLdapOptions "Wallabag" {
1160 admin_filter = mkOption { type = str; description = "Admin users filter"; };
1161 };
1162 redis = mkRedisOptions "Wallabag";
1163 secret = mkOption { type = str; description = "App secret"; };
1164 };
1165 };
1166 };
1167 webhooks = mkOption {
1168 type = attrsOf str;
1169 description = "Mapping 'name'.php => script for webhooks";
1170 };
1171 csp_reports = mkOption {
1172 description = "CSP report configuration";
1173 type = submodule {
1174 options = {
1175 report_uri = mkOption { type = str; description = "URI to report CSP violations to"; };
1176 policies = mkOption { type = attrsOf str; description = "CSP policies to apply"; };
1177 };
1178 };
1179 };
1180 commento = mkOption {
1181 description = "Commento configuration";
1182 type = submodule {
1183 options = {
1184 listenPort = mkOption { type = port; description = "Port to listen to"; };
1185 postgresql = mkPsqlOptions "Commento";
1186 smtp = mkSmtpOptions "Commento";
1187 };
1188 };
1189 };
1190 cryptpad = mkOption {
1191 description = "Cryptpad configuration";
1192 type = attrsOf (submodule {
1193 options = {
1194 email = mkOption { type = str; description = "Admin e-mail"; };
1195 admins = mkOption { type = listOf str; description = "Instance admin public keys"; };
1196 port = mkOption { type = port; description = "Port to listen to"; };
1197 };
1198 });
1199 };
1200 ympd = mkOption {
1201 description = "Ympd configuration";
1202 type = submodule {
1203 options = {
1204 listenPort = mkOption { type = port; description = "Port to listen to"; };
1205 mpd = mkOption {
1206 description = "MPD configuration";
1207 type = submodule {
1208 options = {
1209 password = mkOption { type = str; description = "Password to access MPD host"; };
1210 host = mkOption { type = str; description = "Host for MPD"; };
1211 port = mkOption { type = port; description = "Port to access MPD host"; };
1212 };
1213 };
1214 };
1215 };
1216 };
1217 };
1218 umami = mkOption {
1219 description = "Umami configuration";
1220 type = submodule {
1221 options = {
1222 listenPort = mkOption { type = port; description = "Port to listen to"; };
1223 postgresql = mkPsqlOptions "Umami";
1224 hashSalt = mkOption { type = str; description = "Hash salt"; };
1225 };
1226 };
1227 };
1228 yourls = mkOption {
1229 description = "Yourls configuration";
1230 type = submodule {
1231 options = {
1232 mysql = mkMysqlOptions "Yourls" {};
1233 ldap = mkLdapOptions "Yourls" {};
1234 cookieKey = mkOption { type = str; description = "Cookie key"; };
1235 };
1236 };
1237 };
1238 };
1239 };
1240 };
1241 serverSpecific = mkOption { type = attrsOf unspecified; description = "Server specific configuration"; };
1242 websites = mkOption {
1243 description = "Websites configurations";
1244 type = submodule {
1245 options = {
1246 christophe_carpentier = mkOption {
1247 description = "Christophe Carpentier configuration by environment";
1248 type = submodule {
1249 options = {
1250 agorakit = mkOption {
1251 description = "Agorakit configuration";
1252 type = submodule {
1253 options = {
1254 mysql = mkMysqlOptions "Agorakit" {};
1255 smtp = mkSmtpOptions "Agorakit";
1256 appkey = mkOption { type = str; description = "App key"; };
1257 };
1258 };
1259 };
1260 };
1261 };
1262 };
1263 immae = mkOption {
1264 description = "Immae configuration by environment";
1265 type = submodule {
1266 options = {
1267 temp = mkOption {
1268 description = "Temp configuration";
1269 type = submodule {
1270 options = {
1271 ldap = mkLdapOptions "Immae temp" {
1272 filter = mkOption { type = str; description = "Filter for user access"; };
1273 };
1274 };
1275 };
1276 };
1277 };
1278 };
1279 };
1280 isabelle = mkOption {
1281 description = "Isabelle configurations by environment";
1282 type =
1283 let
1284 atenSubmodule = mkOption {
1285 description = "environment configuration";
1286 type = submodule {
1287 options = {
1288 environment = mkOption { type = str; description = "Symfony environment"; };
1289 secret = mkOption { type = str; description = "Symfony App secret"; };
1290 postgresql = mkPsqlOptions "Aten";
1291 };
1292 };
1293 };
1294 in
1295 submodule {
1296 options = {
1297 aten_production = atenSubmodule;
1298 aten_integration = atenSubmodule;
1299 iridologie = mkOption {
1300 description = "environment configuration";
1301 type = submodule {
1302 options = {
1303 environment = mkOption { type = str; description = "SPIP environment"; };
1304 mysql = mkMysqlOptions "Iridologie" {};
1305 ldap = mkLdapOptions "Iridologie" {};
1306 };
1307 };
1308 };
1309 };
1310 };
1311 };
1312 chloe = mkOption {
1313 description = "Chloe configurations by environment";
1314 type =
1315 let
1316 chloeSubmodule = mkOption {
1317 description = "environment configuration";
1318 type = submodule {
1319 options = {
1320 environment = mkOption { type = str; description = "SPIP environment"; };
1321 mysql = mkMysqlOptions "Chloe" {};
1322 ldap = mkLdapOptions "Chloe" {};
1323 };
1324 };
1325 };
1326 in
1327 submodule {
1328 options = {
1329 production = chloeSubmodule;
1330 integration = chloeSubmodule;
1331 new = mkOption {
1332 description = "environment configuration";
1333 type = submodule {
1334 options = {
1335 mysql = mkMysqlOptions "ChloeNew" {};
1336 ldap = mkLdapOptions "ChloeNew" {};
1337 secret = mkOption { type = str; description = "Symfony App secret"; };
1338 };
1339 };
1340 };
1341 };
1342 };
1343 };
1344 connexionswing = mkOption {
1345 description = "Connexionswing configurations by environment";
1346 type =
1347 let
1348 csSubmodule = mkOption {
1349 description = "environment configuration";
1350 type = submodule {
1351 options = {
1352 environment = mkOption { type = str; description = "Symfony environment"; };
1353 mysql = mkMysqlOptions "Connexionswing" {};
1354 secret = mkOption { type = str; description = "Symfony App secret"; };
1355 email = mkOption { type = str; description = "Symfony email notification"; };
1356 };
1357 };
1358 };
1359 in
1360 submodule {
1361 options = {
1362 production = csSubmodule;
1363 integration = csSubmodule;
1364 };
1365 };
1366 };
1367 jerome = mkOption {
1368 description = "Naturaloutil configuration";
1369 type = submodule {
1370 options = {
1371 mysql = mkMysqlOptions "Naturaloutil" {};
1372 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1373 };
1374 };
1375 };
1376 telio_tortay = mkOption {
1377 description = "Telio Tortay configuration";
1378 type = submodule {
1379 options = {
1380 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1381 };
1382 };
1383 };
1384 ludivine = mkOption {
1385 description = "Ludivinecassal configurations by environment";
1386 type =
1387 let
1388 lcSubmodule = mkOption {
1389 description = "environment configuration";
1390 type = submodule {
1391 options = {
1392 environment = mkOption { type = str; description = "Symfony environment"; };
1393 mysql = mkMysqlOptions "LudivineCassal" {};
1394 ldap = mkLdapOptions "LudivineCassal" {};
1395 secret = mkOption { type = str; description = "Symfony App secret"; };
1396 };
1397 };
1398 };
1399 in
1400 submodule {
1401 options = {
1402 production = lcSubmodule;
1403 integration = lcSubmodule;
1404 };
1405 };
1406 };
1407 nicecoop = mkOption {
1408 description = "Nicecoop configuration";
1409 type = submodule {
1410 options = {
1411 odoo = {
1412 port = mkOption { description = "Port to listen to"; type = port; };
1413 longpoll_port = mkOption { description = "Port to listen to"; type = port; };
1414 postgresql = mkPsqlOptions "Odoo";
1415 admin_password = mkOption { type = str; description = "Admin password"; };
1416 };
1417 gestion-compte = {
1418 smtp = mkSmtpOptions "GestionCompte";
1419 mysql = mkMysqlOptions "gestion-compte" {};
1420 secret = mkOption { type = str; description = "Application secret"; };
1421 adminpassword = mkOption { type = str; description = "Admin password"; };
1422 };
1423 gestion-compte-integration = {
1424 smtp = mkSmtpOptions "GestionCompte";
1425 mysql = mkMysqlOptions "gestion-compte" {};
1426 secret = mkOption { type = str; description = "Application secret"; };
1427 adminpassword = mkOption { type = str; description = "Admin password"; };
1428 };
1429 copanier = {
1430 smtp = mkSmtpOptions "Copanier";
1431 staff = mkOption { type = listOf str; description = "List of staff members"; };
1432 };
1433 };
1434 };
1435 };
1436 emilia = mkOption {
1437 description = "Emilia configuration";
1438 type = submodule {
1439 options = {
1440 postgresql = mkPsqlOptions "Emilia";
1441 };
1442 };
1443 };
1444 florian = mkOption {
1445 description = "Florian configuration";
1446 type = submodule {
1447 options = {
1448 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1449 };
1450 };
1451 };
1452 nassime = mkOption {
1453 description = "Nassime configuration";
1454 type = submodule {
1455 options = {
1456 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1457 };
1458 };
1459 };
1460 piedsjaloux = mkOption {
1461 description = "Piedsjaloux configurations by environment";
1462 type =
1463 let
1464 pjSubmodule = mkOption {
1465 description = "environment configuration";
1466 type = submodule {
1467 options = {
1468 environment = mkOption { type = str; description = "Symfony environment"; };
1469 mysql = mkMysqlOptions "Piedsjaloux" {};
1470 secret = mkOption { type = str; description = "Symfony App secret"; };
1471 };
1472 };
1473 };
1474 in
1475 submodule {
1476 options = {
1477 production = pjSubmodule;
1478 integration = pjSubmodule;
1479 };
1480 };
1481 };
1482 richie = mkOption {
1483 description = "Europe Richie configurations by environment";
1484 type = submodule {
1485 options = {
1486 mysql = mkMysqlOptions "Richie" {};
1487 smtp_mailer = mkOption {
1488 description = "SMTP mailer configuration";
1489 type = submodule {
1490 options = {
1491 user = mkOption { type = str; description = "Username"; };
1492 password = mkOption { type = str; description = "Password"; };
1493 };
1494 };
1495 };
1496 };
1497 };
1498 };
1499 caldance = mkOption {
1500 description = "Caldance configurations by environment";
1501 type = submodule {
1502 options = {
1503 integration = mkOption {
1504 description = "environment configuration";
1505 type = submodule {
1506 options = {
1507 password = mkOption { type = str; description = "Password file content for basic auth"; };
1508 };
1509 };
1510 };
1511 };
1512 };
1513 };
1514 tellesflorian = mkOption {
1515 description = "Tellesflorian configurations by environment";
1516 type =
1517 let
1518 tfSubmodule = mkOption {
1519 description = "environment configuration";
1520 type = submodule {
1521 options = {
1522 environment = mkOption { type = str; description = "Symfony environment"; };
1523 mysql = mkMysqlOptions "Tellesflorian" {};
1524 secret = mkOption { type = str; description = "Symfony App secret"; };
1525 invite_passwords = mkOption { type = str; description = "Password basic auth"; };
1526 };
1527 };
1528 };
1529 in
1530 submodule {
1531 options = {
1532 integration = tfSubmodule;
1533 };
1534 };
1535 };
1536 };
1537 };
1538 };
1539 };
1540 options.hostEnv = mkOption {
1541 readOnly = true;
1542 type = hostEnv;
1543 default = config.myEnv.servers."${name}";
1544 description = "Host environment";
1545 };
1546 }
My infrastructure configuration