7 base = mkOption { description = "Base of the LDAP tree"; type = str; };
8 host = mkOption { description = "Host to access LDAP"; type = str; };
9 root_dn = mkOption { description = "DN of the root user"; type = str; };
10 root_pw = mkOption { description = "Hashed password of the root user"; type = str; };
11 replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; };
12 replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; };
14 mkLdapOptions = name: more: mkOption {
15 description = "${name} LDAP configuration";
17 options = ldapOptions // {
18 dn = mkOption { description = "DN of the ${name} user"; type = str; };
19 password = mkOption { description = "password of the ${name} user"; type = str; };
20 filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; };
25 host = mkOption { description = "Host to access Mysql"; type = str; };
26 port = mkOption { description = "Port to access Mysql"; type = str; };
27 socket = mkOption { description = "Socket to access Mysql"; type = path; };
28 systemUsers = mkOption {
29 description = "Attrs of user-passwords allowed to access mysql";
33 description = "PAM configuration for mysql";
36 dn = mkOption { description = "DN to connect as to check users"; type = str; };
37 password = mkOption { description = "DN password to connect as to check users"; type = str; };
38 filter = mkOption { description = "filter to match users"; type = str; };
43 mkMysqlOptions = name: mkOption {
44 description = "${name} mysql configuration";
46 options = mysqlOptions // {
47 database = mkOption { description = "${name} database"; type = str; };
48 user = mkOption { description = "${name} user"; type = str; };
49 password = mkOption { description = "mysql password of the ${name} user"; type = str; };
54 host = mkOption { description = "Host to access Postgresql"; type = str; };
55 port = mkOption { description = "Port to access Postgresql"; type = str; };
56 socket = mkOption { description = "Socket to access Postgresql"; type = path; };
58 description = "PAM configuration for psql";
61 dn = mkOption { description = "DN to connect as to check users"; type = str; };
62 password = mkOption { description = "DN password to connect as to check users"; type = str; };
63 filter = mkOption { description = "filter to match users"; type = str; };
68 mkPsqlOptions = name: mkOption {
69 description = "${name} psql configuration";
71 options = psqlOptions // {
72 database = mkOption { description = "${name} database"; type = str; };
73 schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; };
74 user = mkOption { description = "${name} user"; type = str; };
75 password = mkOption { description = "psql password of the ${name} user"; type = str; };
80 host = mkOption { description = "Host to access Redis"; type = str; };
81 port = mkOption { description = "Port to access Redis"; type = str; };
82 socket = mkOption { description = "Socket to access Redis"; type = path; };
84 description = "Attrs of db number. Each number should be unique to avoid collision!";
87 spiped_key = mkOption {
90 Key to use with spiped to make a secure channel to replication
94 description = "Predixy configuration. Unused yet";
97 read = mkOption { type = str; description = "Read password"; };
102 mkRedisOptions = name: mkOption {
103 description = "${name} redis configuration";
105 options = redisOptions // {
106 db = mkOption { description = "${name} database"; type = str; };
115 Attrs of servers information in the cluster (not necessarily handled by nixops)
118 type = attrsOf (submodule {
122 LDAP credentials for the host
126 password = mkOption { type = string; description = "Password for the LDAP connection"; };
127 dn = mkOption { type = string; description = "DN for the LDAP connection"; };
133 attrs of ip4/ip6 grouped by section
135 type = attrsOf (submodule {
140 ip4 address of the host
144 type = listOf string;
147 ip6 addresses of the host
156 hetznerCloud = mkOption {
158 Hetzner Cloud credential information
162 authToken = mkOption {
173 Hetzner credential information
177 user = mkOption { type = str; description = "User"; };
178 pass = mkOption { type = str; description = "Password"; };
184 sshd service credential information
190 LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn
194 password = mkOption { description = "Password"; type = str; };
203 non-standard reserved ports. Must be unique!
208 noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x));
210 x: if isAttrs x && noDupl x then x else throw "Non unique values for ports";
214 httpd service credential information
220 LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn
224 password = mkOption { description = "Password"; type = str; };
233 LDAP server configuration
236 options = ldapOptions;
239 databases = mkOption {
240 description = "Databases configuration";
244 type = submodule { options = mysqlOptions; };
245 description = "Mysql configuration";
248 type = submodule { options = redisOptions; };
249 description = "Redis configuration";
251 postgresql = mkOption {
252 type = submodule { options = psqlOptions; };
253 description = "Postgresql configuration";
259 description = "Jabber configuration";
262 postfix_user_filter = mkOption { type = str; description = "Postfix filter to get xmpp users"; };
263 ldap = mkLdapOptions "Jabber" {};
264 postgresql = mkPsqlOptions "Jabber";
269 description = "System and regular users uid/gid";
270 type = attrsOf (submodule {
273 description = "user uid";
277 description = "user gid";
284 description = "DNS configuration";
288 description = "SOA information";
292 description = "Serial number. Should be incremented at each change and unique";
296 description = "Refresh time";
300 description = "Retry time";
304 description = "Expire time";
308 description = "Default TTL time";
312 description = "hostmaster e-mail";
316 description = "Primary NS";
323 description = "Attrs of NS servers group";
326 "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ];
327 "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ];
330 type = attrsOf (attrsOf (listOf str));
332 slaveZones = mkOption {
333 description = "List of slave zones";
334 type = listOf (submodule {
336 name = mkOption { type = str; description = "zone name"; };
338 description = "NS master groups of this zone";
344 masterZones = mkOption {
345 description = "List of master zones";
346 type = listOf (submodule {
348 name = mkOption { type = str; description = "zone name"; };
350 description = "NS slave groups of this zone";
354 description = "groups names that should have their NS entries listed here";
358 description = "Extra zone configuration for bind";
364 entries = mkOption { type = lines; description = "Regular entries of the NS zone"; };
365 withEmail = mkOption {
366 description = "List of domains that should have mail entries (MX, dkim, SPF, ...)";
368 type = listOf (submodule {
370 domain = mkOption { type = str; description = "Which subdomain is concerned"; };
371 send = mkOption { type = bool; description = "Whether there can be e-mails originating from the subdomain"; };
372 receive = mkOption { type = bool; description = "Whether there can be e-mails arriving to the subdomain"; };
384 Remote backup with duplicity
388 password = mkOption { type = str; description = "Password for encrypting files"; };
389 remote = mkOption { type = str; description = "Remote url access"; };
390 accessKeyId = mkOption { type = str; description = "Remote access-key"; };
391 secretAccessKey = mkOption { type = str; description = "Remote access secret"; };
395 rsync_backup = mkOption {
397 Rsync backup configuration from controlled host
401 mailto = mkOption { type = str; description = "Where to e-mail on error"; };
403 description = "SSH key information";
406 public = mkOption { type = str; description = "Public part of the key"; };
407 private = mkOption { type = lines; description = "Private part of the key"; };
411 profiles = mkOption {
412 description = "Attrs of profiles to backup";
413 type = attrsOf (submodule {
415 keep = mkOption { type = int; description = "Number of backups to keep"; };
416 login = mkOption { type = str; description = "Login to connect to host"; };
417 port = mkOption { type = str; default = "22"; description = "Port to connect to host"; };
418 host = mkOption { type = str; description = "Host to connect to"; };
419 host_key = mkOption { type = str; description = "Host key"; };
420 host_key_type = mkOption { type = str; description = "Host key type"; };
422 description = "Parts to backup for this host";
423 type = attrsOf (submodule {
425 remote_folder = mkOption { type = path; description = "Remote folder to backup";};
426 exclude_from = mkOption {
429 description = "List of folders/files to exclude from the backup";
431 files_from = mkOption {
434 description = "List of folders/files to backup in the base folder";
439 description = "Extra arguments to pass to rsync";
450 monitoring = mkOption {
451 description = "Monitoring configuration";
454 status_url = mkOption { type = str; description = "URL to push status to"; };
455 status_token = mkOption { type = str; description = "Token for the status url"; };
456 email = mkOption { type = str; description = "Admin E-mail"; };
461 description = "MPD configuration";
464 folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; };
465 password = mkOption { type = str; description = "Password to connect to the MPD instance"; };
466 host = mkOption { type = str; description = "Host to connect to the MPD instance"; };
467 port = mkOption { type = str; description = "Port to connect to the MPD instance"; };
472 description = "FTP configuration";
475 ldap = mkLdapOptions "FTP" {};
480 description = "Mail configuration";
484 description = "DMARC configuration";
487 ignore_hosts = mkOption {
490 Hosts to ignore when checking for dmarc
497 description = "DKIM configuration";
498 type = attrsOf (submodule {
504 "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB" )
506 description = "Public entry to put in DNS TXT field";
508 private = mkOption { type = str; description = "Private key"; };
513 description = "Postfix configuration";
516 additional_mailbox_domains = mkOption {
518 List of domains that are used as mailbox final destination, in addition to those defined in the DNS records
522 mysql = mkMysqlOptions "Postfix";
523 backup_domains = mkOption {
525 Domains that are accepted for relay as backup domain
527 type = attrsOf (submodule {
529 domains = mkOption { type = listOf str; description = "Domains list"; };
530 relay_restrictions = mkOption {
533 Restrictions for relaying the e-mails from the domains
536 recipient_maps = mkOption {
538 Recipient map to accept relay for.
539 Must be specified for domain, the rules apply to everyone!
541 type = listOf (submodule {
544 type = enum [ "hash" ];
545 description = "Map type";
549 description = "Map content";
561 description = "Dovecot configuration";
564 ldap = mkLdapOptions "Dovecot" {
565 pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; };
566 user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; };
567 iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; };
568 iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; };
574 description = "rspamd configuration";
577 redis = mkRedisOptions "Redis";
578 read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; };
579 write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; };
580 read_password = mkOption {
582 description = "Read password for rspamd. Unused";
585 write_password = mkOption {
587 description = "Write password for rspamd. Unused";
594 description = "Mail script recipients";
595 type = attrsOf (submodule {
597 external = mkEnableOption "Create a script_<name>@mail.immae.eu external address";
600 git source to fetch the script from.
601 It must have a default.nix file as its root accepting a scriptEnv parameter
605 url = mkOption { type = str; description = "git url to fetch"; };
606 rev = mkOption { type = str; description = "git reference to fetch"; };
611 description = "Variables to pass to the script";
620 buildbot = mkOption {
621 description = "Buildbot configuration";
625 description = "Buildbot user";
629 description = "user uid";
633 description = "user gid";
640 description = "Ldap configuration for buildbot";
643 password = mkOption { type = str; description = "Buildbot password"; };
647 projects = mkOption {
648 description = "Projects to make a buildbot for";
649 type = attrsOf (submodule {
651 name = mkOption { type = str; description = "Project name"; };
652 packages = mkOption {
654 example = literalExample ''
655 pkgs: [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ];
659 Builds packages list to make available to buildbot project.
660 Takes pkgs as argument.
663 pythonPackages = mkOption {
665 example = literalExample ''
666 p: pkgs: [ pkgs.python3Packages.pip ];
670 Builds python packages list to make available to buildbot project.
671 Takes buildbot python module as first argument and pkgs as second argument in order to augment the python modules list.
674 pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; };
677 description = "Secrets for the project to dump as files";
679 environment = mkOption {
682 Environment variables for the project.
683 BUILDBOT_ is prefixed to the variable names
686 activationScript = mkOption {
689 Activation script to run during deployment
692 builderPaths = mkOption {
693 type = attrsOf unspecified;
696 Attrs of functions to make accessible specifically per builder.
697 Takes pkgs as argument and should return a single path containing binaries.
698 This path will be accessible as BUILDBOT_PATH_<attrskey>
701 webhookTokens = mkOption {
702 type = nullOr (listOf str);
705 List of tokens allowed to push to project’s change_hook/base endpoint
715 description = "Tools configurations";
719 description = "Davical configuration";
722 postgresql = mkPsqlOptions "Davical";
723 ldap = mkLdapOptions "Davical" {};
727 diaspora = mkOption {
728 description = "Diaspora configuration";
731 postgresql = mkPsqlOptions "Diaspora";
732 redis = mkRedisOptions "Diaspora";
733 ldap = mkLdapOptions "Diaspora" {};
734 secret_token = mkOption { type = str; description = "Secret token"; };
738 etherpad-lite = mkOption {
739 description = "Etherpad configuration";
742 postgresql = mkPsqlOptions "Etherpad";
743 ldap = mkLdapOptions "Etherpad" {
744 group_filter = mkOption { type = str; description = "Filter for groups"; };
746 session_key = mkOption { type = str; description = "Session key"; };
747 api_key = mkOption { type = str; description = "API key"; };
748 redirects = mkOption { type = str; description = "Redirects for apache"; };
752 gitolite = mkOption {
753 description = "Gitolite configuration";
756 ldap = mkLdapOptions "Gitolite" {};
760 kanboard = mkOption {
761 description = "Kanboard configuration";
764 postgresql = mkPsqlOptions "Kanboard";
765 ldap = mkLdapOptions "Kanboard" {
766 admin_dn = mkOption { type = str; description = "Admin DN"; };
771 mantisbt = mkOption {
772 description = "Mantisbt configuration";
775 postgresql = mkPsqlOptions "Mantisbt";
776 ldap = mkLdapOptions "Mantisbt" {};
777 master_salt = mkOption { type = str; description = "Master salt for password hash"; };
781 mastodon = mkOption {
782 description = "Mastodon configuration";
785 postgresql = mkPsqlOptions "Mastodon";
786 redis = mkRedisOptions "Mastodon";
787 ldap = mkLdapOptions "Mastodon" {};
788 paperclip_secret = mkOption { type = str; description = "Paperclip secret"; };
789 otp_secret = mkOption { type = str; description = "OTP secret"; };
790 secret_key_base = mkOption { type = str; description = "Secret key base"; };
792 description = "vapid key";
795 private = mkOption { type = str; description = "Private key"; };
796 public = mkOption { type = str; description = "Public key"; };
803 mediagoblin = mkOption {
804 description = "Mediagoblin configuration";
807 postgresql = mkPsqlOptions "Mediagoblin";
808 redis = mkRedisOptions "Mediagoblin";
809 ldap = mkLdapOptions "Mediagoblin" {};
813 nextcloud = mkOption {
814 description = "Nextcloud configuration";
817 postgresql = mkPsqlOptions "Peertube";
818 redis = mkRedisOptions "Peertube";
819 password_salt = mkOption { type = str; description = "Password salt"; };
820 instance_id = mkOption { type = str; description = "Instance ID"; };
821 secret = mkOption { type = str; description = "App secret"; };
825 peertube = mkOption {
826 description = "Peertube configuration";
829 listenPort = mkOption { type = port; description = "Port to listen to"; };
830 postgresql = mkPsqlOptions "Peertube";
831 redis = mkRedisOptions "Peertube";
832 ldap = mkLdapOptions "Peertube" {};
836 phpldapadmin = mkOption {
837 description = "phpLdapAdmin configuration";
840 ldap = mkLdapOptions "phpldapadmin" {};
845 description = "Rompr configuration";
849 description = "MPD configuration";
852 host = mkOption { type = str; description = "Host for MPD"; };
853 port = mkOption { type = port; description = "Port to access MPD host"; };
860 roundcubemail = mkOption {
861 description = "Roundcubemail configuration";
864 postgresql = mkPsqlOptions "TT-RSS";
865 secret = mkOption { type = str; description = "Secret"; };
870 description = "Shaarli configuration";
873 ldap = mkLdapOptions "Shaarli" {};
878 description = "Taskwarrior configuration";
881 ldap = mkLdapOptions "Taskwarrior" {};
882 taskwarrior-web = mkOption {
883 description = "taskwarrior-web profiles";
884 type = attrsOf (submodule {
888 description = "List of ldap uids having access to this profile";
890 org = mkOption { type = str; description = "Taskd organisation"; };
891 key = mkOption { type = str; description = "Taskd key"; };
892 date = mkOption { type = str; description = "Preferred date format"; };
900 description = "TT-RSS configuration";
903 postgresql = mkPsqlOptions "TT-RSS";
904 ldap = mkLdapOptions "TT-RSS" {};
908 wallabag = mkOption {
909 description = "Wallabag configuration";
912 postgresql = mkPsqlOptions "Wallabag";
913 ldap = mkLdapOptions "Wallabag" {
914 admin_filter = mkOption { type = str; description = "Admin users filter"; };
916 redis = mkRedisOptions "Wallabag";
917 secret = mkOption { type = str; description = "App secret"; };
922 description = "Ympd configuration";
925 listenPort = mkOption { type = port; description = "Port to listen to"; };
927 description = "MPD configuration";
930 password = mkOption { type = str; description = "Password to access MPD host"; };
931 host = mkOption { type = str; description = "Host for MPD"; };
932 port = mkOption { type = port; description = "Port to access MPD host"; };
940 description = "Yourls configuration";
943 mysql = mkMysqlOptions "Yourls";
944 ldap = mkLdapOptions "Yourls" {};
945 cookieKey = mkOption { type = str; description = "Cookie key"; };
952 websites = mkOption {
953 description = "Websites configurations";
956 isabelle = mkOption {
957 description = "Isabelle configurations by environment";
960 atenSubmodule = mkOption {
961 description = "environment configuration";
964 environment = mkOption { type = str; description = "Symfony environment"; };
965 secret = mkOption { type = str; description = "Symfony App secret"; };
966 postgresql = mkPsqlOptions "Aten";
973 aten_production = atenSubmodule;
974 aten_integration = atenSubmodule;
979 description = "Chloe configurations by environment";
982 chloeSubmodule = mkOption {
983 description = "environment configuration";
986 environment = mkOption { type = str; description = "Symfony environment"; };
987 mysql = mkMysqlOptions "Chloe";
988 ldap = mkLdapOptions "Chloe" {};
995 production = chloeSubmodule;
996 integration = chloeSubmodule;
1000 connexionswing = mkOption {
1001 description = "Connexionswing configurations by environment";
1004 csSubmodule = mkOption {
1005 description = "environment configuration";
1008 environment = mkOption { type = str; description = "Symfony environment"; };
1009 mysql = mkMysqlOptions "Connexionswing";
1010 secret = mkOption { type = str; description = "Symfony App secret"; };
1011 email = mkOption { type = str; description = "Symfony email notification"; };
1018 production = csSubmodule;
1019 integration = csSubmodule;
1024 description = "Naturaloutil configuration";
1027 mysql = mkMysqlOptions "Naturaloutil";
1028 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1032 telioTortay = mkOption {
1033 description = "Telio Tortay configuration";
1036 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1040 ludivinecassal = mkOption {
1041 description = "Ludivinecassal configurations by environment";
1044 lcSubmodule = mkOption {
1045 description = "environment configuration";
1048 environment = mkOption { type = str; description = "Symfony environment"; };
1049 mysql = mkMysqlOptions "LudivineCassal";
1050 ldap = mkLdapOptions "LudivineCassal" {};
1051 secret = mkOption { type = str; description = "Symfony App secret"; };
1058 production = lcSubmodule;
1059 integration = lcSubmodule;
1064 description = "Emilia configuration";
1067 postgresql = mkPsqlOptions "Emilia";
1071 florian = mkOption {
1072 description = "Florian configuration";
1075 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1079 nassime = mkOption {
1080 description = "Nassime configuration";
1083 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1087 piedsjaloux = mkOption {
1088 description = "Piedsjaloux configurations by environment";
1091 pjSubmodule = mkOption {
1092 description = "environment configuration";
1095 environment = mkOption { type = str; description = "Symfony environment"; };
1096 mysql = mkMysqlOptions "Piedsjaloux";
1097 secret = mkOption { type = str; description = "Symfony App secret"; };
1104 production = pjSubmodule;
1105 integration = pjSubmodule;
1110 description = "Europe Richie configurations by environment";
1113 mysql = mkMysqlOptions "Richie";
1114 smtp_mailer = mkOption {
1115 description = "SMTP mailer configuration";
1118 user = mkOption { type = str; description = "Username"; };
1119 password = mkOption { type = str; description = "Password"; };
1126 tellesflorian = mkOption {
1127 description = "Tellesflorian configurations by environment";
1130 tfSubmodule = mkOption {
1131 description = "environment configuration";
1134 environment = mkOption { type = str; description = "Symfony environment"; };
1135 mysql = mkMysqlOptions "Tellesflorian";
1136 secret = mkOption { type = str; description = "Symfony App secret"; };
1137 invite_passwords = mkOption { type = str; description = "Password basic auth"; };
1144 integration = tfSubmodule;
1152 privateFiles = mkOption {
1155 Path to secret files to make available during build
1163 FQDN of the current host.