]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/environment.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Move notification systems to apprise
[perso/Immae/Config/Nix.git] / modules / private / environment.nix
1 { config, lib, name, ... }:
2 with lib;
3 with types;
4 with lists;
5 let
6 ldapOptions = {
7 base = mkOption { description = "Base of the LDAP tree"; type = str; };
8 host = mkOption { description = "Host to access LDAP"; type = str; };
9 root_dn = mkOption { description = "DN of the root user"; type = str; };
10 root_pw = mkOption { description = "Hashed password of the root user"; type = str; };
11 replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; };
12 replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; };
13 };
14 mkLdapOptions = name: more: mkOption {
15 description = "${name} LDAP configuration";
16 type = submodule {
17 options = ldapOptions // {
18 dn = mkOption { description = "DN of the ${name} user"; type = str; };
19 password = mkOption { description = "password of the ${name} user"; type = str; };
20 filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; };
21 } // more;
22 };
23 };
24 mysqlOptions = {
25 host = mkOption { description = "Host to access Mysql"; type = str; };
26 remoteHost = mkOption { description = "Host to access Mysql from outside"; type = str; };
27 port = mkOption { description = "Port to access Mysql"; type = str; };
28 socket = mkOption { description = "Socket to access Mysql"; type = path; };
29 systemUsers = mkOption {
30 description = "Attrs of user-passwords allowed to access mysql";
31 type = attrsOf str;
32 };
33 pam = mkOption {
34 description = "PAM configuration for mysql";
35 type = submodule {
36 options = {
37 dn = mkOption { description = "DN to connect as to check users"; type = str; };
38 password = mkOption { description = "DN password to connect as to check users"; type = str; };
39 filter = mkOption { description = "filter to match users"; type = str; };
40 };
41 };
42 };
43 };
44 mkMysqlOptions = name: more: mkOption {
45 description = "${name} mysql configuration";
46 type = submodule {
47 options = mysqlOptions // {
48 database = mkOption { description = "${name} database"; type = str; };
49 user = mkOption { description = "${name} user"; type = str; };
50 password = mkOption { description = "mysql password of the ${name} user"; type = str; };
51 } // more;
52 };
53 };
54 psqlOptions = {
55 host = mkOption { description = "Host to access Postgresql"; type = str; };
56 port = mkOption { description = "Port to access Postgresql"; type = str; };
57 socket = mkOption { description = "Socket to access Postgresql"; type = path; };
58 pam = mkOption {
59 description = "PAM configuration for psql";
60 type = submodule {
61 options = {
62 dn = mkOption { description = "DN to connect as to check users"; type = str; };
63 password = mkOption { description = "DN password to connect as to check users"; type = str; };
64 filter = mkOption { description = "filter to match users"; type = str; };
65 };
66 };
67 };
68 };
69 mkPsqlOptions = name: mkOption {
70 description = "${name} psql configuration";
71 type = submodule {
72 options = psqlOptions // {
73 database = mkOption { description = "${name} database"; type = str; };
74 schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; };
75 user = mkOption { description = "${name} user"; type = str; };
76 password = mkOption { description = "psql password of the ${name} user"; type = str; };
77 };
78 };
79 };
80 redisOptions = {
81 host = mkOption { description = "Host to access Redis"; type = str; };
82 port = mkOption { description = "Port to access Redis"; type = str; };
83 socket = mkOption { description = "Socket to access Redis"; type = path; };
84 dbs = mkOption {
85 description = "Attrs of db number. Each number should be unique to avoid collision!";
86 type = attrsOf str;
87 };
88 spiped_key = mkOption {
89 type = str;
90 description = ''
91 Key to use with spiped to make a secure channel to replication
92 '';
93 };
94 predixy = mkOption {
95 description = "Predixy configuration. Unused yet";
96 type = submodule {
97 options = {
98 read = mkOption { type = str; description = "Read password"; };
99 };
100 };
101 };
102 };
103 mkRedisOptions = name: mkOption {
104 description = "${name} redis configuration";
105 type = submodule {
106 options = redisOptions // {
107 db = mkOption { description = "${name} database"; type = str; };
108 };
109 };
110 };
111 smtpOptions = {
112 host = mkOption { description = "Host to access SMTP"; type = str; };
113 port = mkOption { description = "Port to access SMTP"; type = str; };
114 };
115 mkSmtpOptions = name: mkOption {
116 description = "${name} smtp configuration";
117 type = submodule {
118 options = smtpOptions // {
119 email = mkOption { description = "${name} email"; type = str; };
120 password = mkOption { description = "SMTP password of the ${name} user"; type = str; };
121 };
122 };
123 };
124 hostEnv = submodule {
125 options = {
126 fqdn = mkOption {
127 description = "Host FQDN";
128 type = str;
129 };
130 users = mkOption {
131 type = unspecified;
132 default = pkgs: [];
133 description = ''
134 Sublist of users from realUsers. Function that takes pkgs as
135 argument and gives an array as a result
136 '';
137 };
138 emails = mkOption {
139 default = [];
140 description = "List of e-mails that the server can be a sender of";
141 type = listOf str;
142 };
143 ldap = mkOption {
144 description = ''
145 LDAP credentials for the host
146 '';
147 type = submodule {
148 options = {
149 password = mkOption { type = str; description = "Password for the LDAP connection"; };
150 dn = mkOption { type = str; description = "DN for the LDAP connection"; };
151 };
152 };
153 };
154 mx = mkOption {
155 description = "subdomain and priority for MX server";
156 default = { enable = false; };
157 type = submodule {
158 options = {
159 enable = mkEnableOption "Enable MX";
160 subdomain = mkOption { type = nullOr str; description = "Subdomain name (mx-*)"; };
161 priority = mkOption { type = nullOr str; description = "Priority"; };
162 };
163 };
164 };
165 ips = mkOption {
166 description = ''
167 attrs of ip4/ip6 grouped by section
168 '';
169 type = attrsOf (submodule {
170 options = {
171 ip4 = mkOption {
172 type = listOf str;
173 default = [];
174 description = ''
175 ip4 addresses of the host
176 '';
177 };
178 ip6 = mkOption {
179 type = listOf str;
180 default = [];
181 description = ''
182 ip6 addresses of the host
183 '';
184 };
185 };
186 });
187 };
188 };
189 };
190 in
191 {
192 options.myEnv = {
193 servers = mkOption {
194 description = ''
195 Attrs of servers information in the cluster (not necessarily handled by nixops)
196 '';
197 default = {};
198 type = attrsOf hostEnv;
199 };
200 hetznerCloud = mkOption {
201 description = ''
202 Hetzner Cloud credential information
203 '';
204 type = submodule {
205 options = {
206 authToken = mkOption {
207 type = str;
208 description = ''
209 The API auth token.
210 '';
211 };
212 };
213 };
214 };
215 hetzner = mkOption {
216 description = ''
217 Hetzner credential information
218 '';
219 type = submodule {
220 options = {
221 user = mkOption { type = str; description = "User"; };
222 pass = mkOption { type = str; description = "Password"; };
223 };
224 };
225 };
226 sshd = mkOption {
227 description = ''
228 sshd service credential information
229 '';
230 type = submodule {
231 options = {
232 rootKeys = mkOption { type = attrsOf str; description = "Keys of root users"; };
233 ldap = mkOption {
234 description = ''
235 LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn
236 '';
237 type = submodule {
238 options = {
239 password = mkOption { description = "Password"; type = str; };
240 };
241 };
242 };
243 };
244 };
245 };
246 ports = mkOption {
247 description = ''
248 non-standard reserved ports. Must be unique!
249 '';
250 type = attrsOf port;
251 default = {};
252 apply = let
253 noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x));
254 in
255 x: if isAttrs x && noDupl x then x else throw "Non unique values for ports";
256 };
257 httpd = mkOption {
258 description = ''
259 httpd service credential information
260 '';
261 type = submodule {
262 options = {
263 ldap = mkOption {
264 description = ''
265 LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn
266 '';
267 type = submodule {
268 options = {
269 password = mkOption { description = "Password"; type = str; };
270 };
271 };
272 };
273 };
274 };
275 };
276 smtp = mkOption {
277 type = submodule { options = smtpOptions; };
278 description = "SMTP configuration";
279 };
280 ldap = mkOption {
281 description = ''
282 LDAP server configuration
283 '';
284 type = submodule {
285 options = ldapOptions;
286 };
287 };
288 databases = mkOption {
289 description = "Databases configuration";
290 type = submodule {
291 options = {
292 mysql = mkOption {
293 type = submodule { options = mysqlOptions; };
294 description = "Mysql configuration";
295 };
296 redis = mkOption {
297 type = submodule { options = redisOptions; };
298 description = "Redis configuration";
299 };
300 postgresql = mkOption {
301 type = submodule { options = psqlOptions; };
302 description = "Postgresql configuration";
303 };
304 };
305 };
306 };
307 jabber = mkOption {
308 description = "Jabber configuration";
309 type = submodule {
310 options = {
311 postfix_user_filter = mkOption { type = str; description = "Postfix filter to get xmpp users"; };
312 ldap = mkLdapOptions "Jabber" {};
313 postgresql = mkPsqlOptions "Jabber";
314 };
315 };
316 };
317 realUsers = mkOption {
318 description = ''
319 Attrset of function taking pkgs as argument.
320 Real users settings, should provide a subattr of users.users.<name>
321 with at least: name, (hashed)Password, shell
322 '';
323 type = attrsOf unspecified;
324 };
325 users = mkOption {
326 description = "System and regular users uid/gid";
327 type = attrsOf (submodule {
328 options = {
329 uid = mkOption {
330 description = "user uid";
331 type = int;
332 };
333 gid = mkOption {
334 description = "user gid";
335 type = int;
336 };
337 };
338 });
339 };
340 dns = mkOption {
341 description = "DNS configuration";
342 type = submodule {
343 options = {
344 soa = mkOption {
345 description = "SOA information";
346 type = submodule {
347 options = {
348 serial = mkOption {
349 description = "Serial number. Should be incremented at each change and unique";
350 type = str;
351 };
352 refresh = mkOption {
353 description = "Refresh time";
354 type = str;
355 };
356 retry = mkOption {
357 description = "Retry time";
358 type = str;
359 };
360 expire = mkOption {
361 description = "Expire time";
362 type = str;
363 };
364 ttl = mkOption {
365 description = "Default TTL time";
366 type = str;
367 };
368 email = mkOption {
369 description = "hostmaster e-mail";
370 type = str;
371 };
372 primary = mkOption {
373 description = "Primary NS";
374 type = str;
375 };
376 };
377 };
378 };
379 ns = mkOption {
380 description = "Attrs of NS servers group";
381 example = {
382 foo = {
383 "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ];
384 "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ];
385 };
386 };
387 type = attrsOf (attrsOf (listOf str));
388 };
389 keys = mkOption {
390 default = {};
391 description = "DNS keys";
392 type = attrsOf (submodule {
393 options = {
394 algorithm = mkOption { type = str; description = "Algorithm"; };
395 secret = mkOption { type = str; description = "Secret"; };
396 };
397 });
398 };
399 slaveZones = mkOption {
400 description = "List of slave zones";
401 type = listOf (submodule {
402 options = {
403 name = mkOption { type = str; description = "zone name"; };
404 masters = mkOption {
405 description = "NS master groups of this zone";
406 type = listOf str;
407 };
408 keys = mkOption {
409 default = [];
410 description = "Keys associated to the server";
411 type = listOf str;
412 };
413 };
414 });
415 };
416 masterZones = mkOption {
417 description = "List of master zones";
418 type = listOf (submodule {
419 options = {
420 name = mkOption { type = str; description = "zone name"; };
421 withCAA = mkOption { type = nullOr str; description = "CAA entry"; default = null; };
422 slaves = mkOption {
423 description = "NS slave groups of this zone";
424 type = listOf str;
425 };
426 ns = mkOption {
427 description = "groups names that should have their NS entries listed here";
428 type = listOf str;
429 };
430 extra = mkOption {
431 description = "Extra zone configuration for bind";
432 example = ''
433 notify yes;
434 '';
435 type = lines;
436 };
437 entries = mkOption { type = lines; description = "Regular entries of the NS zone"; };
438 withEmail = mkOption {
439 description = "List of domains that should have mail entries (MX, dkim, SPF, ...)";
440 default = [];
441 type = listOf (submodule {
442 options = {
443 domain = mkOption { type = str; description = "Which subdomain is concerned"; };
444 send = mkOption { type = bool; description = "Whether there can be e-mails originating from the subdomain"; };
445 receive = mkOption { type = bool; description = "Whether there can be e-mails arriving to the subdomain"; };
446 };
447 });
448 };
449 };
450 });
451 };
452 };
453 };
454 };
455 backup = mkOption {
456 description = ''
457 Remote backup with duplicity
458 '';
459 type = submodule {
460 options = {
461 password = mkOption { type = str; description = "Password for encrypting files"; };
462 remotes = mkOption {
463 type = attrsOf (submodule {
464 options = {
465 remote = mkOption {
466 type = unspecified;
467 example = literalExample ''
468 bucket: "s3://some_host/${bucket}";
469 '';
470 description = ''
471 Function.
472 Takes a bucket name as argument and returns a url
473 '';
474 };
475 accessKeyId = mkOption { type = str; description = "Remote access-key"; };
476 secretAccessKey = mkOption { type = str; description = "Remote access secret"; };
477 };
478 });
479 };
480 };
481 };
482 };
483 zrepl_backup = mkOption {
484 type = submodule {
485 options = {
486 ssh_key = mkOption {
487 description = "SSH key information";
488 type = submodule {
489 options = {
490 public = mkOption { type = str; description = "Public part of the key"; };
491 private = mkOption { type = lines; description = "Private part of the key"; };
492 };
493 };
494 };
495 mysql = mkMysqlOptions "Zrepl" {};
496 certs = mkOption {
497 description = "Certificates";
498 type = attrsOf (submodule {
499 options = {
500 key = mkOption { type = str; description = "Key"; };
501 certificate = mkOption { type = str; description = "Certificate"; };
502 };
503 });
504 };
505 };
506 };
507 };
508 rsync_backup = mkOption {
509 description =''
510 Rsync backup configuration from controlled host
511 '';
512 type = submodule {
513 options = {
514 ssh_key = mkOption {
515 description = "SSH key information";
516 type = submodule {
517 options = {
518 public = mkOption { type = str; description = "Public part of the key"; };
519 private = mkOption { type = lines; description = "Private part of the key"; };
520 };
521 };
522 };
523 profiles = mkOption {
524 description = "Attrs of profiles to backup";
525 type = attrsOf (submodule {
526 options = {
527 keep = mkOption { type = int; description = "Number of backups to keep"; };
528 check_command = mkOption { type = str; description = "command to check if backup needs to be done"; default = "backup"; };
529 login = mkOption { type = str; description = "Login to connect to host"; };
530 port = mkOption { type = str; default = "22"; description = "Port to connect to host"; };
531 host = mkOption { type = str; description = "Host to connect to"; };
532 host_key = mkOption { type = str; description = "Host key"; };
533 host_key_type = mkOption { type = str; description = "Host key type"; };
534 parts = mkOption {
535 description = "Parts to backup for this host";
536 type = attrsOf (submodule {
537 options = {
538 remote_folder = mkOption { type = path; description = "Remote folder to backup";};
539 exclude_from = mkOption {
540 type = listOf path;
541 default = [];
542 description = "List of folders/files to exclude from the backup";
543 };
544 files_from = mkOption {
545 type = listOf path;
546 default = [];
547 description = "List of folders/files to backup in the base folder";
548 };
549 args = mkOption {
550 type = nullOr str;
551 default = null;
552 description = "Extra arguments to pass to rsync";
553 };
554 };
555 });
556 };
557 };
558 });
559 };
560 };
561 };
562 };
563 monitoring = mkOption {
564 description = "Monitoring configuration";
565 type = submodule {
566 options = {
567 status_url = mkOption { type = str; description = "URL to push status to"; };
568 status_token = mkOption { type = str; description = "Token for the status url"; };
569 http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; };
570 email = mkOption { type = str; description = "Admin E-mail"; };
571 ssh_public_key = mkOption { type = str; description = "SSH public key"; };
572 ssh_secret_key = mkOption { type = str; description = "SSH secret key"; };
573 imap_login = mkOption { type = str; description = "IMAP login"; };
574 imap_password = mkOption { type = str; description = "IMAP password"; };
575 eriomem_keys = mkOption { type = listOf (listOf str); description = "Eriomem keys"; default = []; };
576 ovh_sms = mkOption {
577 description = "OVH credentials for sms script";
578 type = submodule {
579 options = {
580 endpoint = mkOption { type = str; default = "ovh-eu"; description = "OVH endpoint"; };
581 application_key = mkOption { type = str; description = "Application key"; };
582 application_secret = mkOption { type = str; description = "Application secret"; };
583 consumer_key = mkOption { type = str; description = "Consumer key"; };
584 account = mkOption { type = str; description = "Account"; };
585 };
586 };
587 };
588 nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; };
589 apprise_urls = mkOption { type = str; description = "Apprise space-separated urls to push status update"; };
590 netdata_aggregator = mkOption { type = str; description = "Url where netdata information should be sent"; };
591 netdata_keys = mkOption { type = attrsOf str; description = "netdata host keys"; };
592 contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; };
593 email_check = mkOption {
594 description = "Emails services to check";
595 type = attrsOf (submodule {
596 options = {
597 local = mkOption { type = bool; default = false; description = "Use local configuration"; };
598 port = mkOption { type = nullOr str; default = null; description = "Port to connect to ssh"; };
599 login = mkOption { type = nullOr str; default = null; description = "Login to connect to ssh"; };
600 targets = mkOption { type = listOf str; description = "Hosts to send E-mails to"; };
601 mail_address = mkOption { type = nullOr str; default = null; description = "E-mail recipient part to send e-mail to"; };
602 mail_domain = mkOption { type = nullOr str; default = null; description = "E-mail domain part to send e-mail to"; };
603 };
604 });
605 };
606 };
607 };
608 };
609 mpd = mkOption {
610 description = "MPD configuration";
611 type = submodule {
612 options = {
613 folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; };
614 password = mkOption { type = str; description = "Password to connect to the MPD instance"; };
615 host = mkOption { type = str; description = "Host to connect to the MPD instance"; };
616 port = mkOption { type = str; description = "Port to connect to the MPD instance"; };
617 };
618 };
619 };
620 ftp = mkOption {
621 description = "FTP configuration";
622 type = submodule {
623 options = {
624 ldap = mkLdapOptions "FTP" {
625 proftpd_filter = mkOption { type = str; description = "Filter for proftpd listing in LDAP"; };
626 pure-ftpd_filter = mkOption { type = str; description = "Filter for pure-ftpd listing in LDAP"; };
627 };
628 };
629 };
630 };
631 vpn = mkOption {
632 description = "VPN configuration";
633 type = attrsOf (submodule {
634 options = {
635 prefix = mkOption { type = str; description = "ipv6 prefix for the vpn subnet"; };
636 privateKey = mkOption { type = str; description = "Private key for the host"; };
637 publicKey = mkOption { type = str; description = "Public key for the host"; };
638 };
639 });
640 };
641 mail = mkOption {
642 description = "Mail configuration";
643 type = submodule {
644 options = {
645 dmarc = mkOption {
646 description = "DMARC configuration";
647 type = submodule {
648 options = {
649 ignore_hosts = mkOption {
650 type = lines;
651 description = ''
652 Hosts to ignore when checking for dmarc
653 '';
654 };
655 };
656 };
657 };
658 dkim = mkOption {
659 description = "DKIM configuration";
660 type = attrsOf (submodule {
661 options = {
662 public = mkOption {
663 type = str;
664 example = ''
665 ( "v=DKIM1; k=rsa; "
666 "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB" )
667 '';
668 description = "Public entry to put in DNS TXT field";
669 };
670 private = mkOption { type = str; description = "Private key"; };
671 };
672 });
673 };
674 postfix = mkOption {
675 description = "Postfix configuration";
676 type = submodule {
677 options = {
678 additional_mailbox_domains = mkOption {
679 description = ''
680 List of domains that are used as mailbox final destination, in addition to those defined in the DNS records
681 '';
682 type = listOf str;
683 };
684 mysql = mkMysqlOptions "Postfix" {
685 password_encrypt = mkOption { type = str; description = "Key to encrypt relay password in database"; };
686 };
687 backup_domains = mkOption {
688 description = ''
689 Domains that are accepted for relay as backup domain
690 '';
691 type = attrsOf (submodule {
692 options = {
693 domains = mkOption { type = listOf str; description = "Domains list"; };
694 relay_restrictions = mkOption {
695 type = lines;
696 description = ''
697 Restrictions for relaying the e-mails from the domains
698 '';
699 };
700 recipient_maps = mkOption {
701 description = ''
702 Recipient map to accept relay for.
703 Must be specified for domain, the rules apply to everyone!
704 '';
705 type = listOf (submodule {
706 options = {
707 type = mkOption {
708 type = enum [ "hash" ];
709 description = "Map type";
710 };
711 content = mkOption {
712 type = str;
713 description = "Map content";
714 };
715 };
716 });
717 };
718 };
719 });
720 };
721 };
722 };
723 };
724 dovecot = mkOption {
725 description = "Dovecot configuration";
726 type = submodule {
727 options = {
728 ldap = mkLdapOptions "Dovecot" {
729 pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; };
730 user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; };
731 iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; };
732 iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; };
733 postfix_mailbox_filter = mkOption { type = str; description = "Postfix filter to get mailboxes"; };
734 };
735 };
736 };
737 };
738 rspamd = mkOption {
739 description = "rspamd configuration";
740 type = submodule {
741 options = {
742 redis = mkRedisOptions "Redis";
743 read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; };
744 write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; };
745 read_password = mkOption {
746 type = str;
747 description = "Read password for rspamd. Unused";
748 apply = x: "";
749 };
750 write_password = mkOption {
751 type = str;
752 description = "Write password for rspamd. Unused";
753 apply = x: "";
754 };
755 };
756 };
757 };
758 scripts = mkOption {
759 description = "Mail script recipients";
760 type = attrsOf (submodule {
761 options = {
762 external = mkEnableOption "Create a script_<name>@mail.immae.eu external address";
763 src = mkOption {
764 description = ''
765 git source to fetch the script from.
766 It must have a default.nix file as its root accepting a scriptEnv parameter
767 '';
768 type = submodule {
769 options = {
770 url = mkOption { type = str; description = "git url to fetch"; };
771 rev = mkOption { type = str; description = "git reference to fetch"; };
772 };
773 };
774 };
775 env = mkOption {
776 description = "Variables to pass to the script";
777 type = unspecified;
778 };
779 };
780 });
781 };
782 sympa = mkOption {
783 description = "Sympa configuration";
784 type = submodule {
785 options = {
786 listmasters = mkOption {
787 type = listOf str;
788 description = "Listmasters";
789 };
790 postgresql = mkPsqlOptions "Sympa";
791 data_sources = mkOption {
792 type = attrsOf str;
793 default = {};
794 description = "Data sources to make available to sympa";
795 };
796 scenari = mkOption {
797 type = attrsOf str;
798 default = {};
799 description = "Scenari to make available to sympa";
800 };
801 };
802 };
803 };
804 };
805 };
806 };
807 coturn = mkOption {
808 description = "Coturn configuration";
809 type = submodule {
810 options = {
811 auth_access_key = mkOption { type = str; description = "key to access coturn"; };
812 };
813 };
814 };
815 buildbot = mkOption {
816 description = "Buildbot configuration";
817 type = submodule {
818 options = {
819 ssh_key = mkOption {
820 description = "SSH key information";
821 type = submodule {
822 options = {
823 public = mkOption { type = str; description = "Public part of the key"; };
824 private = mkOption { type = lines; description = "Private part of the key"; };
825 };
826 };
827 };
828 workerPassword = mkOption { description = "Buildbot worker password"; type = str; };
829 user = mkOption {
830 description = "Buildbot user";
831 type = submodule {
832 options = {
833 uid = mkOption {
834 description = "user uid";
835 type = int;
836 };
837 gid = mkOption {
838 description = "user gid";
839 type = int;
840 };
841 };
842 };
843 };
844 ldap = mkOption {
845 description = "Ldap configuration for buildbot";
846 type = submodule {
847 options = {
848 password = mkOption { type = str; description = "Buildbot password"; };
849 };
850 };
851 };
852 projects = mkOption {
853 description = "Projects to make a buildbot for";
854 type = attrsOf (submodule {
855 options = {
856 name = mkOption { type = str; description = "Project name"; };
857 packages = mkOption {
858 type = unspecified;
859 example = literalExample ''
860 pkgs: [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ];
861 '';
862 description = ''
863 Function.
864 Builds packages list to make available to buildbot project.
865 Takes pkgs as argument.
866 '';
867 };
868 pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; };
869 workerPort = mkOption { type = port; description = "Port for the worker"; };
870 secrets = mkOption {
871 #type = attrsOf (either str (functionTo str));
872 type = attrsOf unspecified;
873 description = "Secrets for the project to dump as files. Might be a function that takes pkgs as argument";
874 };
875 environment = mkOption {
876 #type = attrsOf (either str (functionTo str));
877 type = attrsOf unspecified;
878 description = ''
879 Environment variables for the project. Might be a function that takes pkgs as argument.
880 BUILDBOT_ is prefixed to the variable names
881 '';
882 };
883 activationScript = mkOption {
884 type = lines;
885 description = ''
886 Activation script to run during deployment
887 '';
888 };
889 webhookTokens = mkOption {
890 type = nullOr (listOf str);
891 default = null;
892 description = ''
893 List of tokens allowed to push to project’s change_hook/base endpoint
894 '';
895 };
896 };
897 });
898 };
899 };
900 };
901 };
902 tools = mkOption {
903 description = "Tools configurations";
904 type = submodule {
905 options = {
906 contact = mkOption { type = str; description = "Contact e-mail address"; };
907 assets = mkOption {
908 default = {};
909 type = attrsOf (submodule {
910 options = {
911 url = mkOption { type = str; description = "URL to fetch"; };
912 sha256 = mkOption { type = str; description = "Hash of the url"; };
913 };
914 });
915 description = "Assets to provide on assets.immae.eu";
916 };
917 davical = mkOption {
918 description = "Davical configuration";
919 type = submodule {
920 options = {
921 postgresql = mkPsqlOptions "Davical";
922 ldap = mkLdapOptions "Davical" {};
923 };
924 };
925 };
926 diaspora = mkOption {
927 description = "Diaspora configuration";
928 type = submodule {
929 options = {
930 postgresql = mkPsqlOptions "Diaspora";
931 redis = mkRedisOptions "Diaspora";
932 ldap = mkLdapOptions "Diaspora" {};
933 secret_token = mkOption { type = str; description = "Secret token"; };
934 };
935 };
936 };
937 dmarc_reports = mkOption {
938 description = "DMARC reports configuration";
939 type = submodule {
940 options = {
941 mysql = mkMysqlOptions "DMARC" {};
942 anonymous_key = mkOption { type = str; description = "Anonymous hashing key"; };
943 };
944 };
945 };
946 etherpad-lite = mkOption {
947 description = "Etherpad configuration";
948 type = submodule {
949 options = {
950 postgresql = mkPsqlOptions "Etherpad";
951 ldap = mkLdapOptions "Etherpad" {
952 group_filter = mkOption { type = str; description = "Filter for groups"; };
953 };
954 adminPassword = mkOption { type = str; description = "Admin password for mypads / admin"; };
955 session_key = mkOption { type = str; description = "Session key"; };
956 api_key = mkOption { type = str; description = "API key"; };
957 };
958 };
959 };
960 gitolite = mkOption {
961 description = "Gitolite configuration";
962 type = submodule {
963 options = {
964 ldap = mkLdapOptions "Gitolite" {};
965 ssh_key = mkOption {
966 description = "SSH key information";
967 type = submodule {
968 options = {
969 public = mkOption { type = str; description = "Public part of the key"; };
970 private = mkOption { type = lines; description = "Private part of the key"; };
971 };
972 };
973 };
974 };
975 };
976 };
977 kanboard = mkOption {
978 description = "Kanboard configuration";
979 type = submodule {
980 options = {
981 postgresql = mkPsqlOptions "Kanboard";
982 ldap = mkLdapOptions "Kanboard" {
983 admin_dn = mkOption { type = str; description = "Admin DN"; };
984 };
985 };
986 };
987 };
988 mantisbt = mkOption {
989 description = "Mantisbt configuration";
990 type = submodule {
991 options = {
992 postgresql = mkPsqlOptions "Mantisbt";
993 ldap = mkLdapOptions "Mantisbt" {};
994 master_salt = mkOption { type = str; description = "Master salt for password hash"; };
995 };
996 };
997 };
998 mastodon = mkOption {
999 description = "Mastodon configuration";
1000 type = submodule {
1001 options = {
1002 postgresql = mkPsqlOptions "Mastodon";
1003 redis = mkRedisOptions "Mastodon";
1004 ldap = mkLdapOptions "Mastodon" {};
1005 paperclip_secret = mkOption { type = str; description = "Paperclip secret"; };
1006 otp_secret = mkOption { type = str; description = "OTP secret"; };
1007 secret_key_base = mkOption { type = str; description = "Secret key base"; };
1008 vapid = mkOption {
1009 description = "vapid key";
1010 type = submodule {
1011 options = {
1012 private = mkOption { type = str; description = "Private key"; };
1013 public = mkOption { type = str; description = "Public key"; };
1014 };
1015 };
1016 };
1017 };
1018 };
1019 };
1020 mediagoblin = mkOption {
1021 description = "Mediagoblin configuration";
1022 type = submodule {
1023 options = {
1024 postgresql = mkPsqlOptions "Mediagoblin";
1025 redis = mkRedisOptions "Mediagoblin";
1026 ldap = mkLdapOptions "Mediagoblin" {};
1027 };
1028 };
1029 };
1030 nextcloud = mkOption {
1031 description = "Nextcloud configuration";
1032 type = submodule {
1033 options = {
1034 postgresql = mkPsqlOptions "Peertube";
1035 redis = mkRedisOptions "Peertube";
1036 password_salt = mkOption { type = str; description = "Password salt"; };
1037 instance_id = mkOption { type = str; description = "Instance ID"; };
1038 secret = mkOption { type = str; description = "App secret"; };
1039 };
1040 };
1041 };
1042 peertube = mkOption {
1043 description = "Peertube configuration";
1044 type = submodule {
1045 options = {
1046 listenPort = mkOption { type = port; description = "Port to listen to"; };
1047 postgresql = mkPsqlOptions "Peertube";
1048 redis = mkRedisOptions "Peertube";
1049 ldap = mkLdapOptions "Peertube" {};
1050 };
1051 };
1052 };
1053 syden_peertube = mkOption {
1054 description = "Peertube Syden configuration";
1055 type = submodule {
1056 options = {
1057 listenPort = mkOption { type = port; description = "Port to listen to"; };
1058 postgresql = mkPsqlOptions "Peertube";
1059 redis = mkRedisOptions "Peertube";
1060 };
1061 };
1062 };
1063 phpldapadmin = mkOption {
1064 description = "phpLdapAdmin configuration";
1065 type = submodule {
1066 options = {
1067 ldap = mkLdapOptions "phpldapadmin" {};
1068 };
1069 };
1070 };
1071 rompr = mkOption {
1072 description = "Rompr configuration";
1073 type = submodule {
1074 options = {
1075 mpd = mkOption {
1076 description = "MPD configuration";
1077 type = submodule {
1078 options = {
1079 host = mkOption { type = str; description = "Host for MPD"; };
1080 port = mkOption { type = port; description = "Port to access MPD host"; };
1081 };
1082 };
1083 };
1084 };
1085 };
1086 };
1087 roundcubemail = mkOption {
1088 description = "Roundcubemail configuration";
1089 type = submodule {
1090 options = {
1091 postgresql = mkPsqlOptions "TT-RSS";
1092 secret = mkOption { type = str; description = "Secret"; };
1093 };
1094 };
1095 };
1096 shaarli = mkOption {
1097 description = "Shaarli configuration";
1098 type = submodule {
1099 options = {
1100 ldap = mkLdapOptions "Shaarli" {};
1101 };
1102 };
1103 };
1104 status_engine = mkOption {
1105 description = "Status Engine configuration";
1106 type = submodule {
1107 options = {
1108 mysql = mkMysqlOptions "StatusEngine" {};
1109 ldap = mkLdapOptions "StatusEngine" {};
1110 };
1111 };
1112 };
1113 task = mkOption {
1114 description = "Taskwarrior configuration";
1115 type = submodule {
1116 options = {
1117 ldap = mkLdapOptions "Taskwarrior" {};
1118 taskwarrior-web = mkOption {
1119 description = "taskwarrior-web profiles";
1120 type = attrsOf (submodule {
1121 options = {
1122 uid = mkOption {
1123 type = listOf str;
1124 description = "List of ldap uids having access to this profile";
1125 };
1126 org = mkOption { type = str; description = "Taskd organisation"; };
1127 key = mkOption { type = str; description = "Taskd key"; };
1128 date = mkOption { type = str; description = "Preferred date format"; };
1129 };
1130 });
1131 };
1132 };
1133 };
1134 };
1135 ttrss = mkOption {
1136 description = "TT-RSS configuration";
1137 type = submodule {
1138 options = {
1139 postgresql = mkPsqlOptions "TT-RSS";
1140 ldap = mkLdapOptions "TT-RSS" {};
1141 };
1142 };
1143 };
1144 wallabag = mkOption {
1145 description = "Wallabag configuration";
1146 type = submodule {
1147 options = {
1148 postgresql = mkPsqlOptions "Wallabag";
1149 ldap = mkLdapOptions "Wallabag" {
1150 admin_filter = mkOption { type = str; description = "Admin users filter"; };
1151 };
1152 redis = mkRedisOptions "Wallabag";
1153 secret = mkOption { type = str; description = "App secret"; };
1154 };
1155 };
1156 };
1157 webhooks = mkOption {
1158 type = attrsOf str;
1159 description = "Mapping 'name'.php => script for webhooks";
1160 };
1161 csp_reports = mkOption {
1162 description = "CSP report configuration";
1163 type = submodule {
1164 options = {
1165 report_uri = mkOption { type = str; description = "URI to report CSP violations to"; };
1166 policies = mkOption { type = attrsOf str; description = "CSP policies to apply"; };
1167 };
1168 };
1169 };
1170 commento = mkOption {
1171 description = "Commento configuration";
1172 type = submodule {
1173 options = {
1174 listenPort = mkOption { type = port; description = "Port to listen to"; };
1175 postgresql = mkPsqlOptions "Commento";
1176 smtp = mkSmtpOptions "Commento";
1177 };
1178 };
1179 };
1180 cryptpad = mkOption {
1181 description = "Cryptpad configuration";
1182 type = attrsOf (submodule {
1183 options = {
1184 email = mkOption { type = str; description = "Admin e-mail"; };
1185 admins = mkOption { type = listOf str; description = "Instance admin public keys"; };
1186 port = mkOption { type = port; description = "Port to listen to"; };
1187 };
1188 });
1189 };
1190 ympd = mkOption {
1191 description = "Ympd configuration";
1192 type = submodule {
1193 options = {
1194 listenPort = mkOption { type = port; description = "Port to listen to"; };
1195 mpd = mkOption {
1196 description = "MPD configuration";
1197 type = submodule {
1198 options = {
1199 password = mkOption { type = str; description = "Password to access MPD host"; };
1200 host = mkOption { type = str; description = "Host for MPD"; };
1201 port = mkOption { type = port; description = "Port to access MPD host"; };
1202 };
1203 };
1204 };
1205 };
1206 };
1207 };
1208 umami = mkOption {
1209 description = "Umami configuration";
1210 type = submodule {
1211 options = {
1212 listenPort = mkOption { type = port; description = "Port to listen to"; };
1213 postgresql = mkPsqlOptions "Umami";
1214 hashSalt = mkOption { type = str; description = "Hash salt"; };
1215 };
1216 };
1217 };
1218 yourls = mkOption {
1219 description = "Yourls configuration";
1220 type = submodule {
1221 options = {
1222 mysql = mkMysqlOptions "Yourls" {};
1223 ldap = mkLdapOptions "Yourls" {};
1224 cookieKey = mkOption { type = str; description = "Cookie key"; };
1225 };
1226 };
1227 };
1228 };
1229 };
1230 };
1231 serverSpecific = mkOption { type = attrsOf unspecified; description = "Server specific configuration"; };
1232 websites = mkOption {
1233 description = "Websites configurations";
1234 type = submodule {
1235 options = {
1236 christophe_carpentier = mkOption {
1237 description = "Christophe Carpentier configuration by environment";
1238 type = submodule {
1239 options = {
1240 agorakit = mkOption {
1241 description = "Agorakit configuration";
1242 type = submodule {
1243 options = {
1244 mysql = mkMysqlOptions "Agorakit" {};
1245 smtp = mkSmtpOptions "Agorakit";
1246 appkey = mkOption { type = str; description = "App key"; };
1247 };
1248 };
1249 };
1250 };
1251 };
1252 };
1253 immae = mkOption {
1254 description = "Immae configuration by environment";
1255 type = submodule {
1256 options = {
1257 temp = mkOption {
1258 description = "Temp configuration";
1259 type = submodule {
1260 options = {
1261 ldap = mkLdapOptions "Immae temp" {
1262 filter = mkOption { type = str; description = "Filter for user access"; };
1263 };
1264 };
1265 };
1266 };
1267 };
1268 };
1269 };
1270 isabelle = mkOption {
1271 description = "Isabelle configurations by environment";
1272 type =
1273 let
1274 atenSubmodule = mkOption {
1275 description = "environment configuration";
1276 type = submodule {
1277 options = {
1278 environment = mkOption { type = str; description = "Symfony environment"; };
1279 secret = mkOption { type = str; description = "Symfony App secret"; };
1280 postgresql = mkPsqlOptions "Aten";
1281 };
1282 };
1283 };
1284 in
1285 submodule {
1286 options = {
1287 aten_production = atenSubmodule;
1288 aten_integration = atenSubmodule;
1289 iridologie = mkOption {
1290 description = "environment configuration";
1291 type = submodule {
1292 options = {
1293 environment = mkOption { type = str; description = "SPIP environment"; };
1294 mysql = mkMysqlOptions "Iridologie" {};
1295 ldap = mkLdapOptions "Iridologie" {};
1296 };
1297 };
1298 };
1299 };
1300 };
1301 };
1302 chloe = mkOption {
1303 description = "Chloe configurations by environment";
1304 type =
1305 let
1306 chloeSubmodule = mkOption {
1307 description = "environment configuration";
1308 type = submodule {
1309 options = {
1310 environment = mkOption { type = str; description = "SPIP environment"; };
1311 mysql = mkMysqlOptions "Chloe" {};
1312 ldap = mkLdapOptions "Chloe" {};
1313 };
1314 };
1315 };
1316 in
1317 submodule {
1318 options = {
1319 production = chloeSubmodule;
1320 integration = chloeSubmodule;
1321 new = mkOption {
1322 description = "environment configuration";
1323 type = submodule {
1324 options = {
1325 mysql = mkMysqlOptions "ChloeNew" {};
1326 ldap = mkLdapOptions "ChloeNew" {};
1327 secret = mkOption { type = str; description = "Symfony App secret"; };
1328 };
1329 };
1330 };
1331 };
1332 };
1333 };
1334 connexionswing = mkOption {
1335 description = "Connexionswing configurations by environment";
1336 type =
1337 let
1338 csSubmodule = mkOption {
1339 description = "environment configuration";
1340 type = submodule {
1341 options = {
1342 environment = mkOption { type = str; description = "Symfony environment"; };
1343 mysql = mkMysqlOptions "Connexionswing" {};
1344 secret = mkOption { type = str; description = "Symfony App secret"; };
1345 email = mkOption { type = str; description = "Symfony email notification"; };
1346 };
1347 };
1348 };
1349 in
1350 submodule {
1351 options = {
1352 production = csSubmodule;
1353 integration = csSubmodule;
1354 };
1355 };
1356 };
1357 jerome = mkOption {
1358 description = "Naturaloutil configuration";
1359 type = submodule {
1360 options = {
1361 mysql = mkMysqlOptions "Naturaloutil" {};
1362 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1363 };
1364 };
1365 };
1366 telio_tortay = mkOption {
1367 description = "Telio Tortay configuration";
1368 type = submodule {
1369 options = {
1370 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1371 };
1372 };
1373 };
1374 ludivine = mkOption {
1375 description = "Ludivinecassal configurations by environment";
1376 type =
1377 let
1378 lcSubmodule = mkOption {
1379 description = "environment configuration";
1380 type = submodule {
1381 options = {
1382 environment = mkOption { type = str; description = "Symfony environment"; };
1383 mysql = mkMysqlOptions "LudivineCassal" {};
1384 ldap = mkLdapOptions "LudivineCassal" {};
1385 secret = mkOption { type = str; description = "Symfony App secret"; };
1386 };
1387 };
1388 };
1389 in
1390 submodule {
1391 options = {
1392 production = lcSubmodule;
1393 integration = lcSubmodule;
1394 };
1395 };
1396 };
1397 nicecoop = mkOption {
1398 description = "Nicecoop configuration";
1399 type = submodule {
1400 options = {
1401 odoo = {
1402 port = mkOption { description = "Port to listen to"; type = port; };
1403 longpoll_port = mkOption { description = "Port to listen to"; type = port; };
1404 postgresql = mkPsqlOptions "Odoo";
1405 admin_password = mkOption { type = str; description = "Admin password"; };
1406 };
1407 gestion-compte = {
1408 smtp = mkSmtpOptions "GestionCompte";
1409 mysql = mkMysqlOptions "gestion-compte" {};
1410 secret = mkOption { type = str; description = "Application secret"; };
1411 adminpassword = mkOption { type = str; description = "Admin password"; };
1412 };
1413 gestion-compte-integration = {
1414 smtp = mkSmtpOptions "GestionCompte";
1415 mysql = mkMysqlOptions "gestion-compte" {};
1416 secret = mkOption { type = str; description = "Application secret"; };
1417 adminpassword = mkOption { type = str; description = "Admin password"; };
1418 };
1419 copanier = {
1420 smtp = mkSmtpOptions "Copanier";
1421 staff = mkOption { type = listOf str; description = "List of staff members"; };
1422 };
1423 };
1424 };
1425 };
1426 emilia = mkOption {
1427 description = "Emilia configuration";
1428 type = submodule {
1429 options = {
1430 postgresql = mkPsqlOptions "Emilia";
1431 };
1432 };
1433 };
1434 florian = mkOption {
1435 description = "Florian configuration";
1436 type = submodule {
1437 options = {
1438 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1439 };
1440 };
1441 };
1442 nassime = mkOption {
1443 description = "Nassime configuration";
1444 type = submodule {
1445 options = {
1446 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1447 };
1448 };
1449 };
1450 piedsjaloux = mkOption {
1451 description = "Piedsjaloux configurations by environment";
1452 type =
1453 let
1454 pjSubmodule = mkOption {
1455 description = "environment configuration";
1456 type = submodule {
1457 options = {
1458 environment = mkOption { type = str; description = "Symfony environment"; };
1459 mysql = mkMysqlOptions "Piedsjaloux" {};
1460 secret = mkOption { type = str; description = "Symfony App secret"; };
1461 };
1462 };
1463 };
1464 in
1465 submodule {
1466 options = {
1467 production = pjSubmodule;
1468 integration = pjSubmodule;
1469 };
1470 };
1471 };
1472 richie = mkOption {
1473 description = "Europe Richie configurations by environment";
1474 type = submodule {
1475 options = {
1476 mysql = mkMysqlOptions "Richie" {};
1477 smtp_mailer = mkOption {
1478 description = "SMTP mailer configuration";
1479 type = submodule {
1480 options = {
1481 user = mkOption { type = str; description = "Username"; };
1482 password = mkOption { type = str; description = "Password"; };
1483 };
1484 };
1485 };
1486 };
1487 };
1488 };
1489 caldance = mkOption {
1490 description = "Caldance configurations by environment";
1491 type = submodule {
1492 options = {
1493 integration = mkOption {
1494 description = "environment configuration";
1495 type = submodule {
1496 options = {
1497 password = mkOption { type = str; description = "Password file content for basic auth"; };
1498 };
1499 };
1500 };
1501 };
1502 };
1503 };
1504 tellesflorian = mkOption {
1505 description = "Tellesflorian configurations by environment";
1506 type =
1507 let
1508 tfSubmodule = mkOption {
1509 description = "environment configuration";
1510 type = submodule {
1511 options = {
1512 environment = mkOption { type = str; description = "Symfony environment"; };
1513 mysql = mkMysqlOptions "Tellesflorian" {};
1514 secret = mkOption { type = str; description = "Symfony App secret"; };
1515 invite_passwords = mkOption { type = str; description = "Password basic auth"; };
1516 };
1517 };
1518 };
1519 in
1520 submodule {
1521 options = {
1522 integration = tfSubmodule;
1523 };
1524 };
1525 };
1526 };
1527 };
1528 };
1529 };
1530 options.hostEnv = mkOption {
1531 readOnly = true;
1532 type = hostEnv;
1533 default = config.myEnv.servers."${name}";
1534 description = "Host environment";
1535 };
1536 }
My infrastructure configuration