1 { config, lib, name, ... }:
7 base = mkOption { description = "Base of the LDAP tree"; type = str; };
8 host = mkOption { description = "Host to access LDAP"; type = str; };
9 root_dn = mkOption { description = "DN of the root user"; type = str; };
10 root_pw = mkOption { description = "Hashed password of the root user"; type = str; };
11 replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; };
12 replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; };
14 mkLdapOptions = name: more: mkOption {
15 description = "${name} LDAP configuration";
17 options = ldapOptions // {
18 dn = mkOption { description = "DN of the ${name} user"; type = str; };
19 password = mkOption { description = "password of the ${name} user"; type = str; };
20 filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; };
25 host = mkOption { description = "Host to access Mysql"; type = str; };
26 remoteHost = mkOption { description = "Host to access Mysql from outside"; type = str; };
27 port = mkOption { description = "Port to access Mysql"; type = str; };
28 socket = mkOption { description = "Socket to access Mysql"; type = path; };
29 systemUsers = mkOption {
30 description = "Attrs of user-passwords allowed to access mysql";
34 description = "PAM configuration for mysql";
37 dn = mkOption { description = "DN to connect as to check users"; type = str; };
38 password = mkOption { description = "DN password to connect as to check users"; type = str; };
39 filter = mkOption { description = "filter to match users"; type = str; };
44 mkMysqlOptions = name: more: mkOption {
45 description = "${name} mysql configuration";
47 options = mysqlOptions // {
48 database = mkOption { description = "${name} database"; type = str; };
49 user = mkOption { description = "${name} user"; type = str; };
50 password = mkOption { description = "mysql password of the ${name} user"; type = str; };
55 host = mkOption { description = "Host to access Postgresql"; type = str; };
56 port = mkOption { description = "Port to access Postgresql"; type = str; };
57 socket = mkOption { description = "Socket to access Postgresql"; type = path; };
59 description = "PAM configuration for psql";
62 dn = mkOption { description = "DN to connect as to check users"; type = str; };
63 password = mkOption { description = "DN password to connect as to check users"; type = str; };
64 filter = mkOption { description = "filter to match users"; type = str; };
69 mkPsqlOptions = name: mkOption {
70 description = "${name} psql configuration";
72 options = psqlOptions // {
73 database = mkOption { description = "${name} database"; type = str; };
74 schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; };
75 user = mkOption { description = "${name} user"; type = str; };
76 password = mkOption { description = "psql password of the ${name} user"; type = str; };
81 host = mkOption { description = "Host to access Redis"; type = str; };
82 port = mkOption { description = "Port to access Redis"; type = str; };
83 socket = mkOption { description = "Socket to access Redis"; type = path; };
85 description = "Attrs of db number. Each number should be unique to avoid collision!";
88 spiped_key = mkOption {
91 Key to use with spiped to make a secure channel to replication
95 description = "Predixy configuration. Unused yet";
98 read = mkOption { type = str; description = "Read password"; };
103 mkRedisOptions = name: mkOption {
104 description = "${name} redis configuration";
106 options = redisOptions // {
107 db = mkOption { description = "${name} database"; type = str; };
111 hostEnv = submodule {
114 description = "Host FQDN";
119 description = "List of e-mails that the server can be a sender of";
124 LDAP credentials for the host
128 password = mkOption { type = string; description = "Password for the LDAP connection"; };
129 dn = mkOption { type = string; description = "DN for the LDAP connection"; };
134 description = "subdomain and priority for MX server";
135 default = { enable = false; };
138 enable = mkEnableOption "Enable MX";
139 subdomain = mkOption { type = nullOr str; description = "Subdomain name (mx-*)"; };
140 priority = mkOption { type = nullOr str; description = "Priority"; };
146 attrs of ip4/ip6 grouped by section
148 type = attrsOf (submodule {
153 ip4 address of the host
157 type = listOf string;
160 ip6 addresses of the host
173 Attrs of servers information in the cluster (not necessarily handled by nixops)
176 type = attrsOf hostEnv;
178 hetznerCloud = mkOption {
180 Hetzner Cloud credential information
184 authToken = mkOption {
195 Hetzner credential information
199 user = mkOption { type = str; description = "User"; };
200 pass = mkOption { type = str; description = "Password"; };
206 sshd service credential information
212 LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn
216 password = mkOption { description = "Password"; type = str; };
225 non-standard reserved ports. Must be unique!
230 noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x));
232 x: if isAttrs x && noDupl x then x else throw "Non unique values for ports";
236 httpd service credential information
242 LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn
246 password = mkOption { description = "Password"; type = str; };
255 LDAP server configuration
258 options = ldapOptions;
261 databases = mkOption {
262 description = "Databases configuration";
266 type = submodule { options = mysqlOptions; };
267 description = "Mysql configuration";
270 type = submodule { options = redisOptions; };
271 description = "Redis configuration";
273 postgresql = mkOption {
274 type = submodule { options = psqlOptions; };
275 description = "Postgresql configuration";
281 description = "Jabber configuration";
284 postfix_user_filter = mkOption { type = str; description = "Postfix filter to get xmpp users"; };
285 ldap = mkLdapOptions "Jabber" {};
286 postgresql = mkPsqlOptions "Jabber";
291 description = "System and regular users uid/gid";
292 type = attrsOf (submodule {
295 description = "user uid";
299 description = "user gid";
306 description = "DNS configuration";
310 description = "SOA information";
314 description = "Serial number. Should be incremented at each change and unique";
318 description = "Refresh time";
322 description = "Retry time";
326 description = "Expire time";
330 description = "Default TTL time";
334 description = "hostmaster e-mail";
338 description = "Primary NS";
345 description = "Attrs of NS servers group";
348 "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ];
349 "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ];
352 type = attrsOf (attrsOf (listOf str));
354 slaveZones = mkOption {
355 description = "List of slave zones";
356 type = listOf (submodule {
358 name = mkOption { type = str; description = "zone name"; };
360 description = "NS master groups of this zone";
366 masterZones = mkOption {
367 description = "List of master zones";
368 type = listOf (submodule {
370 name = mkOption { type = str; description = "zone name"; };
372 description = "NS slave groups of this zone";
376 description = "groups names that should have their NS entries listed here";
380 description = "Extra zone configuration for bind";
386 entries = mkOption { type = lines; description = "Regular entries of the NS zone"; };
387 withEmail = mkOption {
388 description = "List of domains that should have mail entries (MX, dkim, SPF, ...)";
390 type = listOf (submodule {
392 domain = mkOption { type = str; description = "Which subdomain is concerned"; };
393 send = mkOption { type = bool; description = "Whether there can be e-mails originating from the subdomain"; };
394 receive = mkOption { type = bool; description = "Whether there can be e-mails arriving to the subdomain"; };
406 Remote backup with duplicity
410 password = mkOption { type = str; description = "Password for encrypting files"; };
411 remote = mkOption { type = str; description = "Remote url access"; };
412 accessKeyId = mkOption { type = str; description = "Remote access-key"; };
413 secretAccessKey = mkOption { type = str; description = "Remote access secret"; };
417 rsync_backup = mkOption {
419 Rsync backup configuration from controlled host
424 description = "SSH key information";
427 public = mkOption { type = str; description = "Public part of the key"; };
428 private = mkOption { type = lines; description = "Private part of the key"; };
432 profiles = mkOption {
433 description = "Attrs of profiles to backup";
434 type = attrsOf (submodule {
436 keep = mkOption { type = int; description = "Number of backups to keep"; };
437 login = mkOption { type = str; description = "Login to connect to host"; };
438 port = mkOption { type = str; default = "22"; description = "Port to connect to host"; };
439 host = mkOption { type = str; description = "Host to connect to"; };
440 host_key = mkOption { type = str; description = "Host key"; };
441 host_key_type = mkOption { type = str; description = "Host key type"; };
443 description = "Parts to backup for this host";
444 type = attrsOf (submodule {
446 remote_folder = mkOption { type = path; description = "Remote folder to backup";};
447 exclude_from = mkOption {
450 description = "List of folders/files to exclude from the backup";
452 files_from = mkOption {
455 description = "List of folders/files to backup in the base folder";
460 description = "Extra arguments to pass to rsync";
471 monitoring = mkOption {
472 description = "Monitoring configuration";
475 status_url = mkOption { type = str; description = "URL to push status to"; };
476 status_token = mkOption { type = str; description = "Token for the status url"; };
477 http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; };
478 email = mkOption { type = str; description = "Admin E-mail"; };
479 ssh_public_key = mkOption { type = str; description = "SSH public key"; };
480 ssh_secret_key = mkOption { type = str; description = "SSH secret key"; };
481 imap_login = mkOption { type = str; description = "IMAP login"; };
482 imap_password = mkOption { type = str; description = "IMAP password"; };
483 eriomem_keys = mkOption { type = listOf (listOf str); description = "Eriomem keys"; default = []; };
484 nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; };
485 slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; };
486 slack_channel = mkOption { type = str; description = "Slack channel to push status update"; };
487 contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; };
488 email_check = mkOption {
489 description = "Emails services to check";
490 type = attrsOf (submodule {
492 local = mkOption { type = bool; default = false; description = "Use local configuration"; };
493 port = mkOption { type = nullOr str; default = null; description = "Port to connect to ssh"; };
494 login = mkOption { type = nullOr str; default = null; description = "Login to connect to ssh"; };
495 targets = mkOption { type = listOf str; description = "Hosts to send E-mails to"; };
496 mail_address = mkOption { type = nullOr str; default = null; description = "E-mail recipient part to send e-mail to"; };
497 mail_domain = mkOption { type = nullOr str; default = null; description = "E-mail domain part to send e-mail to"; };
505 description = "MPD configuration";
508 folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; };
509 password = mkOption { type = str; description = "Password to connect to the MPD instance"; };
510 host = mkOption { type = str; description = "Host to connect to the MPD instance"; };
511 port = mkOption { type = str; description = "Port to connect to the MPD instance"; };
516 description = "FTP configuration";
519 ldap = mkLdapOptions "FTP" {};
524 description = "Mail configuration";
528 description = "DMARC configuration";
531 ignore_hosts = mkOption {
534 Hosts to ignore when checking for dmarc
541 description = "DKIM configuration";
542 type = attrsOf (submodule {
548 "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB" )
550 description = "Public entry to put in DNS TXT field";
552 private = mkOption { type = str; description = "Private key"; };
557 description = "Postfix configuration";
560 additional_mailbox_domains = mkOption {
562 List of domains that are used as mailbox final destination, in addition to those defined in the DNS records
566 mysql = mkMysqlOptions "Postfix" {
567 password_encrypt = mkOption { type = str; description = "Key to encrypt relay password in database"; };
569 backup_domains = mkOption {
571 Domains that are accepted for relay as backup domain
573 type = attrsOf (submodule {
575 domains = mkOption { type = listOf str; description = "Domains list"; };
576 relay_restrictions = mkOption {
579 Restrictions for relaying the e-mails from the domains
582 recipient_maps = mkOption {
584 Recipient map to accept relay for.
585 Must be specified for domain, the rules apply to everyone!
587 type = listOf (submodule {
590 type = enum [ "hash" ];
591 description = "Map type";
595 description = "Map content";
607 description = "Dovecot configuration";
610 ldap = mkLdapOptions "Dovecot" {
611 pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; };
612 user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; };
613 iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; };
614 iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; };
620 description = "rspamd configuration";
623 redis = mkRedisOptions "Redis";
624 read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; };
625 write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; };
626 read_password = mkOption {
628 description = "Read password for rspamd. Unused";
631 write_password = mkOption {
633 description = "Write password for rspamd. Unused";
640 description = "Mail script recipients";
641 type = attrsOf (submodule {
643 external = mkEnableOption "Create a script_<name>@mail.immae.eu external address";
646 git source to fetch the script from.
647 It must have a default.nix file as its root accepting a scriptEnv parameter
651 url = mkOption { type = str; description = "git url to fetch"; };
652 rev = mkOption { type = str; description = "git reference to fetch"; };
657 description = "Variables to pass to the script";
666 buildbot = mkOption {
667 description = "Buildbot configuration";
671 description = "Buildbot user";
675 description = "user uid";
679 description = "user gid";
686 description = "Ldap configuration for buildbot";
689 password = mkOption { type = str; description = "Buildbot password"; };
693 projects = mkOption {
694 description = "Projects to make a buildbot for";
695 type = attrsOf (submodule {
697 name = mkOption { type = str; description = "Project name"; };
698 packages = mkOption {
700 example = literalExample ''
701 pkgs: [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ];
705 Builds packages list to make available to buildbot project.
706 Takes pkgs as argument.
709 pythonPackages = mkOption {
711 example = literalExample ''
712 p: pkgs: [ pkgs.python3Packages.pip ];
716 Builds python packages list to make available to buildbot project.
717 Takes buildbot python module as first argument and pkgs as second argument in order to augment the python modules list.
720 pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; };
723 description = "Secrets for the project to dump as files";
725 environment = mkOption {
728 Environment variables for the project.
729 BUILDBOT_ is prefixed to the variable names
732 activationScript = mkOption {
735 Activation script to run during deployment
738 builderPaths = mkOption {
739 type = attrsOf unspecified;
742 Attrs of functions to make accessible specifically per builder.
743 Takes pkgs as argument and should return a single path containing binaries.
744 This path will be accessible as BUILDBOT_PATH_<attrskey>
747 webhookTokens = mkOption {
748 type = nullOr (listOf str);
751 List of tokens allowed to push to project’s change_hook/base endpoint
761 description = "Tools configurations";
765 description = "Davical configuration";
768 postgresql = mkPsqlOptions "Davical";
769 ldap = mkLdapOptions "Davical" {};
773 diaspora = mkOption {
774 description = "Diaspora configuration";
777 postgresql = mkPsqlOptions "Diaspora";
778 redis = mkRedisOptions "Diaspora";
779 ldap = mkLdapOptions "Diaspora" {};
780 secret_token = mkOption { type = str; description = "Secret token"; };
784 etherpad-lite = mkOption {
785 description = "Etherpad configuration";
788 postgresql = mkPsqlOptions "Etherpad";
789 ldap = mkLdapOptions "Etherpad" {
790 group_filter = mkOption { type = str; description = "Filter for groups"; };
792 session_key = mkOption { type = str; description = "Session key"; };
793 api_key = mkOption { type = str; description = "API key"; };
794 redirects = mkOption { type = str; description = "Redirects for apache"; };
798 gitolite = mkOption {
799 description = "Gitolite configuration";
802 ldap = mkLdapOptions "Gitolite" {};
806 kanboard = mkOption {
807 description = "Kanboard configuration";
810 postgresql = mkPsqlOptions "Kanboard";
811 ldap = mkLdapOptions "Kanboard" {
812 admin_dn = mkOption { type = str; description = "Admin DN"; };
817 mantisbt = mkOption {
818 description = "Mantisbt configuration";
821 postgresql = mkPsqlOptions "Mantisbt";
822 ldap = mkLdapOptions "Mantisbt" {};
823 master_salt = mkOption { type = str; description = "Master salt for password hash"; };
827 mastodon = mkOption {
828 description = "Mastodon configuration";
831 postgresql = mkPsqlOptions "Mastodon";
832 redis = mkRedisOptions "Mastodon";
833 ldap = mkLdapOptions "Mastodon" {};
834 paperclip_secret = mkOption { type = str; description = "Paperclip secret"; };
835 otp_secret = mkOption { type = str; description = "OTP secret"; };
836 secret_key_base = mkOption { type = str; description = "Secret key base"; };
838 description = "vapid key";
841 private = mkOption { type = str; description = "Private key"; };
842 public = mkOption { type = str; description = "Public key"; };
849 mediagoblin = mkOption {
850 description = "Mediagoblin configuration";
853 postgresql = mkPsqlOptions "Mediagoblin";
854 redis = mkRedisOptions "Mediagoblin";
855 ldap = mkLdapOptions "Mediagoblin" {};
859 nextcloud = mkOption {
860 description = "Nextcloud configuration";
863 postgresql = mkPsqlOptions "Peertube";
864 redis = mkRedisOptions "Peertube";
865 password_salt = mkOption { type = str; description = "Password salt"; };
866 instance_id = mkOption { type = str; description = "Instance ID"; };
867 secret = mkOption { type = str; description = "App secret"; };
871 peertube = mkOption {
872 description = "Peertube configuration";
875 listenPort = mkOption { type = port; description = "Port to listen to"; };
876 postgresql = mkPsqlOptions "Peertube";
877 redis = mkRedisOptions "Peertube";
878 ldap = mkLdapOptions "Peertube" {};
882 phpldapadmin = mkOption {
883 description = "phpLdapAdmin configuration";
886 ldap = mkLdapOptions "phpldapadmin" {};
891 description = "Rompr configuration";
895 description = "MPD configuration";
898 host = mkOption { type = str; description = "Host for MPD"; };
899 port = mkOption { type = port; description = "Port to access MPD host"; };
906 roundcubemail = mkOption {
907 description = "Roundcubemail configuration";
910 postgresql = mkPsqlOptions "TT-RSS";
911 secret = mkOption { type = str; description = "Secret"; };
916 description = "Shaarli configuration";
919 ldap = mkLdapOptions "Shaarli" {};
924 description = "Taskwarrior configuration";
927 ldap = mkLdapOptions "Taskwarrior" {};
928 taskwarrior-web = mkOption {
929 description = "taskwarrior-web profiles";
930 type = attrsOf (submodule {
934 description = "List of ldap uids having access to this profile";
936 org = mkOption { type = str; description = "Taskd organisation"; };
937 key = mkOption { type = str; description = "Taskd key"; };
938 date = mkOption { type = str; description = "Preferred date format"; };
946 description = "TT-RSS configuration";
949 postgresql = mkPsqlOptions "TT-RSS";
950 ldap = mkLdapOptions "TT-RSS" {};
954 wallabag = mkOption {
955 description = "Wallabag configuration";
958 postgresql = mkPsqlOptions "Wallabag";
959 ldap = mkLdapOptions "Wallabag" {
960 admin_filter = mkOption { type = str; description = "Admin users filter"; };
962 redis = mkRedisOptions "Wallabag";
963 secret = mkOption { type = str; description = "App secret"; };
968 description = "Ympd configuration";
971 listenPort = mkOption { type = port; description = "Port to listen to"; };
973 description = "MPD configuration";
976 password = mkOption { type = str; description = "Password to access MPD host"; };
977 host = mkOption { type = str; description = "Host for MPD"; };
978 port = mkOption { type = port; description = "Port to access MPD host"; };
986 description = "Yourls configuration";
989 mysql = mkMysqlOptions "Yourls" {};
990 ldap = mkLdapOptions "Yourls" {};
991 cookieKey = mkOption { type = str; description = "Cookie key"; };
998 websites = mkOption {
999 description = "Websites configurations";
1002 isabelle = mkOption {
1003 description = "Isabelle configurations by environment";
1006 atenSubmodule = mkOption {
1007 description = "environment configuration";
1010 environment = mkOption { type = str; description = "Symfony environment"; };
1011 secret = mkOption { type = str; description = "Symfony App secret"; };
1012 postgresql = mkPsqlOptions "Aten";
1019 aten_production = atenSubmodule;
1020 aten_integration = atenSubmodule;
1021 iridologie = mkOption {
1022 description = "environment configuration";
1025 environment = mkOption { type = str; description = "SPIP environment"; };
1026 mysql = mkMysqlOptions "Iridologie" {};
1027 ldap = mkLdapOptions "Iridologie" {};
1035 description = "Chloe configurations by environment";
1038 chloeSubmodule = mkOption {
1039 description = "environment configuration";
1042 environment = mkOption { type = str; description = "SPIP environment"; };
1043 mysql = mkMysqlOptions "Chloe" {};
1044 ldap = mkLdapOptions "Chloe" {};
1051 production = chloeSubmodule;
1052 integration = chloeSubmodule;
1056 connexionswing = mkOption {
1057 description = "Connexionswing configurations by environment";
1060 csSubmodule = mkOption {
1061 description = "environment configuration";
1064 environment = mkOption { type = str; description = "Symfony environment"; };
1065 mysql = mkMysqlOptions "Connexionswing" {};
1066 secret = mkOption { type = str; description = "Symfony App secret"; };
1067 email = mkOption { type = str; description = "Symfony email notification"; };
1074 production = csSubmodule;
1075 integration = csSubmodule;
1080 description = "Naturaloutil configuration";
1083 mysql = mkMysqlOptions "Naturaloutil" {};
1084 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1088 telioTortay = mkOption {
1089 description = "Telio Tortay configuration";
1092 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1096 ludivinecassal = mkOption {
1097 description = "Ludivinecassal configurations by environment";
1100 lcSubmodule = mkOption {
1101 description = "environment configuration";
1104 environment = mkOption { type = str; description = "Symfony environment"; };
1105 mysql = mkMysqlOptions "LudivineCassal" {};
1106 ldap = mkLdapOptions "LudivineCassal" {};
1107 secret = mkOption { type = str; description = "Symfony App secret"; };
1114 production = lcSubmodule;
1115 integration = lcSubmodule;
1120 description = "Emilia configuration";
1123 postgresql = mkPsqlOptions "Emilia";
1127 florian = mkOption {
1128 description = "Florian configuration";
1131 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1135 nassime = mkOption {
1136 description = "Nassime configuration";
1139 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1143 piedsjaloux = mkOption {
1144 description = "Piedsjaloux configurations by environment";
1147 pjSubmodule = mkOption {
1148 description = "environment configuration";
1151 environment = mkOption { type = str; description = "Symfony environment"; };
1152 mysql = mkMysqlOptions "Piedsjaloux" {};
1153 secret = mkOption { type = str; description = "Symfony App secret"; };
1160 production = pjSubmodule;
1161 integration = pjSubmodule;
1166 description = "Europe Richie configurations by environment";
1169 mysql = mkMysqlOptions "Richie" {};
1170 smtp_mailer = mkOption {
1171 description = "SMTP mailer configuration";
1174 user = mkOption { type = str; description = "Username"; };
1175 password = mkOption { type = str; description = "Password"; };
1182 tellesflorian = mkOption {
1183 description = "Tellesflorian configurations by environment";
1186 tfSubmodule = mkOption {
1187 description = "environment configuration";
1190 environment = mkOption { type = str; description = "Symfony environment"; };
1191 mysql = mkMysqlOptions "Tellesflorian" {};
1192 secret = mkOption { type = str; description = "Symfony App secret"; };
1193 invite_passwords = mkOption { type = str; description = "Password basic auth"; };
1200 integration = tfSubmodule;
1208 privateFiles = mkOption {
1211 Path to secret files to make available during build
1215 options.hostEnv = mkOption {
1218 default = config.myEnv.servers."${name}";
1219 description = "Host environment";