]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/environment.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Update eban domain
[perso/Immae/Config/Nix.git] / modules / private / environment.nix
1 { config, lib, name, ... }:
2 with lib;
3 with types;
4 with lists;
5 let
6 ldapOptions = {
7 base = mkOption { description = "Base of the LDAP tree"; type = str; };
8 host = mkOption { description = "Host to access LDAP"; type = str; };
9 root_dn = mkOption { description = "DN of the root user"; type = str; };
10 root_pw = mkOption { description = "Hashed password of the root user"; type = str; };
11 replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; };
12 replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; };
13 };
14 mkLdapOptions = name: more: mkOption {
15 description = "${name} LDAP configuration";
16 type = submodule {
17 options = ldapOptions // {
18 dn = mkOption { description = "DN of the ${name} user"; type = str; };
19 password = mkOption { description = "password of the ${name} user"; type = str; };
20 filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; };
21 } // more;
22 };
23 };
24 mysqlOptions = {
25 host = mkOption { description = "Host to access Mysql"; type = str; };
26 remoteHost = mkOption { description = "Host to access Mysql from outside"; type = str; };
27 port = mkOption { description = "Port to access Mysql"; type = str; };
28 socket = mkOption { description = "Socket to access Mysql"; type = path; };
29 systemUsers = mkOption {
30 description = "Attrs of user-passwords allowed to access mysql";
31 type = attrsOf str;
32 };
33 pam = mkOption {
34 description = "PAM configuration for mysql";
35 type = submodule {
36 options = {
37 dn = mkOption { description = "DN to connect as to check users"; type = str; };
38 password = mkOption { description = "DN password to connect as to check users"; type = str; };
39 filter = mkOption { description = "filter to match users"; type = str; };
40 };
41 };
42 };
43 };
44 mkMysqlOptions = name: more: mkOption {
45 description = "${name} mysql configuration";
46 type = submodule {
47 options = mysqlOptions // {
48 database = mkOption { description = "${name} database"; type = str; };
49 user = mkOption { description = "${name} user"; type = str; };
50 password = mkOption { description = "mysql password of the ${name} user"; type = str; };
51 } // more;
52 };
53 };
54 psqlOptions = {
55 host = mkOption { description = "Host to access Postgresql"; type = str; };
56 port = mkOption { description = "Port to access Postgresql"; type = str; };
57 socket = mkOption { description = "Socket to access Postgresql"; type = path; };
58 pam = mkOption {
59 description = "PAM configuration for psql";
60 type = submodule {
61 options = {
62 dn = mkOption { description = "DN to connect as to check users"; type = str; };
63 password = mkOption { description = "DN password to connect as to check users"; type = str; };
64 filter = mkOption { description = "filter to match users"; type = str; };
65 };
66 };
67 };
68 };
69 mkPsqlOptions = name: mkOption {
70 description = "${name} psql configuration";
71 type = submodule {
72 options = psqlOptions // {
73 database = mkOption { description = "${name} database"; type = str; };
74 schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; };
75 user = mkOption { description = "${name} user"; type = str; };
76 password = mkOption { description = "psql password of the ${name} user"; type = str; };
77 };
78 };
79 };
80 redisOptions = {
81 host = mkOption { description = "Host to access Redis"; type = str; };
82 port = mkOption { description = "Port to access Redis"; type = str; };
83 socket = mkOption { description = "Socket to access Redis"; type = path; };
84 dbs = mkOption {
85 description = "Attrs of db number. Each number should be unique to avoid collision!";
86 type = attrsOf str;
87 };
88 spiped_key = mkOption {
89 type = str;
90 description = ''
91 Key to use with spiped to make a secure channel to replication
92 '';
93 };
94 predixy = mkOption {
95 description = "Predixy configuration. Unused yet";
96 type = submodule {
97 options = {
98 read = mkOption { type = str; description = "Read password"; };
99 };
100 };
101 };
102 };
103 mkRedisOptions = name: mkOption {
104 description = "${name} redis configuration";
105 type = submodule {
106 options = redisOptions // {
107 db = mkOption { description = "${name} database"; type = str; };
108 };
109 };
110 };
111 smtpOptions = {
112 host = mkOption { description = "Host to access SMTP"; type = str; };
113 port = mkOption { description = "Port to access SMTP"; type = str; };
114 };
115 mkSmtpOptions = name: mkOption {
116 description = "${name} smtp configuration";
117 type = submodule {
118 options = smtpOptions // {
119 email = mkOption { description = "${name} email"; type = str; };
120 password = mkOption { description = "SMTP password of the ${name} user"; type = str; };
121 };
122 };
123 };
124 hostEnv = submodule {
125 options = {
126 fqdn = mkOption {
127 description = "Host FQDN";
128 type = str;
129 };
130 users = mkOption {
131 type = unspecified;
132 default = pkgs: [];
133 description = ''
134 Sublist of users from realUsers. Function that takes pkgs as
135 argument and gives an array as a result
136 '';
137 };
138 emails = mkOption {
139 default = [];
140 description = "List of e-mails that the server can be a sender of";
141 type = listOf str;
142 };
143 ldap = mkOption {
144 description = ''
145 LDAP credentials for the host
146 '';
147 type = submodule {
148 options = {
149 password = mkOption { type = str; description = "Password for the LDAP connection"; };
150 dn = mkOption { type = str; description = "DN for the LDAP connection"; };
151 };
152 };
153 };
154 mx = mkOption {
155 description = "subdomain and priority for MX server";
156 default = { enable = false; };
157 type = submodule {
158 options = {
159 enable = mkEnableOption "Enable MX";
160 subdomain = mkOption { type = nullOr str; description = "Subdomain name (mx-*)"; };
161 priority = mkOption { type = nullOr str; description = "Priority"; };
162 };
163 };
164 };
165 ips = mkOption {
166 description = ''
167 attrs of ip4/ip6 grouped by section
168 '';
169 type = attrsOf (submodule {
170 options = {
171 ip4 = mkOption {
172 type = str;
173 description = ''
174 ip4 address of the host
175 '';
176 };
177 ip6 = mkOption {
178 type = listOf str;
179 default = [];
180 description = ''
181 ip6 addresses of the host
182 '';
183 };
184 };
185 });
186 };
187 };
188 };
189 in
190 {
191 options.myEnv = {
192 servers = mkOption {
193 description = ''
194 Attrs of servers information in the cluster (not necessarily handled by nixops)
195 '';
196 default = {};
197 type = attrsOf hostEnv;
198 };
199 hetznerCloud = mkOption {
200 description = ''
201 Hetzner Cloud credential information
202 '';
203 type = submodule {
204 options = {
205 authToken = mkOption {
206 type = str;
207 description = ''
208 The API auth token.
209 '';
210 };
211 };
212 };
213 };
214 hetzner = mkOption {
215 description = ''
216 Hetzner credential information
217 '';
218 type = submodule {
219 options = {
220 user = mkOption { type = str; description = "User"; };
221 pass = mkOption { type = str; description = "Password"; };
222 };
223 };
224 };
225 sshd = mkOption {
226 description = ''
227 sshd service credential information
228 '';
229 type = submodule {
230 options = {
231 rootKeys = mkOption { type = attrsOf str; description = "Keys of root users"; };
232 ldap = mkOption {
233 description = ''
234 LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn
235 '';
236 type = submodule {
237 options = {
238 password = mkOption { description = "Password"; type = str; };
239 };
240 };
241 };
242 };
243 };
244 };
245 ports = mkOption {
246 description = ''
247 non-standard reserved ports. Must be unique!
248 '';
249 type = attrsOf port;
250 default = {};
251 apply = let
252 noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x));
253 in
254 x: if isAttrs x && noDupl x then x else throw "Non unique values for ports";
255 };
256 httpd = mkOption {
257 description = ''
258 httpd service credential information
259 '';
260 type = submodule {
261 options = {
262 ldap = mkOption {
263 description = ''
264 LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn
265 '';
266 type = submodule {
267 options = {
268 password = mkOption { description = "Password"; type = str; };
269 };
270 };
271 };
272 };
273 };
274 };
275 smtp = mkOption {
276 type = submodule { options = smtpOptions; };
277 description = "SMTP configuration";
278 };
279 ldap = mkOption {
280 description = ''
281 LDAP server configuration
282 '';
283 type = submodule {
284 options = ldapOptions;
285 };
286 };
287 databases = mkOption {
288 description = "Databases configuration";
289 type = submodule {
290 options = {
291 mysql = mkOption {
292 type = submodule { options = mysqlOptions; };
293 description = "Mysql configuration";
294 };
295 redis = mkOption {
296 type = submodule { options = redisOptions; };
297 description = "Redis configuration";
298 };
299 postgresql = mkOption {
300 type = submodule { options = psqlOptions; };
301 description = "Postgresql configuration";
302 };
303 };
304 };
305 };
306 jabber = mkOption {
307 description = "Jabber configuration";
308 type = submodule {
309 options = {
310 postfix_user_filter = mkOption { type = str; description = "Postfix filter to get xmpp users"; };
311 ldap = mkLdapOptions "Jabber" {};
312 postgresql = mkPsqlOptions "Jabber";
313 };
314 };
315 };
316 realUsers = mkOption {
317 description = ''
318 Attrset of function taking pkgs as argument.
319 Real users settings, should provide a subattr of users.users.<name>
320 with at least: name, (hashed)Password, shell
321 '';
322 type = attrsOf unspecified;
323 };
324 users = mkOption {
325 description = "System and regular users uid/gid";
326 type = attrsOf (submodule {
327 options = {
328 uid = mkOption {
329 description = "user uid";
330 type = int;
331 };
332 gid = mkOption {
333 description = "user gid";
334 type = int;
335 };
336 };
337 });
338 };
339 dns = mkOption {
340 description = "DNS configuration";
341 type = submodule {
342 options = {
343 soa = mkOption {
344 description = "SOA information";
345 type = submodule {
346 options = {
347 serial = mkOption {
348 description = "Serial number. Should be incremented at each change and unique";
349 type = str;
350 };
351 refresh = mkOption {
352 description = "Refresh time";
353 type = str;
354 };
355 retry = mkOption {
356 description = "Retry time";
357 type = str;
358 };
359 expire = mkOption {
360 description = "Expire time";
361 type = str;
362 };
363 ttl = mkOption {
364 description = "Default TTL time";
365 type = str;
366 };
367 email = mkOption {
368 description = "hostmaster e-mail";
369 type = str;
370 };
371 primary = mkOption {
372 description = "Primary NS";
373 type = str;
374 };
375 };
376 };
377 };
378 ns = mkOption {
379 description = "Attrs of NS servers group";
380 example = {
381 foo = {
382 "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ];
383 "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ];
384 };
385 };
386 type = attrsOf (attrsOf (listOf str));
387 };
388 keys = mkOption {
389 default = {};
390 description = "DNS keys";
391 type = attrsOf (submodule {
392 options = {
393 algorithm = mkOption { type = str; description = "Algorithm"; };
394 secret = mkOption { type = str; description = "Secret"; };
395 };
396 });
397 };
398 slaveZones = mkOption {
399 description = "List of slave zones";
400 type = listOf (submodule {
401 options = {
402 name = mkOption { type = str; description = "zone name"; };
403 masters = mkOption {
404 description = "NS master groups of this zone";
405 type = listOf str;
406 };
407 keys = mkOption {
408 default = [];
409 description = "Keys associated to the server";
410 type = listOf str;
411 };
412 };
413 });
414 };
415 masterZones = mkOption {
416 description = "List of master zones";
417 type = listOf (submodule {
418 options = {
419 name = mkOption { type = str; description = "zone name"; };
420 withCAA = mkOption { type = nullOr str; description = "CAA entry"; default = null; };
421 slaves = mkOption {
422 description = "NS slave groups of this zone";
423 type = listOf str;
424 };
425 ns = mkOption {
426 description = "groups names that should have their NS entries listed here";
427 type = listOf str;
428 };
429 extra = mkOption {
430 description = "Extra zone configuration for bind";
431 example = ''
432 notify yes;
433 '';
434 type = lines;
435 };
436 entries = mkOption { type = lines; description = "Regular entries of the NS zone"; };
437 withEmail = mkOption {
438 description = "List of domains that should have mail entries (MX, dkim, SPF, ...)";
439 default = [];
440 type = listOf (submodule {
441 options = {
442 domain = mkOption { type = str; description = "Which subdomain is concerned"; };
443 send = mkOption { type = bool; description = "Whether there can be e-mails originating from the subdomain"; };
444 receive = mkOption { type = bool; description = "Whether there can be e-mails arriving to the subdomain"; };
445 };
446 });
447 };
448 };
449 });
450 };
451 };
452 };
453 };
454 backup = mkOption {
455 description = ''
456 Remote backup with duplicity
457 '';
458 type = submodule {
459 options = {
460 password = mkOption { type = str; description = "Password for encrypting files"; };
461 remotes = mkOption {
462 type = attrsOf (submodule {
463 options = {
464 remote = mkOption {
465 type = unspecified;
466 example = literalExample ''
467 bucket: "s3://some_host/${bucket}";
468 '';
469 description = ''
470 Function.
471 Takes a bucket name as argument and returns a url
472 '';
473 };
474 accessKeyId = mkOption { type = str; description = "Remote access-key"; };
475 secretAccessKey = mkOption { type = str; description = "Remote access secret"; };
476 };
477 });
478 };
479 };
480 };
481 };
482 zrepl_backup = mkOption {
483 type = submodule {
484 options = {
485 ssh_key = mkOption {
486 description = "SSH key information";
487 type = submodule {
488 options = {
489 public = mkOption { type = str; description = "Public part of the key"; };
490 private = mkOption { type = lines; description = "Private part of the key"; };
491 };
492 };
493 };
494 mysql = mkMysqlOptions "Zrepl" {};
495 };
496 };
497 };
498 rsync_backup = mkOption {
499 description =''
500 Rsync backup configuration from controlled host
501 '';
502 type = submodule {
503 options = {
504 ssh_key = mkOption {
505 description = "SSH key information";
506 type = submodule {
507 options = {
508 public = mkOption { type = str; description = "Public part of the key"; };
509 private = mkOption { type = lines; description = "Private part of the key"; };
510 };
511 };
512 };
513 profiles = mkOption {
514 description = "Attrs of profiles to backup";
515 type = attrsOf (submodule {
516 options = {
517 keep = mkOption { type = int; description = "Number of backups to keep"; };
518 check_command = mkOption { type = str; description = "command to check if backup needs to be done"; default = "backup"; };
519 login = mkOption { type = str; description = "Login to connect to host"; };
520 port = mkOption { type = str; default = "22"; description = "Port to connect to host"; };
521 host = mkOption { type = str; description = "Host to connect to"; };
522 host_key = mkOption { type = str; description = "Host key"; };
523 host_key_type = mkOption { type = str; description = "Host key type"; };
524 parts = mkOption {
525 description = "Parts to backup for this host";
526 type = attrsOf (submodule {
527 options = {
528 remote_folder = mkOption { type = path; description = "Remote folder to backup";};
529 exclude_from = mkOption {
530 type = listOf path;
531 default = [];
532 description = "List of folders/files to exclude from the backup";
533 };
534 files_from = mkOption {
535 type = listOf path;
536 default = [];
537 description = "List of folders/files to backup in the base folder";
538 };
539 args = mkOption {
540 type = nullOr str;
541 default = null;
542 description = "Extra arguments to pass to rsync";
543 };
544 };
545 });
546 };
547 };
548 });
549 };
550 };
551 };
552 };
553 monitoring = mkOption {
554 description = "Monitoring configuration";
555 type = submodule {
556 options = {
557 status_url = mkOption { type = str; description = "URL to push status to"; };
558 status_token = mkOption { type = str; description = "Token for the status url"; };
559 http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; };
560 email = mkOption { type = str; description = "Admin E-mail"; };
561 ssh_public_key = mkOption { type = str; description = "SSH public key"; };
562 ssh_secret_key = mkOption { type = str; description = "SSH secret key"; };
563 imap_login = mkOption { type = str; description = "IMAP login"; };
564 imap_password = mkOption { type = str; description = "IMAP password"; };
565 eriomem_keys = mkOption { type = listOf (listOf str); description = "Eriomem keys"; default = []; };
566 ovh_sms = mkOption {
567 description = "OVH credentials for sms script";
568 type = submodule {
569 options = {
570 endpoint = mkOption { type = str; default = "ovh-eu"; description = "OVH endpoint"; };
571 application_key = mkOption { type = str; description = "Application key"; };
572 application_secret = mkOption { type = str; description = "Application secret"; };
573 consumer_key = mkOption { type = str; description = "Consumer key"; };
574 account = mkOption { type = str; description = "Account"; };
575 };
576 };
577 };
578 nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; };
579 slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; };
580 slack_channel = mkOption { type = str; description = "Slack channel to push status update"; };
581 netdata_aggregator = mkOption { type = str; description = "Url where netdata information should be sent"; };
582 netdata_keys = mkOption { type = attrsOf str; description = "netdata host keys"; };
583 contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; };
584 email_check = mkOption {
585 description = "Emails services to check";
586 type = attrsOf (submodule {
587 options = {
588 local = mkOption { type = bool; default = false; description = "Use local configuration"; };
589 port = mkOption { type = nullOr str; default = null; description = "Port to connect to ssh"; };
590 login = mkOption { type = nullOr str; default = null; description = "Login to connect to ssh"; };
591 targets = mkOption { type = listOf str; description = "Hosts to send E-mails to"; };
592 mail_address = mkOption { type = nullOr str; default = null; description = "E-mail recipient part to send e-mail to"; };
593 mail_domain = mkOption { type = nullOr str; default = null; description = "E-mail domain part to send e-mail to"; };
594 };
595 });
596 };
597 };
598 };
599 };
600 mpd = mkOption {
601 description = "MPD configuration";
602 type = submodule {
603 options = {
604 folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; };
605 password = mkOption { type = str; description = "Password to connect to the MPD instance"; };
606 host = mkOption { type = str; description = "Host to connect to the MPD instance"; };
607 port = mkOption { type = str; description = "Port to connect to the MPD instance"; };
608 };
609 };
610 };
611 ftp = mkOption {
612 description = "FTP configuration";
613 type = submodule {
614 options = {
615 ldap = mkLdapOptions "FTP" {
616 proftpd_filter = mkOption { type = str; description = "Filter for proftpd listing in LDAP"; };
617 pure-ftpd_filter = mkOption { type = str; description = "Filter for pure-ftpd listing in LDAP"; };
618 };
619 };
620 };
621 };
622 vpn = mkOption {
623 description = "VPN configuration";
624 type = attrsOf (submodule {
625 options = {
626 prefix = mkOption { type = str; description = "ipv6 prefix for the vpn subnet"; };
627 privateKey = mkOption { type = str; description = "Private key for the host"; };
628 publicKey = mkOption { type = str; description = "Public key for the host"; };
629 };
630 });
631 };
632 mail = mkOption {
633 description = "Mail configuration";
634 type = submodule {
635 options = {
636 dmarc = mkOption {
637 description = "DMARC configuration";
638 type = submodule {
639 options = {
640 ignore_hosts = mkOption {
641 type = lines;
642 description = ''
643 Hosts to ignore when checking for dmarc
644 '';
645 };
646 };
647 };
648 };
649 dkim = mkOption {
650 description = "DKIM configuration";
651 type = attrsOf (submodule {
652 options = {
653 public = mkOption {
654 type = str;
655 example = ''
656 ( "v=DKIM1; k=rsa; "
657 "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB" )
658 '';
659 description = "Public entry to put in DNS TXT field";
660 };
661 private = mkOption { type = str; description = "Private key"; };
662 };
663 });
664 };
665 postfix = mkOption {
666 description = "Postfix configuration";
667 type = submodule {
668 options = {
669 additional_mailbox_domains = mkOption {
670 description = ''
671 List of domains that are used as mailbox final destination, in addition to those defined in the DNS records
672 '';
673 type = listOf str;
674 };
675 mysql = mkMysqlOptions "Postfix" {
676 password_encrypt = mkOption { type = str; description = "Key to encrypt relay password in database"; };
677 };
678 backup_domains = mkOption {
679 description = ''
680 Domains that are accepted for relay as backup domain
681 '';
682 type = attrsOf (submodule {
683 options = {
684 domains = mkOption { type = listOf str; description = "Domains list"; };
685 relay_restrictions = mkOption {
686 type = lines;
687 description = ''
688 Restrictions for relaying the e-mails from the domains
689 '';
690 };
691 recipient_maps = mkOption {
692 description = ''
693 Recipient map to accept relay for.
694 Must be specified for domain, the rules apply to everyone!
695 '';
696 type = listOf (submodule {
697 options = {
698 type = mkOption {
699 type = enum [ "hash" ];
700 description = "Map type";
701 };
702 content = mkOption {
703 type = str;
704 description = "Map content";
705 };
706 };
707 });
708 };
709 };
710 });
711 };
712 };
713 };
714 };
715 dovecot = mkOption {
716 description = "Dovecot configuration";
717 type = submodule {
718 options = {
719 ldap = mkLdapOptions "Dovecot" {
720 pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; };
721 user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; };
722 iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; };
723 iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; };
724 postfix_mailbox_filter = mkOption { type = str; description = "Postfix filter to get mailboxes"; };
725 };
726 };
727 };
728 };
729 rspamd = mkOption {
730 description = "rspamd configuration";
731 type = submodule {
732 options = {
733 redis = mkRedisOptions "Redis";
734 read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; };
735 write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; };
736 read_password = mkOption {
737 type = str;
738 description = "Read password for rspamd. Unused";
739 apply = x: "";
740 };
741 write_password = mkOption {
742 type = str;
743 description = "Write password for rspamd. Unused";
744 apply = x: "";
745 };
746 };
747 };
748 };
749 scripts = mkOption {
750 description = "Mail script recipients";
751 type = attrsOf (submodule {
752 options = {
753 external = mkEnableOption "Create a script_<name>@mail.immae.eu external address";
754 src = mkOption {
755 description = ''
756 git source to fetch the script from.
757 It must have a default.nix file as its root accepting a scriptEnv parameter
758 '';
759 type = submodule {
760 options = {
761 url = mkOption { type = str; description = "git url to fetch"; };
762 rev = mkOption { type = str; description = "git reference to fetch"; };
763 };
764 };
765 };
766 env = mkOption {
767 description = "Variables to pass to the script";
768 type = unspecified;
769 };
770 };
771 });
772 };
773 sympa = mkOption {
774 description = "Sympa configuration";
775 type = submodule {
776 options = {
777 listmasters = mkOption {
778 type = listOf str;
779 description = "Listmasters";
780 };
781 postgresql = mkPsqlOptions "Sympa";
782 data_sources = mkOption {
783 type = attrsOf str;
784 default = {};
785 description = "Data sources to make available to sympa";
786 };
787 scenari = mkOption {
788 type = attrsOf str;
789 default = {};
790 description = "Scenari to make available to sympa";
791 };
792 };
793 };
794 };
795 };
796 };
797 };
798 coturn = mkOption {
799 description = "Coturn configuration";
800 type = submodule {
801 options = {
802 auth_access_key = mkOption { type = str; description = "key to access coturn"; };
803 };
804 };
805 };
806 buildbot = mkOption {
807 description = "Buildbot configuration";
808 type = submodule {
809 options = {
810 ssh_key = mkOption {
811 description = "SSH key information";
812 type = submodule {
813 options = {
814 public = mkOption { type = str; description = "Public part of the key"; };
815 private = mkOption { type = lines; description = "Private part of the key"; };
816 };
817 };
818 };
819 workerPassword = mkOption { description = "Buildbot worker password"; type = str; };
820 user = mkOption {
821 description = "Buildbot user";
822 type = submodule {
823 options = {
824 uid = mkOption {
825 description = "user uid";
826 type = int;
827 };
828 gid = mkOption {
829 description = "user gid";
830 type = int;
831 };
832 };
833 };
834 };
835 ldap = mkOption {
836 description = "Ldap configuration for buildbot";
837 type = submodule {
838 options = {
839 password = mkOption { type = str; description = "Buildbot password"; };
840 };
841 };
842 };
843 projects = mkOption {
844 description = "Projects to make a buildbot for";
845 type = attrsOf (submodule {
846 options = {
847 name = mkOption { type = str; description = "Project name"; };
848 packages = mkOption {
849 type = unspecified;
850 example = literalExample ''
851 pkgs: [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ];
852 '';
853 description = ''
854 Function.
855 Builds packages list to make available to buildbot project.
856 Takes pkgs as argument.
857 '';
858 };
859 pythonPackages = mkOption {
860 type = unspecified;
861 example = literalExample ''
862 p: pkgs: [ pkgs.python3Packages.pip ];
863 '';
864 description = ''
865 Function.
866 Builds python packages list to make available to buildbot project.
867 Takes buildbot python module as first argument and pkgs as second argument in order to augment the python modules list.
868 '';
869 };
870 pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; };
871 workerPort = mkOption { type = port; description = "Port for the worker"; };
872 secrets = mkOption {
873 #type = attrsOf (either str (functionTo str));
874 type = attrsOf unspecified;
875 description = "Secrets for the project to dump as files. Might be a function that takes pkgs as argument";
876 };
877 environment = mkOption {
878 #type = attrsOf (either str (functionTo str));
879 type = attrsOf unspecified;
880 description = ''
881 Environment variables for the project. Might be a function that takes pkgs as argument.
882 BUILDBOT_ is prefixed to the variable names
883 '';
884 };
885 activationScript = mkOption {
886 type = lines;
887 description = ''
888 Activation script to run during deployment
889 '';
890 };
891 builderPaths = mkOption {
892 type = attrsOf unspecified;
893 default = {};
894 description = ''
895 Attrs of functions to make accessible specifically per builder.
896 Takes pkgs as argument and should return a single path containing binaries.
897 This path will be accessible as BUILDBOT_PATH_<attrskey>
898 '';
899 };
900 webhookTokens = mkOption {
901 type = nullOr (listOf str);
902 default = null;
903 description = ''
904 List of tokens allowed to push to project’s change_hook/base endpoint
905 '';
906 };
907 };
908 });
909 };
910 };
911 };
912 };
913 tools = mkOption {
914 description = "Tools configurations";
915 type = submodule {
916 options = {
917 contact = mkOption { type = str; description = "Contact e-mail address"; };
918 assets = mkOption {
919 default = {};
920 type = attrsOf (submodule {
921 options = {
922 url = mkOption { type = str; description = "URL to fetch"; };
923 sha256 = mkOption { type = str; description = "Hash of the url"; };
924 };
925 });
926 description = "Assets to provide on assets.immae.eu";
927 };
928 davical = mkOption {
929 description = "Davical configuration";
930 type = submodule {
931 options = {
932 postgresql = mkPsqlOptions "Davical";
933 ldap = mkLdapOptions "Davical" {};
934 };
935 };
936 };
937 diaspora = mkOption {
938 description = "Diaspora configuration";
939 type = submodule {
940 options = {
941 postgresql = mkPsqlOptions "Diaspora";
942 redis = mkRedisOptions "Diaspora";
943 ldap = mkLdapOptions "Diaspora" {};
944 secret_token = mkOption { type = str; description = "Secret token"; };
945 };
946 };
947 };
948 dmarc_reports = mkOption {
949 description = "DMARC reports configuration";
950 type = submodule {
951 options = {
952 mysql = mkMysqlOptions "DMARC" {};
953 anonymous_key = mkOption { type = str; description = "Anonymous hashing key"; };
954 };
955 };
956 };
957 etherpad-lite = mkOption {
958 description = "Etherpad configuration";
959 type = submodule {
960 options = {
961 postgresql = mkPsqlOptions "Etherpad";
962 ldap = mkLdapOptions "Etherpad" {
963 group_filter = mkOption { type = str; description = "Filter for groups"; };
964 };
965 adminPassword = mkOption { type = str; description = "Admin password for mypads / admin"; };
966 session_key = mkOption { type = str; description = "Session key"; };
967 api_key = mkOption { type = str; description = "API key"; };
968 redirects = mkOption { type = str; description = "Redirects for apache"; };
969 };
970 };
971 };
972 gitolite = mkOption {
973 description = "Gitolite configuration";
974 type = submodule {
975 options = {
976 ldap = mkLdapOptions "Gitolite" {};
977 ssh_key = mkOption {
978 description = "SSH key information";
979 type = submodule {
980 options = {
981 public = mkOption { type = str; description = "Public part of the key"; };
982 private = mkOption { type = lines; description = "Private part of the key"; };
983 };
984 };
985 };
986 };
987 };
988 };
989 kanboard = mkOption {
990 description = "Kanboard configuration";
991 type = submodule {
992 options = {
993 postgresql = mkPsqlOptions "Kanboard";
994 ldap = mkLdapOptions "Kanboard" {
995 admin_dn = mkOption { type = str; description = "Admin DN"; };
996 };
997 };
998 };
999 };
1000 mantisbt = mkOption {
1001 description = "Mantisbt configuration";
1002 type = submodule {
1003 options = {
1004 postgresql = mkPsqlOptions "Mantisbt";
1005 ldap = mkLdapOptions "Mantisbt" {};
1006 master_salt = mkOption { type = str; description = "Master salt for password hash"; };
1007 };
1008 };
1009 };
1010 mastodon = mkOption {
1011 description = "Mastodon configuration";
1012 type = submodule {
1013 options = {
1014 postgresql = mkPsqlOptions "Mastodon";
1015 redis = mkRedisOptions "Mastodon";
1016 ldap = mkLdapOptions "Mastodon" {};
1017 paperclip_secret = mkOption { type = str; description = "Paperclip secret"; };
1018 otp_secret = mkOption { type = str; description = "OTP secret"; };
1019 secret_key_base = mkOption { type = str; description = "Secret key base"; };
1020 vapid = mkOption {
1021 description = "vapid key";
1022 type = submodule {
1023 options = {
1024 private = mkOption { type = str; description = "Private key"; };
1025 public = mkOption { type = str; description = "Public key"; };
1026 };
1027 };
1028 };
1029 };
1030 };
1031 };
1032 mediagoblin = mkOption {
1033 description = "Mediagoblin configuration";
1034 type = submodule {
1035 options = {
1036 postgresql = mkPsqlOptions "Mediagoblin";
1037 redis = mkRedisOptions "Mediagoblin";
1038 ldap = mkLdapOptions "Mediagoblin" {};
1039 };
1040 };
1041 };
1042 nextcloud = mkOption {
1043 description = "Nextcloud configuration";
1044 type = submodule {
1045 options = {
1046 postgresql = mkPsqlOptions "Peertube";
1047 redis = mkRedisOptions "Peertube";
1048 password_salt = mkOption { type = str; description = "Password salt"; };
1049 instance_id = mkOption { type = str; description = "Instance ID"; };
1050 secret = mkOption { type = str; description = "App secret"; };
1051 };
1052 };
1053 };
1054 peertube = mkOption {
1055 description = "Peertube configuration";
1056 type = submodule {
1057 options = {
1058 listenPort = mkOption { type = port; description = "Port to listen to"; };
1059 postgresql = mkPsqlOptions "Peertube";
1060 redis = mkRedisOptions "Peertube";
1061 ldap = mkLdapOptions "Peertube" {};
1062 };
1063 };
1064 };
1065 syden_peertube = mkOption {
1066 description = "Peertube Syden configuration";
1067 type = submodule {
1068 options = {
1069 listenPort = mkOption { type = port; description = "Port to listen to"; };
1070 postgresql = mkPsqlOptions "Peertube";
1071 redis = mkRedisOptions "Peertube";
1072 };
1073 };
1074 };
1075 phpldapadmin = mkOption {
1076 description = "phpLdapAdmin configuration";
1077 type = submodule {
1078 options = {
1079 ldap = mkLdapOptions "phpldapadmin" {};
1080 };
1081 };
1082 };
1083 rompr = mkOption {
1084 description = "Rompr configuration";
1085 type = submodule {
1086 options = {
1087 mpd = mkOption {
1088 description = "MPD configuration";
1089 type = submodule {
1090 options = {
1091 host = mkOption { type = str; description = "Host for MPD"; };
1092 port = mkOption { type = port; description = "Port to access MPD host"; };
1093 };
1094 };
1095 };
1096 };
1097 };
1098 };
1099 roundcubemail = mkOption {
1100 description = "Roundcubemail configuration";
1101 type = submodule {
1102 options = {
1103 postgresql = mkPsqlOptions "TT-RSS";
1104 secret = mkOption { type = str; description = "Secret"; };
1105 };
1106 };
1107 };
1108 shaarli = mkOption {
1109 description = "Shaarli configuration";
1110 type = submodule {
1111 options = {
1112 ldap = mkLdapOptions "Shaarli" {};
1113 };
1114 };
1115 };
1116 status_engine = mkOption {
1117 description = "Status Engine configuration";
1118 type = submodule {
1119 options = {
1120 mysql = mkMysqlOptions "StatusEngine" {};
1121 ldap = mkLdapOptions "StatusEngine" {};
1122 };
1123 };
1124 };
1125 task = mkOption {
1126 description = "Taskwarrior configuration";
1127 type = submodule {
1128 options = {
1129 ldap = mkLdapOptions "Taskwarrior" {};
1130 taskwarrior-web = mkOption {
1131 description = "taskwarrior-web profiles";
1132 type = attrsOf (submodule {
1133 options = {
1134 uid = mkOption {
1135 type = listOf str;
1136 description = "List of ldap uids having access to this profile";
1137 };
1138 org = mkOption { type = str; description = "Taskd organisation"; };
1139 key = mkOption { type = str; description = "Taskd key"; };
1140 date = mkOption { type = str; description = "Preferred date format"; };
1141 };
1142 });
1143 };
1144 };
1145 };
1146 };
1147 ttrss = mkOption {
1148 description = "TT-RSS configuration";
1149 type = submodule {
1150 options = {
1151 postgresql = mkPsqlOptions "TT-RSS";
1152 ldap = mkLdapOptions "TT-RSS" {};
1153 };
1154 };
1155 };
1156 wallabag = mkOption {
1157 description = "Wallabag configuration";
1158 type = submodule {
1159 options = {
1160 postgresql = mkPsqlOptions "Wallabag";
1161 ldap = mkLdapOptions "Wallabag" {
1162 admin_filter = mkOption { type = str; description = "Admin users filter"; };
1163 };
1164 redis = mkRedisOptions "Wallabag";
1165 secret = mkOption { type = str; description = "App secret"; };
1166 };
1167 };
1168 };
1169 webhooks = mkOption {
1170 type = attrsOf str;
1171 description = "Mapping 'name'.php => script for webhooks";
1172 };
1173 csp_reports = mkOption {
1174 description = "CSP report configuration";
1175 type = submodule {
1176 options = {
1177 report_uri = mkOption { type = str; description = "URI to report CSP violations to"; };
1178 policies = mkOption { type = attrsOf str; description = "CSP policies to apply"; };
1179 postgresql = mkPsqlOptions "CSP reports";
1180 };
1181 };
1182 };
1183 commento = mkOption {
1184 description = "Commento configuration";
1185 type = submodule {
1186 options = {
1187 listenPort = mkOption { type = port; description = "Port to listen to"; };
1188 postgresql = mkPsqlOptions "Commento";
1189 smtp = mkSmtpOptions "Commento";
1190 };
1191 };
1192 };
1193 cryptpad = mkOption {
1194 description = "Cryptpad configuration";
1195 type = attrsOf (submodule {
1196 options = {
1197 email = mkOption { type = str; description = "Admin e-mail"; };
1198 admins = mkOption { type = listOf str; description = "Instance admin public keys"; };
1199 port = mkOption { type = port; description = "Port to listen to"; };
1200 };
1201 });
1202 };
1203 ympd = mkOption {
1204 description = "Ympd configuration";
1205 type = submodule {
1206 options = {
1207 listenPort = mkOption { type = port; description = "Port to listen to"; };
1208 mpd = mkOption {
1209 description = "MPD configuration";
1210 type = submodule {
1211 options = {
1212 password = mkOption { type = str; description = "Password to access MPD host"; };
1213 host = mkOption { type = str; description = "Host for MPD"; };
1214 port = mkOption { type = port; description = "Port to access MPD host"; };
1215 };
1216 };
1217 };
1218 };
1219 };
1220 };
1221 umami = mkOption {
1222 description = "Umami configuration";
1223 type = submodule {
1224 options = {
1225 listenPort = mkOption { type = port; description = "Port to listen to"; };
1226 postgresql = mkPsqlOptions "Umami";
1227 hashSalt = mkOption { type = str; description = "Hash salt"; };
1228 };
1229 };
1230 };
1231 yourls = mkOption {
1232 description = "Yourls configuration";
1233 type = submodule {
1234 options = {
1235 mysql = mkMysqlOptions "Yourls" {};
1236 ldap = mkLdapOptions "Yourls" {};
1237 cookieKey = mkOption { type = str; description = "Cookie key"; };
1238 };
1239 };
1240 };
1241 };
1242 };
1243 };
1244 serverSpecific = mkOption { type = attrsOf unspecified; description = "Server specific configuration"; };
1245 websites = mkOption {
1246 description = "Websites configurations";
1247 type = submodule {
1248 options = {
1249 christophe_carpentier = mkOption {
1250 description = "Christophe Carpentier configuration by environment";
1251 type = submodule {
1252 options = {
1253 agorakit = mkOption {
1254 description = "Agorakit configuration";
1255 type = submodule {
1256 options = {
1257 mysql = mkMysqlOptions "Agorakit" {};
1258 smtp = mkSmtpOptions "Agorakit";
1259 appkey = mkOption { type = str; description = "App key"; };
1260 };
1261 };
1262 };
1263 };
1264 };
1265 };
1266 immae = mkOption {
1267 description = "Immae configuration by environment";
1268 type = submodule {
1269 options = {
1270 temp = mkOption {
1271 description = "Temp configuration";
1272 type = submodule {
1273 options = {
1274 ldap = mkLdapOptions "Immae temp" {
1275 filter = mkOption { type = str; description = "Filter for user access"; };
1276 };
1277 };
1278 };
1279 };
1280 };
1281 };
1282 };
1283 isabelle = mkOption {
1284 description = "Isabelle configurations by environment";
1285 type =
1286 let
1287 atenSubmodule = mkOption {
1288 description = "environment configuration";
1289 type = submodule {
1290 options = {
1291 environment = mkOption { type = str; description = "Symfony environment"; };
1292 secret = mkOption { type = str; description = "Symfony App secret"; };
1293 postgresql = mkPsqlOptions "Aten";
1294 };
1295 };
1296 };
1297 in
1298 submodule {
1299 options = {
1300 aten_production = atenSubmodule;
1301 aten_integration = atenSubmodule;
1302 iridologie = mkOption {
1303 description = "environment configuration";
1304 type = submodule {
1305 options = {
1306 environment = mkOption { type = str; description = "SPIP environment"; };
1307 mysql = mkMysqlOptions "Iridologie" {};
1308 ldap = mkLdapOptions "Iridologie" {};
1309 };
1310 };
1311 };
1312 };
1313 };
1314 };
1315 chloe = mkOption {
1316 description = "Chloe configurations by environment";
1317 type =
1318 let
1319 chloeSubmodule = mkOption {
1320 description = "environment configuration";
1321 type = submodule {
1322 options = {
1323 environment = mkOption { type = str; description = "SPIP environment"; };
1324 mysql = mkMysqlOptions "Chloe" {};
1325 ldap = mkLdapOptions "Chloe" {};
1326 };
1327 };
1328 };
1329 in
1330 submodule {
1331 options = {
1332 production = chloeSubmodule;
1333 integration = chloeSubmodule;
1334 new = mkOption {
1335 description = "environment configuration";
1336 type = submodule {
1337 options = {
1338 mysql = mkMysqlOptions "ChloeNew" {};
1339 ldap = mkLdapOptions "ChloeNew" {};
1340 secret = mkOption { type = str; description = "Symfony App secret"; };
1341 };
1342 };
1343 };
1344 };
1345 };
1346 };
1347 connexionswing = mkOption {
1348 description = "Connexionswing configurations by environment";
1349 type =
1350 let
1351 csSubmodule = mkOption {
1352 description = "environment configuration";
1353 type = submodule {
1354 options = {
1355 environment = mkOption { type = str; description = "Symfony environment"; };
1356 mysql = mkMysqlOptions "Connexionswing" {};
1357 secret = mkOption { type = str; description = "Symfony App secret"; };
1358 email = mkOption { type = str; description = "Symfony email notification"; };
1359 };
1360 };
1361 };
1362 in
1363 submodule {
1364 options = {
1365 production = csSubmodule;
1366 integration = csSubmodule;
1367 };
1368 };
1369 };
1370 jerome = mkOption {
1371 description = "Naturaloutil configuration";
1372 type = submodule {
1373 options = {
1374 mysql = mkMysqlOptions "Naturaloutil" {};
1375 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1376 };
1377 };
1378 };
1379 telio_tortay = mkOption {
1380 description = "Telio Tortay configuration";
1381 type = submodule {
1382 options = {
1383 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1384 };
1385 };
1386 };
1387 ludivine = mkOption {
1388 description = "Ludivinecassal configurations by environment";
1389 type =
1390 let
1391 lcSubmodule = mkOption {
1392 description = "environment configuration";
1393 type = submodule {
1394 options = {
1395 environment = mkOption { type = str; description = "Symfony environment"; };
1396 mysql = mkMysqlOptions "LudivineCassal" {};
1397 ldap = mkLdapOptions "LudivineCassal" {};
1398 secret = mkOption { type = str; description = "Symfony App secret"; };
1399 };
1400 };
1401 };
1402 in
1403 submodule {
1404 options = {
1405 production = lcSubmodule;
1406 integration = lcSubmodule;
1407 };
1408 };
1409 };
1410 nicecoop = mkOption {
1411 description = "Nicecoop configuration";
1412 type = submodule {
1413 options = {
1414 odoo = {
1415 port = mkOption { description = "Port to listen to"; type = port; };
1416 longpoll_port = mkOption { description = "Port to listen to"; type = port; };
1417 postgresql = mkPsqlOptions "Odoo";
1418 admin_password = mkOption { type = str; description = "Admin password"; };
1419 };
1420 gestion-compte = {
1421 smtp = mkSmtpOptions "GestionCompte";
1422 mysql = mkMysqlOptions "gestion-compte" {};
1423 secret = mkOption { type = str; description = "Application secret"; };
1424 adminpassword = mkOption { type = str; description = "Admin password"; };
1425 };
1426 gestion-compte-integration = {
1427 smtp = mkSmtpOptions "GestionCompte";
1428 mysql = mkMysqlOptions "gestion-compte" {};
1429 secret = mkOption { type = str; description = "Application secret"; };
1430 adminpassword = mkOption { type = str; description = "Admin password"; };
1431 };
1432 copanier = {
1433 smtp = mkSmtpOptions "Copanier";
1434 staff = mkOption { type = listOf str; description = "List of staff members"; };
1435 };
1436 };
1437 };
1438 };
1439 emilia = mkOption {
1440 description = "Emilia configuration";
1441 type = submodule {
1442 options = {
1443 postgresql = mkPsqlOptions "Emilia";
1444 };
1445 };
1446 };
1447 florian = mkOption {
1448 description = "Florian configuration";
1449 type = submodule {
1450 options = {
1451 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1452 };
1453 };
1454 };
1455 nassime = mkOption {
1456 description = "Nassime configuration";
1457 type = submodule {
1458 options = {
1459 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1460 };
1461 };
1462 };
1463 piedsjaloux = mkOption {
1464 description = "Piedsjaloux configurations by environment";
1465 type =
1466 let
1467 pjSubmodule = mkOption {
1468 description = "environment configuration";
1469 type = submodule {
1470 options = {
1471 environment = mkOption { type = str; description = "Symfony environment"; };
1472 mysql = mkMysqlOptions "Piedsjaloux" {};
1473 secret = mkOption { type = str; description = "Symfony App secret"; };
1474 };
1475 };
1476 };
1477 in
1478 submodule {
1479 options = {
1480 production = pjSubmodule;
1481 integration = pjSubmodule;
1482 };
1483 };
1484 };
1485 richie = mkOption {
1486 description = "Europe Richie configurations by environment";
1487 type = submodule {
1488 options = {
1489 mysql = mkMysqlOptions "Richie" {};
1490 smtp_mailer = mkOption {
1491 description = "SMTP mailer configuration";
1492 type = submodule {
1493 options = {
1494 user = mkOption { type = str; description = "Username"; };
1495 password = mkOption { type = str; description = "Password"; };
1496 };
1497 };
1498 };
1499 };
1500 };
1501 };
1502 caldance = mkOption {
1503 description = "Caldance configurations by environment";
1504 type = submodule {
1505 options = {
1506 integration = mkOption {
1507 description = "environment configuration";
1508 type = submodule {
1509 options = {
1510 password = mkOption { type = str; description = "Password file content for basic auth"; };
1511 };
1512 };
1513 };
1514 };
1515 };
1516 };
1517 tellesflorian = mkOption {
1518 description = "Tellesflorian configurations by environment";
1519 type =
1520 let
1521 tfSubmodule = mkOption {
1522 description = "environment configuration";
1523 type = submodule {
1524 options = {
1525 environment = mkOption { type = str; description = "Symfony environment"; };
1526 mysql = mkMysqlOptions "Tellesflorian" {};
1527 secret = mkOption { type = str; description = "Symfony App secret"; };
1528 invite_passwords = mkOption { type = str; description = "Password basic auth"; };
1529 };
1530 };
1531 };
1532 in
1533 submodule {
1534 options = {
1535 integration = tfSubmodule;
1536 };
1537 };
1538 };
1539 };
1540 };
1541 };
1542 };
1543 options.hostEnv = mkOption {
1544 readOnly = true;
1545 type = hostEnv;
1546 default = config.myEnv.servers."${name}";
1547 description = "Host environment";
1548 };
1549 }
My infrastructure configuration