-{ lib, ... }:
+{ config, lib, name, ... }:
with lib;
with types;
with lists;
};
mysqlOptions = {
host = mkOption { description = "Host to access Mysql"; type = str; };
+ remoteHost = mkOption { description = "Host to access Mysql from outside"; type = str; };
port = mkOption { description = "Port to access Mysql"; type = str; };
socket = mkOption { description = "Socket to access Mysql"; type = path; };
systemUsers = mkOption {
};
};
};
- mkMysqlOptions = name: mkOption {
+ mkMysqlOptions = name: more: mkOption {
description = "${name} mysql configuration";
type = submodule {
options = mysqlOptions // {
database = mkOption { description = "${name} database"; type = str; };
user = mkOption { description = "${name} user"; type = str; };
password = mkOption { description = "mysql password of the ${name} user"; type = str; };
- };
+ } // more;
};
};
psqlOptions = {
};
};
};
+ hostEnv = submodule {
+ options = {
+ fqdn = mkOption {
+ description = "Host FQDN";
+ type = str;
+ };
+ users = mkOption {
+ type = unspecified;
+ default = pkgs: [];
+ description = ''
+ Sublist of users from realUsers. Function that takes pkgs as
+ argument and gives an array as a result
+ '';
+ };
+ emails = mkOption {
+ default = [];
+ description = "List of e-mails that the server can be a sender of";
+ type = listOf str;
+ };
+ ldap = mkOption {
+ description = ''
+ LDAP credentials for the host
+ '';
+ type = submodule {
+ options = {
+ password = mkOption { type = string; description = "Password for the LDAP connection"; };
+ dn = mkOption { type = string; description = "DN for the LDAP connection"; };
+ };
+ };
+ };
+ mx = mkOption {
+ description = "subdomain and priority for MX server";
+ default = { enable = false; };
+ type = submodule {
+ options = {
+ enable = mkEnableOption "Enable MX";
+ subdomain = mkOption { type = nullOr str; description = "Subdomain name (mx-*)"; };
+ priority = mkOption { type = nullOr str; description = "Priority"; };
+ };
+ };
+ };
+ ips = mkOption {
+ description = ''
+ attrs of ip4/ip6 grouped by section
+ '';
+ type = attrsOf (submodule {
+ options = {
+ ip4 = mkOption {
+ type = string;
+ description = ''
+ ip4 address of the host
+ '';
+ };
+ ip6 = mkOption {
+ type = listOf string;
+ default = [];
+ description = ''
+ ip6 addresses of the host
+ '';
+ };
+ };
+ });
+ };
+ };
+ };
in
{
options.myEnv = {
Attrs of servers information in the cluster (not necessarily handled by nixops)
'';
default = {};
- type = attrsOf (submodule {
- options = {
- ldap = mkOption {
- description = ''
- LDAP credentials for the host
- '';
- type = submodule {
- options = {
- password = mkOption { type = string; description = "Password for the LDAP connection"; };
- dn = mkOption { type = string; description = "DN for the LDAP connection"; };
- };
- };
- };
- ips = mkOption {
- description = ''
- attrs of ip4/ip6 grouped by section
- '';
- type = attrsOf (submodule {
- options = {
- ip4 = mkOption {
- type = string;
- description = ''
- ip4 address of the host
- '';
- };
- ip6 = mkOption {
- type = listOf string;
- default = [];
- description = ''
- ip6 addresses of the host
- '';
- };
- };
- });
- };
- };
- });
+ type = attrsOf hostEnv;
};
hetznerCloud = mkOption {
description = ''
description = "Jabber configuration";
type = submodule {
options = {
+ postfix_user_filter = mkOption { type = str; description = "Postfix filter to get xmpp users"; };
ldap = mkLdapOptions "Jabber" {};
postgresql = mkPsqlOptions "Jabber";
};
};
};
+ realUsers = mkOption {
+ description = ''
+ Attrset of function taking pkgs as argument.
+ Real users settings, should provide a subattr of users.users.<name>
+ with at least: name, (hashed)Password, shell
+ '';
+ type = attrsOf unspecified;
+ };
users = mkOption {
description = "System and regular users uid/gid";
type = attrsOf (submodule {
'';
type = submodule {
options = {
- mailto = mkOption { type = str; description = "Where to e-mail on error"; };
ssh_key = mkOption {
description = "SSH key information";
type = submodule {
options = {
status_url = mkOption { type = str; description = "URL to push status to"; };
status_token = mkOption { type = str; description = "Token for the status url"; };
+ http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; };
email = mkOption { type = str; description = "Admin E-mail"; };
+ ssh_public_key = mkOption { type = str; description = "SSH public key"; };
+ ssh_secret_key = mkOption { type = str; description = "SSH secret key"; };
+ imap_login = mkOption { type = str; description = "IMAP login"; };
+ imap_password = mkOption { type = str; description = "IMAP password"; };
+ eriomem_keys = mkOption { type = listOf (listOf str); description = "Eriomem keys"; default = []; };
+ ovh_sms = mkOption {
+ description = "OVH credentials for sms script";
+ type = submodule {
+ options = {
+ endpoint = mkOption { type = str; default = "ovh-eu"; description = "OVH endpoint"; };
+ application_key = mkOption { type = str; description = "Application key"; };
+ application_secret = mkOption { type = str; description = "Application secret"; };
+ consumer_key = mkOption { type = str; description = "Consumer key"; };
+ account = mkOption { type = str; description = "Account"; };
+ };
+ };
+ };
+ nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; };
+ slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; };
+ slack_channel = mkOption { type = str; description = "Slack channel to push status update"; };
+ contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; };
+ email_check = mkOption {
+ description = "Emails services to check";
+ type = attrsOf (submodule {
+ options = {
+ local = mkOption { type = bool; default = false; description = "Use local configuration"; };
+ port = mkOption { type = nullOr str; default = null; description = "Port to connect to ssh"; };
+ login = mkOption { type = nullOr str; default = null; description = "Login to connect to ssh"; };
+ targets = mkOption { type = listOf str; description = "Hosts to send E-mails to"; };
+ mail_address = mkOption { type = nullOr str; default = null; description = "E-mail recipient part to send e-mail to"; };
+ mail_domain = mkOption { type = nullOr str; default = null; description = "E-mail domain part to send e-mail to"; };
+ };
+ });
+ };
};
};
};
};
};
};
+ vpn = mkOption {
+ description = "VPN configuration";
+ type = attrsOf (submodule {
+ options = {
+ prefix = mkOption { type = str; description = "ipv6 prefix for the vpn subnet"; };
+ privateKey = mkOption { type = str; description = "Private key for the host"; };
+ publicKey = mkOption { type = str; description = "Public key for the host"; };
+ };
+ });
+ };
mail = mkOption {
description = "Mail configuration";
type = submodule {
'';
type = listOf str;
};
- mysql = mkMysqlOptions "Postfix";
+ mysql = mkMysqlOptions "Postfix" {
+ password_encrypt = mkOption { type = str; description = "Key to encrypt relay password in database"; };
+ };
backup_domains = mkOption {
description = ''
Domains that are accepted for relay as backup domain
description = "Mail script recipients";
type = attrsOf (submodule {
options = {
+ external = mkEnableOption "Create a script_<name>@mail.immae.eu external address";
src = mkOption {
description = ''
git source to fetch the script from.
description = "Yourls configuration";
type = submodule {
options = {
- mysql = mkMysqlOptions "Yourls";
+ mysql = mkMysqlOptions "Yourls" {};
ldap = mkLdapOptions "Yourls" {};
cookieKey = mkOption { type = str; description = "Cookie key"; };
};
options = {
aten_production = atenSubmodule;
aten_integration = atenSubmodule;
+ iridologie = mkOption {
+ description = "environment configuration";
+ type = submodule {
+ options = {
+ environment = mkOption { type = str; description = "SPIP environment"; };
+ mysql = mkMysqlOptions "Iridologie" {};
+ ldap = mkLdapOptions "Iridologie" {};
+ };
+ };
+ };
};
};
};
description = "environment configuration";
type = submodule {
options = {
- environment = mkOption { type = str; description = "Symfony environment"; };
- mysql = mkMysqlOptions "Chloe";
+ environment = mkOption { type = str; description = "SPIP environment"; };
+ mysql = mkMysqlOptions "Chloe" {};
ldap = mkLdapOptions "Chloe" {};
};
};
type = submodule {
options = {
environment = mkOption { type = str; description = "Symfony environment"; };
- mysql = mkMysqlOptions "Connexionswing";
+ mysql = mkMysqlOptions "Connexionswing" {};
secret = mkOption { type = str; description = "Symfony App secret"; };
email = mkOption { type = str; description = "Symfony email notification"; };
};
description = "Naturaloutil configuration";
type = submodule {
options = {
- mysql = mkMysqlOptions "Naturaloutil";
+ mysql = mkMysqlOptions "Naturaloutil" {};
server_admin = mkOption { type = str; description = "Server admin e-mail"; };
};
};
type = submodule {
options = {
environment = mkOption { type = str; description = "Symfony environment"; };
- mysql = mkMysqlOptions "LudivineCassal";
+ mysql = mkMysqlOptions "LudivineCassal" {};
ldap = mkLdapOptions "LudivineCassal" {};
secret = mkOption { type = str; description = "Symfony App secret"; };
};
type = submodule {
options = {
environment = mkOption { type = str; description = "Symfony environment"; };
- mysql = mkMysqlOptions "Piedsjaloux";
+ mysql = mkMysqlOptions "Piedsjaloux" {};
secret = mkOption { type = str; description = "Symfony App secret"; };
};
};
description = "Europe Richie configurations by environment";
type = submodule {
options = {
- mysql = mkMysqlOptions "Richie";
+ mysql = mkMysqlOptions "Richie" {};
smtp_mailer = mkOption {
description = "SMTP mailer configuration";
type = submodule {
type = submodule {
options = {
environment = mkOption { type = str; description = "Symfony environment"; };
- mysql = mkMysqlOptions "Tellesflorian";
+ mysql = mkMysqlOptions "Tellesflorian" {};
secret = mkOption { type = str; description = "Symfony App secret"; };
invite_passwords = mkOption { type = str; description = "Password basic auth"; };
};
'';
};
};
- options.hostEnv = {
- FQDN = mkOption {
- type = string;
- description = ''
- FQDN of the current host.
- '';
- };
+ options.hostEnv = mkOption {
+ readOnly = true;
+ type = hostEnv;
+ default = config.myEnv.servers."${name}";
+ description = "Host environment";
};
}