+{ lib, ... }:
+with lib;
+with types;
+with lists;
+let
+ ldapOptions = {
+ base = mkOption { description = "Base of the LDAP tree"; type = str; };
+ host = mkOption { description = "Host to access LDAP"; type = str; };
+ root_dn = mkOption { description = "DN of the root user"; type = str; };
+ root_pw = mkOption { description = "Hashed password of the root user"; type = str; };
+ replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; };
+ replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; };
+ };
+ mkLdapOptions = name: more: mkOption {
+ description = "${name} LDAP configuration";
+ type = submodule {
+ options = ldapOptions // {
+ dn = mkOption { description = "DN of the ${name} user"; type = str; };
+ password = mkOption { description = "password of the ${name} user"; type = str; };
+ filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; };
+ } // more;
+ };
+ };
+ mysqlOptions = {
+ host = mkOption { description = "Host to access Mysql"; type = str; };
+ port = mkOption { description = "Port to access Mysql"; type = str; };
+ socket = mkOption { description = "Socket to access Mysql"; type = path; };
+ systemUsers = mkOption {
+ description = "Attrs of user-passwords allowed to access mysql";
+ type = attrsOf str;
+ };
+ pam = mkOption {
+ description = "PAM configuration for mysql";
+ type = submodule {
+ options = {
+ dn = mkOption { description = "DN to connect as to check users"; type = str; };
+ password = mkOption { description = "DN password to connect as to check users"; type = str; };
+ filter = mkOption { description = "filter to match users"; type = str; };
+ };
+ };
+ };
+ };
+ mkMysqlOptions = name: mkOption {
+ description = "${name} mysql configuration";
+ type = submodule {
+ options = mysqlOptions // {
+ database = mkOption { description = "${name} database"; type = str; };
+ user = mkOption { description = "${name} user"; type = str; };
+ password = mkOption { description = "mysql password of the ${name} user"; type = str; };
+ };
+ };
+ };
+ psqlOptions = {
+ host = mkOption { description = "Host to access Postgresql"; type = str; };
+ port = mkOption { description = "Port to access Postgresql"; type = str; };
+ socket = mkOption { description = "Socket to access Postgresql"; type = path; };
+ pam = mkOption {
+ description = "PAM configuration for psql";
+ type = submodule {
+ options = {
+ dn = mkOption { description = "DN to connect as to check users"; type = str; };
+ password = mkOption { description = "DN password to connect as to check users"; type = str; };
+ filter = mkOption { description = "filter to match users"; type = str; };
+ };
+ };
+ };
+ };
+ mkPsqlOptions = name: mkOption {
+ description = "${name} psql configuration";
+ type = submodule {
+ options = psqlOptions // {
+ database = mkOption { description = "${name} database"; type = str; };
+ schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; };
+ user = mkOption { description = "${name} user"; type = str; };
+ password = mkOption { description = "psql password of the ${name} user"; type = str; };
+ };
+ };
+ };
+ redisOptions = {
+ host = mkOption { description = "Host to access Redis"; type = str; };
+ port = mkOption { description = "Port to access Redis"; type = str; };
+ socket = mkOption { description = "Socket to access Redis"; type = path; };
+ dbs = mkOption {
+ description = "Attrs of db number. Each number should be unique to avoid collision!";
+ type = attrsOf str;
+ };
+ spiped_key = mkOption {
+ type = str;
+ description = ''
+ Key to use with spiped to make a secure channel to replication
+ '';
+ };
+ predixy = mkOption {
+ description = "Predixy configuration. Unused yet";
+ type = submodule {
+ options = {
+ read = mkOption { type = str; description = "Read password"; };
+ };
+ };
+ };
+ };
+ mkRedisOptions = name: mkOption {
+ description = "${name} redis configuration";
+ type = submodule {
+ options = redisOptions // {
+ db = mkOption { description = "${name} database"; type = str; };
+ };
+ };
+ };
+in
+{
+ options.myEnv = {
+ servers = mkOption {
+ description = ''
+ Attrs of servers information in the cluster (not necessarily handled by nixops)
+ '';
+ default = {};
+ type = attrsOf (submodule {
+ options = {
+ ldap = mkOption {
+ description = ''
+ LDAP credentials for the host
+ '';
+ type = submodule {
+ options = {
+ password = mkOption { type = string; description = "Password for the LDAP connection"; };
+ dn = mkOption { type = string; description = "DN for the LDAP connection"; };
+ };
+ };
+ };
+ ips = mkOption {
+ description = ''
+ attrs of ip4/ip6 grouped by section
+ '';
+ type = attrsOf (submodule {
+ options = {
+ ip4 = mkOption {
+ type = string;
+ description = ''
+ ip4 address of the host
+ '';
+ };
+ ip6 = mkOption {
+ type = listOf string;
+ default = [];
+ description = ''
+ ip6 addresses of the host
+ '';
+ };
+ };
+ });
+ };
+ };
+ });
+ };
+ hetznerCloud = mkOption {
+ description = ''
+ Hetzner Cloud credential information
+ '';
+ type = submodule {
+ options = {
+ authToken = mkOption {
+ type = str;
+ description = ''
+ The API auth token.
+ '';
+ };
+ };
+ };
+ };
+ hetzner = mkOption {
+ description = ''
+ Hetzner credential information
+ '';
+ type = submodule {
+ options = {
+ user = mkOption { type = str; description = "User"; };
+ pass = mkOption { type = str; description = "Password"; };
+ };
+ };
+ };
+ sshd = mkOption {
+ description = ''
+ sshd service credential information
+ '';
+ type = submodule {
+ options = {
+ ldap = mkOption {
+ description = ''
+ LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn
+ '';
+ type = submodule {
+ options = {
+ password = mkOption { description = "Password"; type = str; };
+ };
+ };
+ };
+ };
+ };
+ };
+ ports = mkOption {
+ description = ''
+ non-standard reserved ports. Must be unique!
+ '';
+ type = attrsOf port;
+ default = {};
+ apply = let
+ noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x));
+ in
+ x: if isAttrs x && noDupl x then x else throw "Non unique values for ports";
+ };
+ httpd = mkOption {
+ description = ''
+ httpd service credential information
+ '';
+ type = submodule {
+ options = {
+ ldap = mkOption {
+ description = ''
+ LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn
+ '';
+ type = submodule {
+ options = {
+ password = mkOption { description = "Password"; type = str; };
+ };
+ };
+ };
+ };
+ };
+ };
+ ldap = mkOption {
+ description = ''
+ LDAP server configuration
+ '';
+ type = submodule {
+ options = ldapOptions;
+ };
+ };
+ databases = mkOption {
+ description = "Databases configuration";
+ type = submodule {
+ options = {
+ mysql = mkOption {
+ type = submodule { options = mysqlOptions; };
+ description = "Mysql configuration";
+ };
+ redis = mkOption {
+ type = submodule { options = redisOptions; };
+ description = "Redis configuration";
+ };
+ postgresql = mkOption {
+ type = submodule { options = psqlOptions; };
+ description = "Postgresql configuration";
+ };
+ };
+ };
+ };
+ jabber = mkOption {
+ description = "Jabber configuration";
+ type = submodule {
+ options = {
+ ldap = mkLdapOptions "Jabber" {};
+ postgresql = mkPsqlOptions "Jabber";
+ };
+ };
+ };
+ users = mkOption {
+ description = "System and regular users uid/gid";
+ type = attrsOf (submodule {
+ options = {
+ uid = mkOption {
+ description = "user uid";
+ type = int;
+ };
+ gid = mkOption {
+ description = "user gid";
+ type = int;
+ };
+ };
+ });
+ };
+ dns = mkOption {
+ description = "DNS configuration";
+ type = submodule {
+ options = {
+ soa = mkOption {
+ description = "SOA information";
+ type = submodule {
+ options = {
+ serial = mkOption {
+ description = "Serial number. Should be incremented at each change and unique";
+ type = str;
+ };
+ refresh = mkOption {
+ description = "Refresh time";
+ type = str;
+ };
+ retry = mkOption {
+ description = "Retry time";
+ type = str;
+ };
+ expire = mkOption {
+ description = "Expire time";
+ type = str;
+ };
+ ttl = mkOption {
+ description = "Default TTL time";
+ type = str;
+ };
+ email = mkOption {
+ description = "hostmaster e-mail";
+ type = str;
+ };
+ primary = mkOption {
+ description = "Primary NS";
+ type = str;
+ };
+ };
+ };
+ };
+ ns = mkOption {
+ description = "Attrs of NS servers group";
+ example = {
+ foo = {
+ "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ];
+ "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ];
+ };
+ };
+ type = attrsOf (attrsOf (listOf str));
+ };
+ slaveZones = mkOption {
+ description = "List of slave zones";
+ type = listOf (submodule {
+ options = {
+ name = mkOption { type = str; description = "zone name"; };
+ masters = mkOption {
+ description = "NS master groups of this zone";
+ type = listOf str;
+ };
+ };
+ });
+ };
+ masterZones = mkOption {
+ description = "List of master zones";
+ type = listOf (submodule {
+ options = {
+ name = mkOption { type = str; description = "zone name"; };
+ slaves = mkOption {
+ description = "NS slave groups of this zone";
+ type = listOf str;
+ };
+ ns = mkOption {
+ description = "groups names that should have their NS entries listed here";
+ type = listOf str;
+ };
+ extra = mkOption {
+ description = "Extra zone configuration for bind";
+ example = ''
+ notify yes;
+ '';
+ type = lines;
+ };
+ entries = mkOption { type = lines; description = "Regular entries of the NS zone"; };
+ withEmail = mkOption {
+ description = "List of domains that should have mail entries (MX, dkim, SPF, ...)";
+ default = [];
+ type = listOf (submodule {
+ options = {
+ domain = mkOption { type = str; description = "Which subdomain is concerned"; };
+ send = mkOption { type = bool; description = "Whether there can be e-mails originating from the subdomain"; };
+ receive = mkOption { type = bool; description = "Whether there can be e-mails arriving to the subdomain"; };
+ };
+ });
+ };
+ };
+ });
+ };
+ };
+ };
+ };
+ backup = mkOption {
+ description = ''
+ Remote backup with duplicity
+ '';
+ type = submodule {
+ options = {
+ password = mkOption { type = str; description = "Password for encrypting files"; };
+ remote = mkOption { type = str; description = "Remote url access"; };
+ accessKeyId = mkOption { type = str; description = "Remote access-key"; };
+ secretAccessKey = mkOption { type = str; description = "Remote access secret"; };
+ };
+ };
+ };
+ rsync_backup = mkOption {
+ description =''
+ Rsync backup configuration from controlled host
+ '';
+ type = submodule {
+ options = {
+ mailto = mkOption { type = str; description = "Where to e-mail on error"; };
+ ssh_key = mkOption {
+ description = "SSH key information";
+ type = submodule {
+ options = {
+ public = mkOption { type = str; description = "Public part of the key"; };
+ private = mkOption { type = lines; description = "Private part of the key"; };
+ };
+ };
+ };
+ profiles = mkOption {
+ description = "Attrs of profiles to backup";
+ type = attrsOf (submodule {
+ options = {
+ keep = mkOption { type = int; description = "Number of backups to keep"; };
+ login = mkOption { type = str; description = "Login to connect to host"; };
+ port = mkOption { type = str; default = "22"; description = "Port to connect to host"; };
+ host = mkOption { type = str; description = "Host to connect to"; };
+ host_key = mkOption { type = str; description = "Host key"; };
+ host_key_type = mkOption { type = str; description = "Host key type"; };
+ parts = mkOption {
+ description = "Parts to backup for this host";
+ type = attrsOf (submodule {
+ options = {
+ remote_folder = mkOption { type = path; description = "Remote folder to backup";};
+ exclude_from = mkOption {
+ type = listOf path;
+ default = [];
+ description = "List of folders/files to exclude from the backup";
+ };
+ files_from = mkOption {
+ type = listOf path;
+ default = [];
+ description = "List of folders/files to backup in the base folder";
+ };
+ args = mkOption {
+ type = nullOr str;
+ default = null;
+ description = "Extra arguments to pass to rsync";
+ };
+ };
+ });
+ };
+ };
+ });
+ };
+ };
+ };
+ };
+ monitoring = mkOption {
+ description = "Monitoring configuration";
+ type = submodule {
+ options = {
+ status_url = mkOption { type = str; description = "URL to push status to"; };
+ status_token = mkOption { type = str; description = "Token for the status url"; };
+ email = mkOption { type = str; description = "Admin E-mail"; };
+ };
+ };
+ };
+ mpd = mkOption {
+ description = "MPD configuration";
+ type = submodule {
+ options = {
+ folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; };
+ password = mkOption { type = str; description = "Password to connect to the MPD instance"; };
+ host = mkOption { type = str; description = "Host to connect to the MPD instance"; };
+ port = mkOption { type = str; description = "Port to connect to the MPD instance"; };
+ };
+ };
+ };
+ ftp = mkOption {
+ description = "FTP configuration";
+ type = submodule {
+ options = {
+ ldap = mkLdapOptions "FTP" {};
+ };
+ };
+ };
+ mail = mkOption {
+ description = "Mail configuration";
+ type = submodule {
+ options = {
+ dmarc = mkOption {
+ description = "DMARC configuration";
+ type = submodule {
+ options = {
+ ignore_hosts = mkOption {
+ type = lines;
+ description = ''
+ Hosts to ignore when checking for dmarc
+ '';
+ };
+ };
+ };
+ };
+ dkim = mkOption {
+ description = "DKIM configuration";
+ type = attrsOf (submodule {
+ options = {
+ public = mkOption {
+ type = str;
+ example = ''
+ ( "v=DKIM1; k=rsa; "
+ "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB" )
+ '';
+ description = "Public entry to put in DNS TXT field";
+ };
+ private = mkOption { type = str; description = "Private key"; };
+ };
+ });
+ };
+ postfix = mkOption {
+ description = "Postfix configuration";
+ type = submodule {
+ options = {
+ additional_mailbox_domains = mkOption {
+ description = ''
+ List of domains that are used as mailbox final destination, in addition to those defined in the DNS records
+ '';
+ type = listOf str;
+ };
+ mysql = mkMysqlOptions "Postfix";
+ backup_domains = mkOption {
+ description = ''
+ Domains that are accepted for relay as backup domain
+ '';
+ type = attrsOf (submodule {
+ options = {
+ domains = mkOption { type = listOf str; description = "Domains list"; };
+ relay_restrictions = mkOption {
+ type = lines;
+ description = ''
+ Restrictions for relaying the e-mails from the domains
+ '';
+ };
+ recipient_maps = mkOption {
+ description = ''
+ Recipient map to accept relay for.
+ Must be specified for domain, the rules apply to everyone!
+ '';
+ type = listOf (submodule {
+ options = {
+ type = mkOption {
+ type = enum [ "hash" ];
+ description = "Map type";
+ };
+ content = mkOption {
+ type = str;
+ description = "Map content";
+ };
+ };
+ });
+ };
+ };
+ });
+ };
+ };
+ };
+ };
+ dovecot = mkOption {
+ description = "Dovecot configuration";
+ type = submodule {
+ options = {
+ ldap = mkLdapOptions "Dovecot" {
+ pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; };
+ user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; };
+ iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; };
+ iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; };
+ };
+ };
+ };
+ };
+ rspamd = mkOption {
+ description = "rspamd configuration";
+ type = submodule {
+ options = {
+ redis = mkRedisOptions "Redis";
+ read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; };
+ write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; };
+ read_password = mkOption {
+ type = str;
+ description = "Read password for rspamd. Unused";
+ apply = x: "";
+ };
+ write_password = mkOption {
+ type = str;
+ description = "Write password for rspamd. Unused";
+ apply = x: "";
+ };
+ };
+ };
+ };
+ scripts = mkOption {
+ description = "Mail script recipients";
+ type = attrsOf (submodule {
+ options = {
+ src = mkOption {
+ description = ''
+ git source to fetch the script from.
+ It must have a default.nix file as its root accepting a scriptEnv parameter
+ '';
+ type = submodule {
+ options = {
+ url = mkOption { type = str; description = "git url to fetch"; };
+ rev = mkOption { type = str; description = "git reference to fetch"; };
+ };
+ };
+ };
+ env = mkOption {
+ description = "Variables to pass to the script";
+ type = unspecified;
+ };
+ };
+ });
+ };
+ };
+ };
+ };
+ buildbot = mkOption {
+ description = "Buildbot configuration";
+ type = submodule {
+ options = {
+ user = mkOption {
+ description = "Buildbot user";
+ type = submodule {
+ options = {
+ uid = mkOption {
+ description = "user uid";
+ type = int;
+ };
+ gid = mkOption {
+ description = "user gid";
+ type = int;
+ };
+ };
+ };
+ };
+ ldap = mkOption {
+ description = "Ldap configuration for buildbot";
+ type = submodule {
+ options = {
+ password = mkOption { type = str; description = "Buildbot password"; };
+ };
+ };
+ };
+ projects = mkOption {
+ description = "Projects to make a buildbot for";
+ type = attrsOf (submodule {
+ options = {
+ name = mkOption { type = str; description = "Project name"; };
+ packages = mkOption {
+ type = unspecified;
+ example = literalExample ''
+ pkgs: [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ];
+ '';
+ description = ''
+ Function.
+ Builds packages list to make available to buildbot project.
+ Takes pkgs as argument.
+ '';
+ };
+ pythonPackages = mkOption {
+ type = unspecified;
+ example = literalExample ''
+ p: pkgs: [ pkgs.python3Packages.pip ];
+ '';
+ description = ''
+ Function.
+ Builds python packages list to make available to buildbot project.
+ Takes buildbot python module as first argument and pkgs as second argument in order to augment the python modules list.
+ '';
+ };
+ pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; };
+ secrets = mkOption {
+ type = attrsOf str;
+ description = "Secrets for the project to dump as files";
+ };
+ environment = mkOption {
+ type = attrsOf str;
+ description = ''
+ Environment variables for the project.
+ BUILDBOT_ is prefixed to the variable names
+ '';
+ };
+ activationScript = mkOption {
+ type = lines;
+ description = ''
+ Activation script to run during deployment
+ '';
+ };
+ builderPaths = mkOption {
+ type = attrsOf unspecified;
+ default = {};
+ description = ''
+ Attrs of functions to make accessible specifically per builder.
+ Takes pkgs as argument and should return a single path containing binaries.
+ This path will be accessible as BUILDBOT_PATH_<attrskey>
+ '';
+ };
+ webhookTokens = mkOption {
+ type = nullOr (listOf str);
+ default = null;
+ description = ''
+ List of tokens allowed to push to project’s change_hook/base endpoint
+ '';
+ };
+ };
+ });
+ };
+ };
+ };
+ };
+ tools = mkOption {
+ description = "Tools configurations";
+ type = submodule {
+ options = {
+ davical = mkOption {
+ description = "Davical configuration";
+ type = submodule {
+ options = {
+ postgresql = mkPsqlOptions "Davical";
+ ldap = mkLdapOptions "Davical" {};
+ };
+ };
+ };
+ diaspora = mkOption {
+ description = "Diaspora configuration";
+ type = submodule {
+ options = {
+ postgresql = mkPsqlOptions "Diaspora";
+ redis = mkRedisOptions "Diaspora";
+ ldap = mkLdapOptions "Diaspora" {};
+ secret_token = mkOption { type = str; description = "Secret token"; };
+ };
+ };
+ };
+ etherpad-lite = mkOption {
+ description = "Etherpad configuration";
+ type = submodule {
+ options = {
+ postgresql = mkPsqlOptions "Etherpad";
+ ldap = mkLdapOptions "Etherpad" {
+ group_filter = mkOption { type = str; description = "Filter for groups"; };
+ };
+ session_key = mkOption { type = str; description = "Session key"; };
+ api_key = mkOption { type = str; description = "API key"; };
+ redirects = mkOption { type = str; description = "Redirects for apache"; };
+ };
+ };
+ };
+ gitolite = mkOption {
+ description = "Gitolite configuration";
+ type = submodule {
+ options = {
+ ldap = mkLdapOptions "Gitolite" {};
+ };
+ };
+ };
+ kanboard = mkOption {
+ description = "Kanboard configuration";
+ type = submodule {
+ options = {
+ postgresql = mkPsqlOptions "Kanboard";
+ ldap = mkLdapOptions "Kanboard" {
+ admin_dn = mkOption { type = str; description = "Admin DN"; };
+ };
+ };
+ };
+ };
+ mantisbt = mkOption {
+ description = "Mantisbt configuration";
+ type = submodule {
+ options = {
+ postgresql = mkPsqlOptions "Mantisbt";
+ ldap = mkLdapOptions "Mantisbt" {};
+ master_salt = mkOption { type = str; description = "Master salt for password hash"; };
+ };
+ };
+ };
+ mastodon = mkOption {
+ description = "Mastodon configuration";
+ type = submodule {
+ options = {
+ postgresql = mkPsqlOptions "Mastodon";
+ redis = mkRedisOptions "Mastodon";
+ ldap = mkLdapOptions "Mastodon" {};
+ paperclip_secret = mkOption { type = str; description = "Paperclip secret"; };
+ otp_secret = mkOption { type = str; description = "OTP secret"; };
+ secret_key_base = mkOption { type = str; description = "Secret key base"; };
+ vapid = mkOption {
+ description = "vapid key";
+ type = submodule {
+ options = {
+ private = mkOption { type = str; description = "Private key"; };
+ public = mkOption { type = str; description = "Public key"; };
+ };
+ };
+ };
+ };
+ };
+ };
+ mediagoblin = mkOption {
+ description = "Mediagoblin configuration";
+ type = submodule {
+ options = {
+ postgresql = mkPsqlOptions "Mediagoblin";
+ redis = mkRedisOptions "Mediagoblin";
+ ldap = mkLdapOptions "Mediagoblin" {};
+ };
+ };
+ };
+ nextcloud = mkOption {
+ description = "Nextcloud configuration";
+ type = submodule {
+ options = {
+ postgresql = mkPsqlOptions "Peertube";
+ redis = mkRedisOptions "Peertube";
+ password_salt = mkOption { type = str; description = "Password salt"; };
+ instance_id = mkOption { type = str; description = "Instance ID"; };
+ secret = mkOption { type = str; description = "App secret"; };
+ };
+ };
+ };
+ peertube = mkOption {
+ description = "Peertube configuration";
+ type = submodule {
+ options = {
+ listenPort = mkOption { type = port; description = "Port to listen to"; };
+ postgresql = mkPsqlOptions "Peertube";
+ redis = mkRedisOptions "Peertube";
+ ldap = mkLdapOptions "Peertube" {};
+ };
+ };
+ };
+ phpldapadmin = mkOption {
+ description = "phpLdapAdmin configuration";
+ type = submodule {
+ options = {
+ ldap = mkLdapOptions "phpldapadmin" {};
+ };
+ };
+ };
+ rompr = mkOption {
+ description = "Rompr configuration";
+ type = submodule {
+ options = {
+ mpd = mkOption {
+ description = "MPD configuration";
+ type = submodule {
+ options = {
+ host = mkOption { type = str; description = "Host for MPD"; };
+ port = mkOption { type = port; description = "Port to access MPD host"; };
+ };
+ };
+ };
+ };
+ };
+ };
+ roundcubemail = mkOption {
+ description = "Roundcubemail configuration";
+ type = submodule {
+ options = {
+ postgresql = mkPsqlOptions "TT-RSS";
+ secret = mkOption { type = str; description = "Secret"; };
+ };
+ };
+ };
+ shaarli = mkOption {
+ description = "Shaarli configuration";
+ type = submodule {
+ options = {
+ ldap = mkLdapOptions "Shaarli" {};
+ };
+ };
+ };
+ task = mkOption {
+ description = "Taskwarrior configuration";
+ type = submodule {
+ options = {
+ ldap = mkLdapOptions "Taskwarrior" {};
+ taskwarrior-web = mkOption {
+ description = "taskwarrior-web profiles";
+ type = attrsOf (submodule {
+ options = {
+ uid = mkOption {
+ type = listOf str;
+ description = "List of ldap uids having access to this profile";
+ };
+ org = mkOption { type = str; description = "Taskd organisation"; };
+ key = mkOption { type = str; description = "Taskd key"; };
+ date = mkOption { type = str; description = "Preferred date format"; };
+ };
+ });
+ };
+ };
+ };
+ };
+ ttrss = mkOption {
+ description = "TT-RSS configuration";
+ type = submodule {
+ options = {
+ postgresql = mkPsqlOptions "TT-RSS";
+ ldap = mkLdapOptions "TT-RSS" {};
+ };
+ };
+ };
+ wallabag = mkOption {
+ description = "Wallabag configuration";
+ type = submodule {
+ options = {
+ postgresql = mkPsqlOptions "Wallabag";
+ ldap = mkLdapOptions "Wallabag" {
+ admin_filter = mkOption { type = str; description = "Admin users filter"; };
+ };
+ redis = mkRedisOptions "Wallabag";
+ secret = mkOption { type = str; description = "App secret"; };
+ };
+ };
+ };
+ ympd = mkOption {
+ description = "Ympd configuration";
+ type = submodule {
+ options = {
+ listenPort = mkOption { type = port; description = "Port to listen to"; };
+ mpd = mkOption {
+ description = "MPD configuration";
+ type = submodule {
+ options = {
+ password = mkOption { type = str; description = "Password to access MPD host"; };
+ host = mkOption { type = str; description = "Host for MPD"; };
+ port = mkOption { type = port; description = "Port to access MPD host"; };
+ };
+ };
+ };
+ };
+ };
+ };
+ yourls = mkOption {
+ description = "Yourls configuration";
+ type = submodule {
+ options = {
+ mysql = mkMysqlOptions "Yourls";
+ ldap = mkLdapOptions "Yourls" {};
+ cookieKey = mkOption { type = str; description = "Cookie key"; };
+ };
+ };
+ };
+ };
+ };
+ };
+ websites = mkOption {
+ description = "Websites configurations";
+ type = submodule {
+ options = {
+ aten = mkOption {
+ description = "Aten configurations by environment";
+ type =
+ let
+ atenSubmodule = mkOption {
+ description = "environment configuration";
+ type = submodule {
+ options = {
+ environment = mkOption { type = str; description = "Symfony environment"; };
+ secret = mkOption { type = str; description = "Symfony App secret"; };
+ postgresql = mkPsqlOptions "Aten";
+ };
+ };
+ };
+ in
+ submodule {
+ options = {
+ production = atenSubmodule;
+ integration = atenSubmodule;
+ };
+ };
+ };
+ chloe = mkOption {
+ description = "Chloe configurations by environment";
+ type =
+ let
+ chloeSubmodule = mkOption {
+ description = "environment configuration";
+ type = submodule {
+ options = {
+ environment = mkOption { type = str; description = "Symfony environment"; };
+ mysql = mkMysqlOptions "Chloe";
+ ldap = mkLdapOptions "Chloe" {};
+ };
+ };
+ };
+ in
+ submodule {
+ options = {
+ production = chloeSubmodule;
+ integration = chloeSubmodule;
+ };
+ };
+ };
+ connexionswing = mkOption {
+ description = "Connexionswing configurations by environment";
+ type =
+ let
+ csSubmodule = mkOption {
+ description = "environment configuration";
+ type = submodule {
+ options = {
+ environment = mkOption { type = str; description = "Symfony environment"; };
+ mysql = mkMysqlOptions "Connexionswing";
+ secret = mkOption { type = str; description = "Symfony App secret"; };
+ email = mkOption { type = str; description = "Symfony email notification"; };
+ };
+ };
+ };
+ in
+ submodule {
+ options = {
+ production = csSubmodule;
+ integration = csSubmodule;
+ };
+ };
+ };
+ jerome = mkOption {
+ description = "Naturaloutil configuration";
+ type = submodule {
+ options = {
+ mysql = mkMysqlOptions "Naturaloutil";
+ server_admin = mkOption { type = str; description = "Server admin e-mail"; };
+ };
+ };
+ };
+ telioTortay = mkOption {
+ description = "Telio Tortay configuration";
+ type = submodule {
+ options = {
+ server_admin = mkOption { type = str; description = "Server admin e-mail"; };
+ };
+ };
+ };
+ ludivinecassal = mkOption {
+ description = "Ludivinecassal configurations by environment";
+ type =
+ let
+ lcSubmodule = mkOption {
+ description = "environment configuration";
+ type = submodule {
+ options = {
+ environment = mkOption { type = str; description = "Symfony environment"; };
+ mysql = mkMysqlOptions "LudivineCassal";
+ ldap = mkLdapOptions "LudivineCassal" {};
+ secret = mkOption { type = str; description = "Symfony App secret"; };
+ };
+ };
+ };
+ in
+ submodule {
+ options = {
+ production = lcSubmodule;
+ integration = lcSubmodule;
+ };
+ };
+ };
+ emilia = mkOption {
+ description = "Emilia configuration";
+ type = submodule {
+ options = {
+ postgresql = mkPsqlOptions "Emilia";
+ };
+ };
+ };
+ florian = mkOption {
+ description = "Florian configuration";
+ type = submodule {
+ options = {
+ server_admin = mkOption { type = str; description = "Server admin e-mail"; };
+ };
+ };
+ };
+ nassime = mkOption {
+ description = "Nassime configuration";
+ type = submodule {
+ options = {
+ server_admin = mkOption { type = str; description = "Server admin e-mail"; };
+ };
+ };
+ };
+ piedsjaloux = mkOption {
+ description = "Piedsjaloux configurations by environment";
+ type =
+ let
+ pjSubmodule = mkOption {
+ description = "environment configuration";
+ type = submodule {
+ options = {
+ environment = mkOption { type = str; description = "Symfony environment"; };
+ mysql = mkMysqlOptions "Piedsjaloux";
+ secret = mkOption { type = str; description = "Symfony App secret"; };
+ };
+ };
+ };
+ in
+ submodule {
+ options = {
+ production = pjSubmodule;
+ integration = pjSubmodule;
+ };
+ };
+ };
+ tellesflorian = mkOption {
+ description = "Tellesflorian configurations by environment";
+ type =
+ let
+ tfSubmodule = mkOption {
+ description = "environment configuration";
+ type = submodule {
+ options = {
+ environment = mkOption { type = str; description = "Symfony environment"; };
+ mysql = mkMysqlOptions "Tellesflorian";
+ secret = mkOption { type = str; description = "Symfony App secret"; };
+ invite_passwords = mkOption { type = str; description = "Password basic auth"; };
+ };
+ };
+ };
+ in
+ submodule {
+ options = {
+ integration = tfSubmodule;
+ };
+ };
+ };
+ };
+ };
+ };
+
+ privateFiles = mkOption {
+ type = path;
+ description = ''
+ Path to secret files to make available during build
+ '';
+ };
+ };
+ options.hostEnv = {
+ FQDN = mkOption {
+ type = string;
+ description = ''
+ FQDN of the current host.
+ '';
+ };
+ };
+}