]> git.immae.eu Git - perso/Immae/Config/Nix.git/blame - modules/private/environment.nix
projects / perso / Immae / Config / Nix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add backup directory for oldies
[perso/Immae/Config/Nix.git] / modules / private / environment.nix
CommitLineData
ab8f306d
IB		 1{ lib, ... }:
2with lib;
3with types;
4with lists;
5let
6 ldapOptions = {
7 base = mkOption { description = "Base of the LDAP tree"; type = str; };
8 host = mkOption { description = "Host to access LDAP"; type = str; };
9 root_dn = mkOption { description = "DN of the root user"; type = str; };
10 root_pw = mkOption { description = "Hashed password of the root user"; type = str; };
11 replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; };
12 replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; };
13 };
14 mkLdapOptions = name: more: mkOption {
15 description = "${name} LDAP configuration";
16 type = submodule {
17 options = ldapOptions // {
18 dn = mkOption { description = "DN of the ${name} user"; type = str; };
19 password = mkOption { description = "password of the ${name} user"; type = str; };
20 filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; };
21 } // more;
22 };
23 };
24 mysqlOptions = {
25 host = mkOption { description = "Host to access Mysql"; type = str; };
26 port = mkOption { description = "Port to access Mysql"; type = str; };
27 socket = mkOption { description = "Socket to access Mysql"; type = path; };
28 systemUsers = mkOption {
29 description = "Attrs of user-passwords allowed to access mysql";
30 type = attrsOf str;
31 };
32 pam = mkOption {
33 description = "PAM configuration for mysql";
34 type = submodule {
35 options = {
36 dn = mkOption { description = "DN to connect as to check users"; type = str; };
37 password = mkOption { description = "DN password to connect as to check users"; type = str; };
38 filter = mkOption { description = "filter to match users"; type = str; };
39 };
40 };
41 };
42 };
43 mkMysqlOptions = name: mkOption {
44 description = "${name} mysql configuration";
45 type = submodule {
46 options = mysqlOptions // {
47 database = mkOption { description = "${name} database"; type = str; };
48 user = mkOption { description = "${name} user"; type = str; };
49 password = mkOption { description = "mysql password of the ${name} user"; type = str; };
50 };
51 };
52 };
53 psqlOptions = {
54 host = mkOption { description = "Host to access Postgresql"; type = str; };
55 port = mkOption { description = "Port to access Postgresql"; type = str; };
56 socket = mkOption { description = "Socket to access Postgresql"; type = path; };
57 pam = mkOption {
58 description = "PAM configuration for psql";
59 type = submodule {
60 options = {
61 dn = mkOption { description = "DN to connect as to check users"; type = str; };
62 password = mkOption { description = "DN password to connect as to check users"; type = str; };
63 filter = mkOption { description = "filter to match users"; type = str; };
64 };
65 };
66 };
67 };
68 mkPsqlOptions = name: mkOption {
69 description = "${name} psql configuration";
70 type = submodule {
71 options = psqlOptions // {
72 database = mkOption { description = "${name} database"; type = str; };
73 schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; };
74 user = mkOption { description = "${name} user"; type = str; };
75 password = mkOption { description = "psql password of the ${name} user"; type = str; };
76 };
77 };
78 };
79 redisOptions = {
80 host = mkOption { description = "Host to access Redis"; type = str; };
81 port = mkOption { description = "Port to access Redis"; type = str; };
82 socket = mkOption { description = "Socket to access Redis"; type = path; };
83 dbs = mkOption {
84 description = "Attrs of db number. Each number should be unique to avoid collision!";
85 type = attrsOf str;
86 };
87 spiped_key = mkOption {
88 type = str;
89 description = ''
90 Key to use with spiped to make a secure channel to replication
91 '';
92 };
93 predixy = mkOption {
94 description = "Predixy configuration. Unused yet";
95 type = submodule {
96 options = {
97 read = mkOption { type = str; description = "Read password"; };
98 };
99 };
100 };
101 };
102 mkRedisOptions = name: mkOption {
103 description = "${name} redis configuration";
104 type = submodule {
105 options = redisOptions // {
106 db = mkOption { description = "${name} database"; type = str; };
107 };
108 };
109 };
110in
111{
112 options.myEnv = {
113 servers = mkOption {
114 description = ''
115 Attrs of servers information in the cluster (not necessarily handled by nixops)
116 '';
117 default = {};
118 type = attrsOf (submodule {
119 options = {
e820134d
IB		 120 emails = mkOption {
121 default = [];
122 description = "List of e-mails that the server can be a sender of";
123 type = listOf str;
124 };
ab8f306d
IB		 125 ldap = mkOption {
126 description = ''
127 LDAP credentials for the host
128 '';
129 type = submodule {
130 options = {
131 password = mkOption { type = string; description = "Password for the LDAP connection"; };
132 dn = mkOption { type = string; description = "DN for the LDAP connection"; };
133 };
134 };
135 };
136 ips = mkOption {
137 description = ''
138 attrs of ip4/ip6 grouped by section
139 '';
140 type = attrsOf (submodule {
141 options = {
142 ip4 = mkOption {
143 type = string;
144 description = ''
145 ip4 address of the host
146 '';
147 };
148 ip6 = mkOption {
149 type = listOf string;
150 default = [];
151 description = ''
152 ip6 addresses of the host
153 '';
154 };
155 };
156 });
157 };
158 };
159 });
160 };
161 hetznerCloud = mkOption {
162 description = ''
163 Hetzner Cloud credential information
164 '';
165 type = submodule {
166 options = {
167 authToken = mkOption {
168 type = str;
169 description = ''
170 The API auth token.
171 '';
172 };
173 };
174 };
175 };
176 hetzner = mkOption {
177 description = ''
178 Hetzner credential information
179 '';
180 type = submodule {
181 options = {
182 user = mkOption { type = str; description = "User"; };
183 pass = mkOption { type = str; description = "Password"; };
184 };
185 };
186 };
187 sshd = mkOption {
188 description = ''
189 sshd service credential information
190 '';
191 type = submodule {
192 options = {
193 ldap = mkOption {
194 description = ''
195 LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn
196 '';
197 type = submodule {
198 options = {
199 password = mkOption { description = "Password"; type = str; };
200 };
201 };
202 };
203 };
204 };
205 };
206 ports = mkOption {
207 description = ''
208 non-standard reserved ports. Must be unique!
209 '';
210 type = attrsOf port;
211 default = {};
212 apply = let
213 noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x));
214 in
215 x: if isAttrs x && noDupl x then x else throw "Non unique values for ports";
216 };
217 httpd = mkOption {
218 description = ''
219 httpd service credential information
220 '';
221 type = submodule {
222 options = {
223 ldap = mkOption {
224 description = ''
225 LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn
226 '';
227 type = submodule {
228 options = {
229 password = mkOption { description = "Password"; type = str; };
230 };
231 };
232 };
233 };
234 };
235 };
236 ldap = mkOption {
237 description = ''
238 LDAP server configuration
239 '';
240 type = submodule {
241 options = ldapOptions;
242 };
243 };
244 databases = mkOption {
245 description = "Databases configuration";
246 type = submodule {
247 options = {
248 mysql = mkOption {
249 type = submodule { options = mysqlOptions; };
250 description = "Mysql configuration";
251 };
252 redis = mkOption {
253 type = submodule { options = redisOptions; };
254 description = "Redis configuration";
255 };
256 postgresql = mkOption {
257 type = submodule { options = psqlOptions; };
258 description = "Postgresql configuration";
259 };
260 };
261 };
262 };
263 jabber = mkOption {
264 description = "Jabber configuration";
265 type = submodule {
266 options = {
5b53d86f 267 postfix_user_filter = mkOption { type = str; description = "Postfix filter to get xmpp users"; };
ab8f306d
IB		 268 ldap = mkLdapOptions "Jabber" {};
269 postgresql = mkPsqlOptions "Jabber";
270 };
271 };
272 };
273 users = mkOption {
274 description = "System and regular users uid/gid";
275 type = attrsOf (submodule {
276 options = {
277 uid = mkOption {
278 description = "user uid";
279 type = int;
280 };
281 gid = mkOption {
282 description = "user gid";
283 type = int;
284 };
285 };
286 });
287 };
288 dns = mkOption {
289 description = "DNS configuration";
290 type = submodule {
291 options = {
292 soa = mkOption {
293 description = "SOA information";
294 type = submodule {
295 options = {
296 serial = mkOption {
297 description = "Serial number. Should be incremented at each change and unique";
298 type = str;
299 };
300 refresh = mkOption {
301 description = "Refresh time";
302 type = str;
303 };
304 retry = mkOption {
305 description = "Retry time";
306 type = str;
307 };
308 expire = mkOption {
309 description = "Expire time";
310 type = str;
311 };
312 ttl = mkOption {
313 description = "Default TTL time";
314 type = str;
315 };
316 email = mkOption {
317 description = "hostmaster e-mail";
318 type = str;
319 };
320 primary = mkOption {
321 description = "Primary NS";
322 type = str;
323 };
324 };
325 };
326 };
327 ns = mkOption {
328 description = "Attrs of NS servers group";
329 example = {
330 foo = {
331 "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ];
332 "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ];
333 };
334 };
335 type = attrsOf (attrsOf (listOf str));
336 };
337 slaveZones = mkOption {
338 description = "List of slave zones";
339 type = listOf (submodule {
340 options = {
341 name = mkOption { type = str; description = "zone name"; };
342 masters = mkOption {
343 description = "NS master groups of this zone";
344 type = listOf str;
345 };
346 };
347 });
348 };
349 masterZones = mkOption {
350 description = "List of master zones";
351 type = listOf (submodule {
352 options = {
353 name = mkOption { type = str; description = "zone name"; };
354 slaves = mkOption {
355 description = "NS slave groups of this zone";
356 type = listOf str;
357 };
358 ns = mkOption {
359 description = "groups names that should have their NS entries listed here";
360 type = listOf str;
361 };
362 extra = mkOption {
363 description = "Extra zone configuration for bind";
364 example = ''
365 notify yes;
366 '';
367 type = lines;
368 };
369 entries = mkOption { type = lines; description = "Regular entries of the NS zone"; };
370 withEmail = mkOption {
371 description = "List of domains that should have mail entries (MX, dkim, SPF, ...)";
372 default = [];
373 type = listOf (submodule {
374 options = {
375 domain = mkOption { type = str; description = "Which subdomain is concerned"; };
376 send = mkOption { type = bool; description = "Whether there can be e-mails originating from the subdomain"; };
377 receive = mkOption { type = bool; description = "Whether there can be e-mails arriving to the subdomain"; };
378 };
379 });
380 };
381 };
382 });
383 };
384 };
385 };
386 };
387 backup = mkOption {
388 description = ''
389 Remote backup with duplicity
390 '';
391 type = submodule {
392 options = {
393 password = mkOption { type = str; description = "Password for encrypting files"; };
394 remote = mkOption { type = str; description = "Remote url access"; };
395 accessKeyId = mkOption { type = str; description = "Remote access-key"; };
396 secretAccessKey = mkOption { type = str; description = "Remote access secret"; };
397 };
398 };
399 };
400 rsync_backup = mkOption {
401 description =''
402 Rsync backup configuration from controlled host
403 '';
404 type = submodule {
405 options = {
406 mailto = mkOption { type = str; description = "Where to e-mail on error"; };
407 ssh_key = mkOption {
408 description = "SSH key information";
409 type = submodule {
410 options = {
411 public = mkOption { type = str; description = "Public part of the key"; };
412 private = mkOption { type = lines; description = "Private part of the key"; };
413 };
414 };
415 };
416 profiles = mkOption {
417 description = "Attrs of profiles to backup";
418 type = attrsOf (submodule {
419 options = {
420 keep = mkOption { type = int; description = "Number of backups to keep"; };
421 login = mkOption { type = str; description = "Login to connect to host"; };
422 port = mkOption { type = str; default = "22"; description = "Port to connect to host"; };
423 host = mkOption { type = str; description = "Host to connect to"; };
424 host_key = mkOption { type = str; description = "Host key"; };
425 host_key_type = mkOption { type = str; description = "Host key type"; };
426 parts = mkOption {
427 description = "Parts to backup for this host";
428 type = attrsOf (submodule {
429 options = {
430 remote_folder = mkOption { type = path; description = "Remote folder to backup";};
431 exclude_from = mkOption {
432 type = listOf path;
433 default = [];
434 description = "List of folders/files to exclude from the backup";
435 };
436 files_from = mkOption {
437 type = listOf path;
438 default = [];
439 description = "List of folders/files to backup in the base folder";
440 };
441 args = mkOption {
442 type = nullOr str;
443 default = null;
444 description = "Extra arguments to pass to rsync";
445 };
446 };
447 });
448 };
449 };
450 });
451 };
452 };
453 };
454 };
455 monitoring = mkOption {
456 description = "Monitoring configuration";
457 type = submodule {
458 options = {
459 status_url = mkOption { type = str; description = "URL to push status to"; };
460 status_token = mkOption { type = str; description = "Token for the status url"; };
e820134d 461 http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; };
ab8f306d 462 email = mkOption { type = str; description = "Admin E-mail"; };
e820134d
IB		 463 ssh_public_key = mkOption { type = str; description = "SSH public key"; };
464 ssh_secret_key = mkOption { type = str; description = "SSH secret key"; };
465 imap_login = mkOption { type = str; description = "IMAP login"; };
466 imap_password = mkOption { type = str; description = "IMAP password"; };
467 nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; };
468 slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; };
469 slack_channel = mkOption { type = str; description = "Slack channel to push status update"; };
470 contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; };
ab8f306d
IB		 471 };
472 };
473 };
474 mpd = mkOption {
475 description = "MPD configuration";
476 type = submodule {
477 options = {
478 folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; };
479 password = mkOption { type = str; description = "Password to connect to the MPD instance"; };
480 host = mkOption { type = str; description = "Host to connect to the MPD instance"; };
481 port = mkOption { type = str; description = "Port to connect to the MPD instance"; };
482 };
483 };
484 };
485 ftp = mkOption {
486 description = "FTP configuration";
487 type = submodule {
488 options = {
489 ldap = mkLdapOptions "FTP" {};
490 };
491 };
492 };
493 mail = mkOption {
494 description = "Mail configuration";
495 type = submodule {
496 options = {
497 dmarc = mkOption {
498 description = "DMARC configuration";
499 type = submodule {
500 options = {
501 ignore_hosts = mkOption {
502 type = lines;
503 description = ''
504 Hosts to ignore when checking for dmarc
505 '';
506 };
507 };
508 };
509 };
510 dkim = mkOption {
511 description = "DKIM configuration";
512 type = attrsOf (submodule {
513 options = {
514 public = mkOption {
515 type = str;
516 example = ''
517 ( "v=DKIM1; k=rsa; "
518 "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB" )
519 '';
520 description = "Public entry to put in DNS TXT field";
521 };
522 private = mkOption { type = str; description = "Private key"; };
523 };
524 });
525 };
526 postfix = mkOption {
527 description = "Postfix configuration";
528 type = submodule {
529 options = {
530 additional_mailbox_domains = mkOption {
531 description = ''
532 List of domains that are used as mailbox final destination, in addition to those defined in the DNS records
533 '';
534 type = listOf str;
535 };
536 mysql = mkMysqlOptions "Postfix";
537 backup_domains = mkOption {
538 description = ''
539 Domains that are accepted for relay as backup domain
540 '';
541 type = attrsOf (submodule {
542 options = {
543 domains = mkOption { type = listOf str; description = "Domains list"; };
544 relay_restrictions = mkOption {
545 type = lines;
546 description = ''
547 Restrictions for relaying the e-mails from the domains
548 '';
549 };
550 recipient_maps = mkOption {
551 description = ''
552 Recipient map to accept relay for.
553 Must be specified for domain, the rules apply to everyone!
554 '';
555 type = listOf (submodule {
556 options = {
557 type = mkOption {
558 type = enum [ "hash" ];
559 description = "Map type";
560 };
561 content = mkOption {
562 type = str;
563 description = "Map content";
564 };
565 };
566 });
567 };
568 };
569 });
570 };
571 };
572 };
573 };
574 dovecot = mkOption {
575 description = "Dovecot configuration";
576 type = submodule {
577 options = {
578 ldap = mkLdapOptions "Dovecot" {
579 pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; };
580 user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; };
581 iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; };
582 iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; };
583 };
584 };
585 };
586 };
587 rspamd = mkOption {
588 description = "rspamd configuration";
589 type = submodule {
590 options = {
591 redis = mkRedisOptions "Redis";
592 read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; };
593 write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; };
594 read_password = mkOption {
595 type = str;
596 description = "Read password for rspamd. Unused";
597 apply = x: "";
598 };
599 write_password = mkOption {
600 type = str;
601 description = "Write password for rspamd. Unused";
602 apply = x: "";
603 };
604 };
605 };
606 };
607 scripts = mkOption {
608 description = "Mail script recipients";
609 type = attrsOf (submodule {
610 options = {
5b53d86f 611 external = mkEnableOption "Create a script_<name>@mail.immae.eu external address";
ab8f306d
IB		 612 src = mkOption {
613 description = ''
614 git source to fetch the script from.
615 It must have a default.nix file as its root accepting a scriptEnv parameter
616 '';
617 type = submodule {
618 options = {
619 url = mkOption { type = str; description = "git url to fetch"; };
620 rev = mkOption { type = str; description = "git reference to fetch"; };
621 };
622 };
623 };
624 env = mkOption {
625 description = "Variables to pass to the script";
626 type = unspecified;
627 };
628 };
629 });
630 };
631 };
632 };
633 };
634 buildbot = mkOption {
635 description = "Buildbot configuration";
636 type = submodule {
637 options = {
638 user = mkOption {
639 description = "Buildbot user";
640 type = submodule {
641 options = {
642 uid = mkOption {
643 description = "user uid";
644 type = int;
645 };
646 gid = mkOption {
647 description = "user gid";
648 type = int;
649 };
650 };
651 };
652 };
653 ldap = mkOption {
654 description = "Ldap configuration for buildbot";
655 type = submodule {
656 options = {
657 password = mkOption { type = str; description = "Buildbot password"; };
658 };
659 };
660 };
661 projects = mkOption {
662 description = "Projects to make a buildbot for";
663 type = attrsOf (submodule {
664 options = {
665 name = mkOption { type = str; description = "Project name"; };
666 packages = mkOption {
667 type = unspecified;
668 example = literalExample ''
669 pkgs: [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ];
670 '';
671 description = ''
672 Function.
673 Builds packages list to make available to buildbot project.
674 Takes pkgs as argument.
675 '';
676 };
677 pythonPackages = mkOption {
678 type = unspecified;
679 example = literalExample ''
680 p: pkgs: [ pkgs.python3Packages.pip ];
681 '';
682 description = ''
683 Function.
684 Builds python packages list to make available to buildbot project.
685 Takes buildbot python module as first argument and pkgs as second argument in order to augment the python modules list.
686 '';
687 };
688 pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; };
689 secrets = mkOption {
690 type = attrsOf str;
691 description = "Secrets for the project to dump as files";
692 };
693 environment = mkOption {
694 type = attrsOf str;
695 description = ''
696 Environment variables for the project.
697 BUILDBOT_ is prefixed to the variable names
698 '';
699 };
700 activationScript = mkOption {
701 type = lines;
702 description = ''
703 Activation script to run during deployment
704 '';
705 };
706 builderPaths = mkOption {
707 type = attrsOf unspecified;
708 default = {};
709 description = ''
710 Attrs of functions to make accessible specifically per builder.
711 Takes pkgs as argument and should return a single path containing binaries.
712 This path will be accessible as BUILDBOT_PATH_<attrskey>
713 '';
714 };
715 webhookTokens = mkOption {
716 type = nullOr (listOf str);
717 default = null;
718 description = ''
719 List of tokens allowed to push to project’s change_hook/base endpoint
720 '';
721 };
722 };
723 });
724 };
725 };
726 };
727 };
728 tools = mkOption {
729 description = "Tools configurations";
730 type = submodule {
731 options = {
732 davical = mkOption {
733 description = "Davical configuration";
734 type = submodule {
735 options = {
736 postgresql = mkPsqlOptions "Davical";
737 ldap = mkLdapOptions "Davical" {};
738 };
739 };
740 };
741 diaspora = mkOption {
742 description = "Diaspora configuration";
743 type = submodule {
744 options = {
745 postgresql = mkPsqlOptions "Diaspora";
746 redis = mkRedisOptions "Diaspora";
747 ldap = mkLdapOptions "Diaspora" {};
748 secret_token = mkOption { type = str; description = "Secret token"; };
749 };
750 };
751 };
752 etherpad-lite = mkOption {
753 description = "Etherpad configuration";
754 type = submodule {
755 options = {
756 postgresql = mkPsqlOptions "Etherpad";
757 ldap = mkLdapOptions "Etherpad" {
758 group_filter = mkOption { type = str; description = "Filter for groups"; };
759 };
760 session_key = mkOption { type = str; description = "Session key"; };
761 api_key = mkOption { type = str; description = "API key"; };
762 redirects = mkOption { type = str; description = "Redirects for apache"; };
763 };
764 };
765 };
766 gitolite = mkOption {
767 description = "Gitolite configuration";
768 type = submodule {
769 options = {
770 ldap = mkLdapOptions "Gitolite" {};
771 };
772 };
773 };
774 kanboard = mkOption {
775 description = "Kanboard configuration";
776 type = submodule {
777 options = {
778 postgresql = mkPsqlOptions "Kanboard";
779 ldap = mkLdapOptions "Kanboard" {
780 admin_dn = mkOption { type = str; description = "Admin DN"; };
781 };
782 };
783 };
784 };
785 mantisbt = mkOption {
786 description = "Mantisbt configuration";
787 type = submodule {
788 options = {
789 postgresql = mkPsqlOptions "Mantisbt";
790 ldap = mkLdapOptions "Mantisbt" {};
791 master_salt = mkOption { type = str; description = "Master salt for password hash"; };
792 };
793 };
794 };
795 mastodon = mkOption {
796 description = "Mastodon configuration";
797 type = submodule {
798 options = {
799 postgresql = mkPsqlOptions "Mastodon";
800 redis = mkRedisOptions "Mastodon";
801 ldap = mkLdapOptions "Mastodon" {};
802 paperclip_secret = mkOption { type = str; description = "Paperclip secret"; };
803 otp_secret = mkOption { type = str; description = "OTP secret"; };
804 secret_key_base = mkOption { type = str; description = "Secret key base"; };
805 vapid = mkOption {
806 description = "vapid key";
807 type = submodule {
808 options = {
809 private = mkOption { type = str; description = "Private key"; };
810 public = mkOption { type = str; description = "Public key"; };
811 };
812 };
813 };
814 };
815 };
816 };
817 mediagoblin = mkOption {
818 description = "Mediagoblin configuration";
819 type = submodule {
820 options = {
821 postgresql = mkPsqlOptions "Mediagoblin";
822 redis = mkRedisOptions "Mediagoblin";
823 ldap = mkLdapOptions "Mediagoblin" {};
824 };
825 };
826 };
827 nextcloud = mkOption {
828 description = "Nextcloud configuration";
829 type = submodule {
830 options = {
831 postgresql = mkPsqlOptions "Peertube";
832 redis = mkRedisOptions "Peertube";
833 password_salt = mkOption { type = str; description = "Password salt"; };
834 instance_id = mkOption { type = str; description = "Instance ID"; };
835 secret = mkOption { type = str; description = "App secret"; };
836 };
837 };
838 };
839 peertube = mkOption {
840 description = "Peertube configuration";
841 type = submodule {
842 options = {
843 listenPort = mkOption { type = port; description = "Port to listen to"; };
844 postgresql = mkPsqlOptions "Peertube";
845 redis = mkRedisOptions "Peertube";
846 ldap = mkLdapOptions "Peertube" {};
847 };
848 };
849 };
850 phpldapadmin = mkOption {
851 description = "phpLdapAdmin configuration";
852 type = submodule {
853 options = {
854 ldap = mkLdapOptions "phpldapadmin" {};
855 };
856 };
857 };
858 rompr = mkOption {
859 description = "Rompr configuration";
860 type = submodule {
861 options = {
862 mpd = mkOption {
863 description = "MPD configuration";
864 type = submodule {
865 options = {
866 host = mkOption { type = str; description = "Host for MPD"; };
867 port = mkOption { type = port; description = "Port to access MPD host"; };
868 };
869 };
870 };
871 };
872 };
873 };
874 roundcubemail = mkOption {
875 description = "Roundcubemail configuration";
876 type = submodule {
877 options = {
878 postgresql = mkPsqlOptions "TT-RSS";
879 secret = mkOption { type = str; description = "Secret"; };
880 };
881 };
882 };
883 shaarli = mkOption {
884 description = "Shaarli configuration";
885 type = submodule {
886 options = {
887 ldap = mkLdapOptions "Shaarli" {};
888 };
889 };
890 };
891 task = mkOption {
892 description = "Taskwarrior configuration";
893 type = submodule {
894 options = {
895 ldap = mkLdapOptions "Taskwarrior" {};
896 taskwarrior-web = mkOption {
897 description = "taskwarrior-web profiles";
898 type = attrsOf (submodule {
899 options = {
900 uid = mkOption {
901 type = listOf str;
902 description = "List of ldap uids having access to this profile";
903 };
904 org = mkOption { type = str; description = "Taskd organisation"; };
905 key = mkOption { type = str; description = "Taskd key"; };
906 date = mkOption { type = str; description = "Preferred date format"; };
907 };
908 });
909 };
910 };
911 };
912 };
913 ttrss = mkOption {
914 description = "TT-RSS configuration";
915 type = submodule {
916 options = {
917 postgresql = mkPsqlOptions "TT-RSS";
918 ldap = mkLdapOptions "TT-RSS" {};
919 };
920 };
921 };
922 wallabag = mkOption {
923 description = "Wallabag configuration";
924 type = submodule {
925 options = {
926 postgresql = mkPsqlOptions "Wallabag";
927 ldap = mkLdapOptions "Wallabag" {
928 admin_filter = mkOption { type = str; description = "Admin users filter"; };
929 };
930 redis = mkRedisOptions "Wallabag";
931 secret = mkOption { type = str; description = "App secret"; };
932 };
933 };
934 };
935 ympd = mkOption {
936 description = "Ympd configuration";
937 type = submodule {
938 options = {
939 listenPort = mkOption { type = port; description = "Port to listen to"; };
940 mpd = mkOption {
941 description = "MPD configuration";
942 type = submodule {
943 options = {
944 password = mkOption { type = str; description = "Password to access MPD host"; };
945 host = mkOption { type = str; description = "Host for MPD"; };
946 port = mkOption { type = port; description = "Port to access MPD host"; };
947 };
948 };
949 };
950 };
951 };
952 };
953 yourls = mkOption {
954 description = "Yourls configuration";
955 type = submodule {
956 options = {
957 mysql = mkMysqlOptions "Yourls";
958 ldap = mkLdapOptions "Yourls" {};
959 cookieKey = mkOption { type = str; description = "Cookie key"; };
960 };
961 };
962 };
963 };
964 };
965 };
966 websites = mkOption {
967 description = "Websites configurations";
968 type = submodule {
969 options = {
829ef7f1
IB		 970 isabelle = mkOption {
971 description = "Isabelle configurations by environment";
ab8f306d
IB		 972 type =
973 let
974 atenSubmodule = mkOption {
975 description = "environment configuration";
976 type = submodule {
977 options = {
978 environment = mkOption { type = str; description = "Symfony environment"; };
979 secret = mkOption { type = str; description = "Symfony App secret"; };
980 postgresql = mkPsqlOptions "Aten";
981 };
982 };
983 };
984 in
985 submodule {
986 options = {
829ef7f1
IB		 987 aten_production = atenSubmodule;
988 aten_integration = atenSubmodule;
ab8f306d
IB		 989 };
990 };
991 };
992 chloe = mkOption {
993 description = "Chloe configurations by environment";
994 type =
995 let
996 chloeSubmodule = mkOption {
997 description = "environment configuration";
998 type = submodule {
999 options = {
1000 environment = mkOption { type = str; description = "Symfony environment"; };
1001 mysql = mkMysqlOptions "Chloe";
1002 ldap = mkLdapOptions "Chloe" {};
1003 };
1004 };
1005 };
1006 in
1007 submodule {
1008 options = {
1009 production = chloeSubmodule;
1010 integration = chloeSubmodule;
1011 };
1012 };
1013 };
1014 connexionswing = mkOption {
1015 description = "Connexionswing configurations by environment";
1016 type =
1017 let
1018 csSubmodule = mkOption {
1019 description = "environment configuration";
1020 type = submodule {
1021 options = {
1022 environment = mkOption { type = str; description = "Symfony environment"; };
1023 mysql = mkMysqlOptions "Connexionswing";
1024 secret = mkOption { type = str; description = "Symfony App secret"; };
1025 email = mkOption { type = str; description = "Symfony email notification"; };
1026 };
1027 };
1028 };
1029 in
1030 submodule {
1031 options = {
1032 production = csSubmodule;
1033 integration = csSubmodule;
1034 };
1035 };
1036 };
1037 jerome = mkOption {
1038 description = "Naturaloutil configuration";
1039 type = submodule {
1040 options = {
1041 mysql = mkMysqlOptions "Naturaloutil";
1042 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1043 };
1044 };
1045 };
1046 telioTortay = mkOption {
1047 description = "Telio Tortay configuration";
1048 type = submodule {
1049 options = {
1050 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1051 };
1052 };
1053 };
1054 ludivinecassal = mkOption {
1055 description = "Ludivinecassal configurations by environment";
1056 type =
1057 let
1058 lcSubmodule = mkOption {
1059 description = "environment configuration";
1060 type = submodule {
1061 options = {
1062 environment = mkOption { type = str; description = "Symfony environment"; };
1063 mysql = mkMysqlOptions "LudivineCassal";
1064 ldap = mkLdapOptions "LudivineCassal" {};
1065 secret = mkOption { type = str; description = "Symfony App secret"; };
1066 };
1067 };
1068 };
1069 in
1070 submodule {
1071 options = {
1072 production = lcSubmodule;
1073 integration = lcSubmodule;
1074 };
1075 };
1076 };
1077 emilia = mkOption {
1078 description = "Emilia configuration";
1079 type = submodule {
1080 options = {
1081 postgresql = mkPsqlOptions "Emilia";
1082 };
1083 };
1084 };
1085 florian = mkOption {
1086 description = "Florian configuration";
1087 type = submodule {
1088 options = {
1089 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1090 };
1091 };
1092 };
1093 nassime = mkOption {
1094 description = "Nassime configuration";
1095 type = submodule {
1096 options = {
1097 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1098 };
1099 };
1100 };
1101 piedsjaloux = mkOption {
1102 description = "Piedsjaloux configurations by environment";
1103 type =
1104 let
1105 pjSubmodule = mkOption {
1106 description = "environment configuration";
1107 type = submodule {
1108 options = {
1109 environment = mkOption { type = str; description = "Symfony environment"; };
1110 mysql = mkMysqlOptions "Piedsjaloux";
1111 secret = mkOption { type = str; description = "Symfony App secret"; };
1112 };
1113 };
1114 };
1115 in
1116 submodule {
1117 options = {
1118 production = pjSubmodule;
1119 integration = pjSubmodule;
1120 };
1121 };
1122 };
91b75ffe
IB		 1123 richie = mkOption {
1124 description = "Europe Richie configurations by environment";
1125 type = submodule {
1126 options = {
1127 mysql = mkMysqlOptions "Richie";
1128 smtp_mailer = mkOption {
1129 description = "SMTP mailer configuration";
1130 type = submodule {
1131 options = {
1132 user = mkOption { type = str; description = "Username"; };
1133 password = mkOption { type = str; description = "Password"; };
1134 };
1135 };
1136 };
1137 };
1138 };
1139 };
ab8f306d
IB		 1140 tellesflorian = mkOption {
1141 description = "Tellesflorian configurations by environment";
1142 type =
1143 let
1144 tfSubmodule = mkOption {
1145 description = "environment configuration";
1146 type = submodule {
1147 options = {
1148 environment = mkOption { type = str; description = "Symfony environment"; };
1149 mysql = mkMysqlOptions "Tellesflorian";
1150 secret = mkOption { type = str; description = "Symfony App secret"; };
1151 invite_passwords = mkOption { type = str; description = "Password basic auth"; };
1152 };
1153 };
1154 };
1155 in
1156 submodule {
1157 options = {
1158 integration = tfSubmodule;
1159 };
1160 };
1161 };
1162 };
1163 };
1164 };
1165
1166 privateFiles = mkOption {
1167 type = path;
1168 description = ''
1169 Path to secret files to make available during build
1170 '';
1171 };
1172 };
1173 options.hostEnv = {
1174 FQDN = mkOption {
1175 type = string;
1176 description = ''
1177 FQDN of the current host.
1178 '';
1179 };
1180 };
1181}
My infrastructure configuration