]> git.immae.eu Git - perso/Immae/Config/Nix.git/blame - modules/private/environment.nix
projects / perso / Immae / Config / Nix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add e-mail checks monitoring
[perso/Immae/Config/Nix.git] / modules / private / environment.nix
CommitLineData
619e4f46 1{ config, lib, name, ... }:
ab8f306d
IB		 2with lib;
3with types;
4with lists;
5let
6 ldapOptions = {
7 base = mkOption { description = "Base of the LDAP tree"; type = str; };
8 host = mkOption { description = "Host to access LDAP"; type = str; };
9 root_dn = mkOption { description = "DN of the root user"; type = str; };
10 root_pw = mkOption { description = "Hashed password of the root user"; type = str; };
11 replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; };
12 replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; };
13 };
14 mkLdapOptions = name: more: mkOption {
15 description = "${name} LDAP configuration";
16 type = submodule {
17 options = ldapOptions // {
18 dn = mkOption { description = "DN of the ${name} user"; type = str; };
19 password = mkOption { description = "password of the ${name} user"; type = str; };
20 filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; };
21 } // more;
22 };
23 };
24 mysqlOptions = {
25 host = mkOption { description = "Host to access Mysql"; type = str; };
619e4f46 26 remoteHost = mkOption { description = "Host to access Mysql from outside"; type = str; };
ab8f306d
IB		 27 port = mkOption { description = "Port to access Mysql"; type = str; };
28 socket = mkOption { description = "Socket to access Mysql"; type = path; };
29 systemUsers = mkOption {
30 description = "Attrs of user-passwords allowed to access mysql";
31 type = attrsOf str;
32 };
33 pam = mkOption {
34 description = "PAM configuration for mysql";
35 type = submodule {
36 options = {
37 dn = mkOption { description = "DN to connect as to check users"; type = str; };
38 password = mkOption { description = "DN password to connect as to check users"; type = str; };
39 filter = mkOption { description = "filter to match users"; type = str; };
40 };
41 };
42 };
43 };
87a8bffd 44 mkMysqlOptions = name: more: mkOption {
ab8f306d
IB		 45 description = "${name} mysql configuration";
46 type = submodule {
47 options = mysqlOptions // {
48 database = mkOption { description = "${name} database"; type = str; };
49 user = mkOption { description = "${name} user"; type = str; };
50 password = mkOption { description = "mysql password of the ${name} user"; type = str; };
87a8bffd 51 } // more;
ab8f306d
IB		 52 };
53 };
54 psqlOptions = {
55 host = mkOption { description = "Host to access Postgresql"; type = str; };
56 port = mkOption { description = "Port to access Postgresql"; type = str; };
57 socket = mkOption { description = "Socket to access Postgresql"; type = path; };
58 pam = mkOption {
59 description = "PAM configuration for psql";
60 type = submodule {
61 options = {
62 dn = mkOption { description = "DN to connect as to check users"; type = str; };
63 password = mkOption { description = "DN password to connect as to check users"; type = str; };
64 filter = mkOption { description = "filter to match users"; type = str; };
65 };
66 };
67 };
68 };
69 mkPsqlOptions = name: mkOption {
70 description = "${name} psql configuration";
71 type = submodule {
72 options = psqlOptions // {
73 database = mkOption { description = "${name} database"; type = str; };
74 schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; };
75 user = mkOption { description = "${name} user"; type = str; };
76 password = mkOption { description = "psql password of the ${name} user"; type = str; };
77 };
78 };
79 };
80 redisOptions = {
81 host = mkOption { description = "Host to access Redis"; type = str; };
82 port = mkOption { description = "Port to access Redis"; type = str; };
83 socket = mkOption { description = "Socket to access Redis"; type = path; };
84 dbs = mkOption {
85 description = "Attrs of db number. Each number should be unique to avoid collision!";
86 type = attrsOf str;
87 };
88 spiped_key = mkOption {
89 type = str;
90 description = ''
91 Key to use with spiped to make a secure channel to replication
92 '';
93 };
94 predixy = mkOption {
95 description = "Predixy configuration. Unused yet";
96 type = submodule {
97 options = {
98 read = mkOption { type = str; description = "Read password"; };
99 };
100 };
101 };
102 };
103 mkRedisOptions = name: mkOption {
104 description = "${name} redis configuration";
105 type = submodule {
106 options = redisOptions // {
107 db = mkOption { description = "${name} database"; type = str; };
108 };
109 };
110 };
619e4f46
IB		 111 hostEnv = submodule {
112 options = {
113 fqdn = mkOption {
114 description = "Host FQDN";
115 type = str;
116 };
117 emails = mkOption {
118 default = [];
119 description = "List of e-mails that the server can be a sender of";
120 type = listOf str;
121 };
122 ldap = mkOption {
123 description = ''
124 LDAP credentials for the host
125 '';
126 type = submodule {
127 options = {
128 password = mkOption { type = string; description = "Password for the LDAP connection"; };
129 dn = mkOption { type = string; description = "DN for the LDAP connection"; };
130 };
131 };
132 };
133 mx = mkOption {
134 description = "subdomain and priority for MX server";
135 default = { enable = false; };
136 type = submodule {
137 options = {
138 enable = mkEnableOption "Enable MX";
139 subdomain = mkOption { type = nullOr str; description = "Subdomain name (mx-*)"; };
140 priority = mkOption { type = nullOr str; description = "Priority"; };
141 };
142 };
143 };
144 ips = mkOption {
145 description = ''
146 attrs of ip4/ip6 grouped by section
147 '';
148 type = attrsOf (submodule {
149 options = {
150 ip4 = mkOption {
151 type = string;
152 description = ''
153 ip4 address of the host
154 '';
155 };
156 ip6 = mkOption {
157 type = listOf string;
158 default = [];
159 description = ''
160 ip6 addresses of the host
161 '';
162 };
163 };
164 });
165 };
166 };
167 };
ab8f306d
IB		 168in
169{
170 options.myEnv = {
171 servers = mkOption {
172 description = ''
173 Attrs of servers information in the cluster (not necessarily handled by nixops)
174 '';
175 default = {};
619e4f46 176 type = attrsOf hostEnv;
ab8f306d
IB		 177 };
178 hetznerCloud = mkOption {
179 description = ''
180 Hetzner Cloud credential information
181 '';
182 type = submodule {
183 options = {
184 authToken = mkOption {
185 type = str;
186 description = ''
187 The API auth token.
188 '';
189 };
190 };
191 };
192 };
193 hetzner = mkOption {
194 description = ''
195 Hetzner credential information
196 '';
197 type = submodule {
198 options = {
199 user = mkOption { type = str; description = "User"; };
200 pass = mkOption { type = str; description = "Password"; };
201 };
202 };
203 };
204 sshd = mkOption {
205 description = ''
206 sshd service credential information
207 '';
208 type = submodule {
209 options = {
210 ldap = mkOption {
211 description = ''
212 LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn
213 '';
214 type = submodule {
215 options = {
216 password = mkOption { description = "Password"; type = str; };
217 };
218 };
219 };
220 };
221 };
222 };
223 ports = mkOption {
224 description = ''
225 non-standard reserved ports. Must be unique!
226 '';
227 type = attrsOf port;
228 default = {};
229 apply = let
230 noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x));
231 in
232 x: if isAttrs x && noDupl x then x else throw "Non unique values for ports";
233 };
234 httpd = mkOption {
235 description = ''
236 httpd service credential information
237 '';
238 type = submodule {
239 options = {
240 ldap = mkOption {
241 description = ''
242 LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn
243 '';
244 type = submodule {
245 options = {
246 password = mkOption { description = "Password"; type = str; };
247 };
248 };
249 };
250 };
251 };
252 };
253 ldap = mkOption {
254 description = ''
255 LDAP server configuration
256 '';
257 type = submodule {
258 options = ldapOptions;
259 };
260 };
261 databases = mkOption {
262 description = "Databases configuration";
263 type = submodule {
264 options = {
265 mysql = mkOption {
266 type = submodule { options = mysqlOptions; };
267 description = "Mysql configuration";
268 };
269 redis = mkOption {
270 type = submodule { options = redisOptions; };
271 description = "Redis configuration";
272 };
273 postgresql = mkOption {
274 type = submodule { options = psqlOptions; };
275 description = "Postgresql configuration";
276 };
277 };
278 };
279 };
280 jabber = mkOption {
281 description = "Jabber configuration";
282 type = submodule {
283 options = {
5b53d86f 284 postfix_user_filter = mkOption { type = str; description = "Postfix filter to get xmpp users"; };
ab8f306d
IB		 285 ldap = mkLdapOptions "Jabber" {};
286 postgresql = mkPsqlOptions "Jabber";
287 };
288 };
289 };
290 users = mkOption {
291 description = "System and regular users uid/gid";
292 type = attrsOf (submodule {
293 options = {
294 uid = mkOption {
295 description = "user uid";
296 type = int;
297 };
298 gid = mkOption {
299 description = "user gid";
300 type = int;
301 };
302 };
303 });
304 };
305 dns = mkOption {
306 description = "DNS configuration";
307 type = submodule {
308 options = {
309 soa = mkOption {
310 description = "SOA information";
311 type = submodule {
312 options = {
313 serial = mkOption {
314 description = "Serial number. Should be incremented at each change and unique";
315 type = str;
316 };
317 refresh = mkOption {
318 description = "Refresh time";
319 type = str;
320 };
321 retry = mkOption {
322 description = "Retry time";
323 type = str;
324 };
325 expire = mkOption {
326 description = "Expire time";
327 type = str;
328 };
329 ttl = mkOption {
330 description = "Default TTL time";
331 type = str;
332 };
333 email = mkOption {
334 description = "hostmaster e-mail";
335 type = str;
336 };
337 primary = mkOption {
338 description = "Primary NS";
339 type = str;
340 };
341 };
342 };
343 };
344 ns = mkOption {
345 description = "Attrs of NS servers group";
346 example = {
347 foo = {
348 "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ];
349 "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ];
350 };
351 };
352 type = attrsOf (attrsOf (listOf str));
353 };
354 slaveZones = mkOption {
355 description = "List of slave zones";
356 type = listOf (submodule {
357 options = {
358 name = mkOption { type = str; description = "zone name"; };
359 masters = mkOption {
360 description = "NS master groups of this zone";
361 type = listOf str;
362 };
363 };
364 });
365 };
366 masterZones = mkOption {
367 description = "List of master zones";
368 type = listOf (submodule {
369 options = {
370 name = mkOption { type = str; description = "zone name"; };
371 slaves = mkOption {
372 description = "NS slave groups of this zone";
373 type = listOf str;
374 };
375 ns = mkOption {
376 description = "groups names that should have their NS entries listed here";
377 type = listOf str;
378 };
379 extra = mkOption {
380 description = "Extra zone configuration for bind";
381 example = ''
382 notify yes;
383 '';
384 type = lines;
385 };
386 entries = mkOption { type = lines; description = "Regular entries of the NS zone"; };
387 withEmail = mkOption {
388 description = "List of domains that should have mail entries (MX, dkim, SPF, ...)";
389 default = [];
390 type = listOf (submodule {
391 options = {
392 domain = mkOption { type = str; description = "Which subdomain is concerned"; };
393 send = mkOption { type = bool; description = "Whether there can be e-mails originating from the subdomain"; };
394 receive = mkOption { type = bool; description = "Whether there can be e-mails arriving to the subdomain"; };
395 };
396 });
397 };
398 };
399 });
400 };
401 };
402 };
403 };
404 backup = mkOption {
405 description = ''
406 Remote backup with duplicity
407 '';
408 type = submodule {
409 options = {
410 password = mkOption { type = str; description = "Password for encrypting files"; };
411 remote = mkOption { type = str; description = "Remote url access"; };
412 accessKeyId = mkOption { type = str; description = "Remote access-key"; };
413 secretAccessKey = mkOption { type = str; description = "Remote access secret"; };
414 };
415 };
416 };
417 rsync_backup = mkOption {
418 description =''
419 Rsync backup configuration from controlled host
420 '';
421 type = submodule {
422 options = {
423 mailto = mkOption { type = str; description = "Where to e-mail on error"; };
424 ssh_key = mkOption {
425 description = "SSH key information";
426 type = submodule {
427 options = {
428 public = mkOption { type = str; description = "Public part of the key"; };
429 private = mkOption { type = lines; description = "Private part of the key"; };
430 };
431 };
432 };
433 profiles = mkOption {
434 description = "Attrs of profiles to backup";
435 type = attrsOf (submodule {
436 options = {
437 keep = mkOption { type = int; description = "Number of backups to keep"; };
438 login = mkOption { type = str; description = "Login to connect to host"; };
439 port = mkOption { type = str; default = "22"; description = "Port to connect to host"; };
440 host = mkOption { type = str; description = "Host to connect to"; };
441 host_key = mkOption { type = str; description = "Host key"; };
442 host_key_type = mkOption { type = str; description = "Host key type"; };
443 parts = mkOption {
444 description = "Parts to backup for this host";
445 type = attrsOf (submodule {
446 options = {
447 remote_folder = mkOption { type = path; description = "Remote folder to backup";};
448 exclude_from = mkOption {
449 type = listOf path;
450 default = [];
451 description = "List of folders/files to exclude from the backup";
452 };
453 files_from = mkOption {
454 type = listOf path;
455 default = [];
456 description = "List of folders/files to backup in the base folder";
457 };
458 args = mkOption {
459 type = nullOr str;
460 default = null;
461 description = "Extra arguments to pass to rsync";
462 };
463 };
464 });
465 };
466 };
467 });
468 };
469 };
470 };
471 };
472 monitoring = mkOption {
473 description = "Monitoring configuration";
474 type = submodule {
475 options = {
476 status_url = mkOption { type = str; description = "URL to push status to"; };
477 status_token = mkOption { type = str; description = "Token for the status url"; };
e820134d 478 http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; };
ab8f306d 479 email = mkOption { type = str; description = "Admin E-mail"; };
e820134d
IB		 480 ssh_public_key = mkOption { type = str; description = "SSH public key"; };
481 ssh_secret_key = mkOption { type = str; description = "SSH secret key"; };
482 imap_login = mkOption { type = str; description = "IMAP login"; };
483 imap_password = mkOption { type = str; description = "IMAP password"; };
25844101 484 eriomem_keys = mkOption { type = listOf (listOf str); description = "Eriomem keys"; default = []; };
e820134d
IB		 485 nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; };
486 slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; };
487 slack_channel = mkOption { type = str; description = "Slack channel to push status update"; };
488 contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; };
71a2425e
IB		 489 email_check = mkOption {
490 description = "Emails services to check";
491 type = attrsOf (submodule {
492 options = {
493 local = mkOption { type = bool; default = false; description = "Use local configuration"; };
494 port = mkOption { type = nullOr str; default = null; description = "Port to connect to ssh"; };
495 login = mkOption { type = nullOr str; default = null; description = "Login to connect to ssh"; };
496 targets = mkOption { type = listOf str; description = "Hosts to send E-mails to"; };
497 mail_address = mkOption { type = str; description = "E-mail recipient part to send e-mail to"; };
498 mail_domain = mkOption { type = str; description = "E-mail domain part to send e-mail to"; };
499 };
500 });
501 };
ab8f306d
IB		 502 };
503 };
504 };
505 mpd = mkOption {
506 description = "MPD configuration";
507 type = submodule {
508 options = {
509 folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; };
510 password = mkOption { type = str; description = "Password to connect to the MPD instance"; };
511 host = mkOption { type = str; description = "Host to connect to the MPD instance"; };
512 port = mkOption { type = str; description = "Port to connect to the MPD instance"; };
513 };
514 };
515 };
516 ftp = mkOption {
517 description = "FTP configuration";
518 type = submodule {
519 options = {
520 ldap = mkLdapOptions "FTP" {};
521 };
522 };
523 };
524 mail = mkOption {
525 description = "Mail configuration";
526 type = submodule {
527 options = {
528 dmarc = mkOption {
529 description = "DMARC configuration";
530 type = submodule {
531 options = {
532 ignore_hosts = mkOption {
533 type = lines;
534 description = ''
535 Hosts to ignore when checking for dmarc
536 '';
537 };
538 };
539 };
540 };
541 dkim = mkOption {
542 description = "DKIM configuration";
543 type = attrsOf (submodule {
544 options = {
545 public = mkOption {
546 type = str;
547 example = ''
548 ( "v=DKIM1; k=rsa; "
549 "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB" )
550 '';
551 description = "Public entry to put in DNS TXT field";
552 };
553 private = mkOption { type = str; description = "Private key"; };
554 };
555 });
556 };
557 postfix = mkOption {
558 description = "Postfix configuration";
559 type = submodule {
560 options = {
561 additional_mailbox_domains = mkOption {
562 description = ''
563 List of domains that are used as mailbox final destination, in addition to those defined in the DNS records
564 '';
565 type = listOf str;
566 };
87a8bffd
IB		 567 mysql = mkMysqlOptions "Postfix" {
568 password_encrypt = mkOption { type = str; description = "Key to encrypt relay password in database"; };
569 };
ab8f306d
IB		 570 backup_domains = mkOption {
571 description = ''
572 Domains that are accepted for relay as backup domain
573 '';
574 type = attrsOf (submodule {
575 options = {
576 domains = mkOption { type = listOf str; description = "Domains list"; };
577 relay_restrictions = mkOption {
578 type = lines;
579 description = ''
580 Restrictions for relaying the e-mails from the domains
581 '';
582 };
583 recipient_maps = mkOption {
584 description = ''
585 Recipient map to accept relay for.
586 Must be specified for domain, the rules apply to everyone!
587 '';
588 type = listOf (submodule {
589 options = {
590 type = mkOption {
591 type = enum [ "hash" ];
592 description = "Map type";
593 };
594 content = mkOption {
595 type = str;
596 description = "Map content";
597 };
598 };
599 });
600 };
601 };
602 });
603 };
604 };
605 };
606 };
607 dovecot = mkOption {
608 description = "Dovecot configuration";
609 type = submodule {
610 options = {
611 ldap = mkLdapOptions "Dovecot" {
612 pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; };
613 user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; };
614 iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; };
615 iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; };
616 };
617 };
618 };
619 };
620 rspamd = mkOption {
621 description = "rspamd configuration";
622 type = submodule {
623 options = {
624 redis = mkRedisOptions "Redis";
625 read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; };
626 write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; };
627 read_password = mkOption {
628 type = str;
629 description = "Read password for rspamd. Unused";
630 apply = x: "";
631 };
632 write_password = mkOption {
633 type = str;
634 description = "Write password for rspamd. Unused";
635 apply = x: "";
636 };
637 };
638 };
639 };
640 scripts = mkOption {
641 description = "Mail script recipients";
642 type = attrsOf (submodule {
643 options = {
5b53d86f 644 external = mkEnableOption "Create a script_<name>@mail.immae.eu external address";
ab8f306d
IB		 645 src = mkOption {
646 description = ''
647 git source to fetch the script from.
648 It must have a default.nix file as its root accepting a scriptEnv parameter
649 '';
650 type = submodule {
651 options = {
652 url = mkOption { type = str; description = "git url to fetch"; };
653 rev = mkOption { type = str; description = "git reference to fetch"; };
654 };
655 };
656 };
657 env = mkOption {
658 description = "Variables to pass to the script";
659 type = unspecified;
660 };
661 };
662 });
663 };
664 };
665 };
666 };
667 buildbot = mkOption {
668 description = "Buildbot configuration";
669 type = submodule {
670 options = {
671 user = mkOption {
672 description = "Buildbot user";
673 type = submodule {
674 options = {
675 uid = mkOption {
676 description = "user uid";
677 type = int;
678 };
679 gid = mkOption {
680 description = "user gid";
681 type = int;
682 };
683 };
684 };
685 };
686 ldap = mkOption {
687 description = "Ldap configuration for buildbot";
688 type = submodule {
689 options = {
690 password = mkOption { type = str; description = "Buildbot password"; };
691 };
692 };
693 };
694 projects = mkOption {
695 description = "Projects to make a buildbot for";
696 type = attrsOf (submodule {
697 options = {
698 name = mkOption { type = str; description = "Project name"; };
699 packages = mkOption {
700 type = unspecified;
701 example = literalExample ''
702 pkgs: [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ];
703 '';
704 description = ''
705 Function.
706 Builds packages list to make available to buildbot project.
707 Takes pkgs as argument.
708 '';
709 };
710 pythonPackages = mkOption {
711 type = unspecified;
712 example = literalExample ''
713 p: pkgs: [ pkgs.python3Packages.pip ];
714 '';
715 description = ''
716 Function.
717 Builds python packages list to make available to buildbot project.
718 Takes buildbot python module as first argument and pkgs as second argument in order to augment the python modules list.
719 '';
720 };
721 pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; };
722 secrets = mkOption {
723 type = attrsOf str;
724 description = "Secrets for the project to dump as files";
725 };
726 environment = mkOption {
727 type = attrsOf str;
728 description = ''
729 Environment variables for the project.
730 BUILDBOT_ is prefixed to the variable names
731 '';
732 };
733 activationScript = mkOption {
734 type = lines;
735 description = ''
736 Activation script to run during deployment
737 '';
738 };
739 builderPaths = mkOption {
740 type = attrsOf unspecified;
741 default = {};
742 description = ''
743 Attrs of functions to make accessible specifically per builder.
744 Takes pkgs as argument and should return a single path containing binaries.
745 This path will be accessible as BUILDBOT_PATH_<attrskey>
746 '';
747 };
748 webhookTokens = mkOption {
749 type = nullOr (listOf str);
750 default = null;
751 description = ''
752 List of tokens allowed to push to project’s change_hook/base endpoint
753 '';
754 };
755 };
756 });
757 };
758 };
759 };
760 };
761 tools = mkOption {
762 description = "Tools configurations";
763 type = submodule {
764 options = {
765 davical = mkOption {
766 description = "Davical configuration";
767 type = submodule {
768 options = {
769 postgresql = mkPsqlOptions "Davical";
770 ldap = mkLdapOptions "Davical" {};
771 };
772 };
773 };
774 diaspora = mkOption {
775 description = "Diaspora configuration";
776 type = submodule {
777 options = {
778 postgresql = mkPsqlOptions "Diaspora";
779 redis = mkRedisOptions "Diaspora";
780 ldap = mkLdapOptions "Diaspora" {};
781 secret_token = mkOption { type = str; description = "Secret token"; };
782 };
783 };
784 };
785 etherpad-lite = mkOption {
786 description = "Etherpad configuration";
787 type = submodule {
788 options = {
789 postgresql = mkPsqlOptions "Etherpad";
790 ldap = mkLdapOptions "Etherpad" {
791 group_filter = mkOption { type = str; description = "Filter for groups"; };
792 };
793 session_key = mkOption { type = str; description = "Session key"; };
794 api_key = mkOption { type = str; description = "API key"; };
795 redirects = mkOption { type = str; description = "Redirects for apache"; };
796 };
797 };
798 };
799 gitolite = mkOption {
800 description = "Gitolite configuration";
801 type = submodule {
802 options = {
803 ldap = mkLdapOptions "Gitolite" {};
804 };
805 };
806 };
807 kanboard = mkOption {
808 description = "Kanboard configuration";
809 type = submodule {
810 options = {
811 postgresql = mkPsqlOptions "Kanboard";
812 ldap = mkLdapOptions "Kanboard" {
813 admin_dn = mkOption { type = str; description = "Admin DN"; };
814 };
815 };
816 };
817 };
818 mantisbt = mkOption {
819 description = "Mantisbt configuration";
820 type = submodule {
821 options = {
822 postgresql = mkPsqlOptions "Mantisbt";
823 ldap = mkLdapOptions "Mantisbt" {};
824 master_salt = mkOption { type = str; description = "Master salt for password hash"; };
825 };
826 };
827 };
828 mastodon = mkOption {
829 description = "Mastodon configuration";
830 type = submodule {
831 options = {
832 postgresql = mkPsqlOptions "Mastodon";
833 redis = mkRedisOptions "Mastodon";
834 ldap = mkLdapOptions "Mastodon" {};
835 paperclip_secret = mkOption { type = str; description = "Paperclip secret"; };
836 otp_secret = mkOption { type = str; description = "OTP secret"; };
837 secret_key_base = mkOption { type = str; description = "Secret key base"; };
838 vapid = mkOption {
839 description = "vapid key";
840 type = submodule {
841 options = {
842 private = mkOption { type = str; description = "Private key"; };
843 public = mkOption { type = str; description = "Public key"; };
844 };
845 };
846 };
847 };
848 };
849 };
850 mediagoblin = mkOption {
851 description = "Mediagoblin configuration";
852 type = submodule {
853 options = {
854 postgresql = mkPsqlOptions "Mediagoblin";
855 redis = mkRedisOptions "Mediagoblin";
856 ldap = mkLdapOptions "Mediagoblin" {};
857 };
858 };
859 };
860 nextcloud = mkOption {
861 description = "Nextcloud configuration";
862 type = submodule {
863 options = {
864 postgresql = mkPsqlOptions "Peertube";
865 redis = mkRedisOptions "Peertube";
866 password_salt = mkOption { type = str; description = "Password salt"; };
867 instance_id = mkOption { type = str; description = "Instance ID"; };
868 secret = mkOption { type = str; description = "App secret"; };
869 };
870 };
871 };
872 peertube = mkOption {
873 description = "Peertube configuration";
874 type = submodule {
875 options = {
876 listenPort = mkOption { type = port; description = "Port to listen to"; };
877 postgresql = mkPsqlOptions "Peertube";
878 redis = mkRedisOptions "Peertube";
879 ldap = mkLdapOptions "Peertube" {};
880 };
881 };
882 };
883 phpldapadmin = mkOption {
884 description = "phpLdapAdmin configuration";
885 type = submodule {
886 options = {
887 ldap = mkLdapOptions "phpldapadmin" {};
888 };
889 };
890 };
891 rompr = mkOption {
892 description = "Rompr configuration";
893 type = submodule {
894 options = {
895 mpd = mkOption {
896 description = "MPD configuration";
897 type = submodule {
898 options = {
899 host = mkOption { type = str; description = "Host for MPD"; };
900 port = mkOption { type = port; description = "Port to access MPD host"; };
901 };
902 };
903 };
904 };
905 };
906 };
907 roundcubemail = mkOption {
908 description = "Roundcubemail configuration";
909 type = submodule {
910 options = {
911 postgresql = mkPsqlOptions "TT-RSS";
912 secret = mkOption { type = str; description = "Secret"; };
913 };
914 };
915 };
916 shaarli = mkOption {
917 description = "Shaarli configuration";
918 type = submodule {
919 options = {
920 ldap = mkLdapOptions "Shaarli" {};
921 };
922 };
923 };
924 task = mkOption {
925 description = "Taskwarrior configuration";
926 type = submodule {
927 options = {
928 ldap = mkLdapOptions "Taskwarrior" {};
929 taskwarrior-web = mkOption {
930 description = "taskwarrior-web profiles";
931 type = attrsOf (submodule {
932 options = {
933 uid = mkOption {
934 type = listOf str;
935 description = "List of ldap uids having access to this profile";
936 };
937 org = mkOption { type = str; description = "Taskd organisation"; };
938 key = mkOption { type = str; description = "Taskd key"; };
939 date = mkOption { type = str; description = "Preferred date format"; };
940 };
941 });
942 };
943 };
944 };
945 };
946 ttrss = mkOption {
947 description = "TT-RSS configuration";
948 type = submodule {
949 options = {
950 postgresql = mkPsqlOptions "TT-RSS";
951 ldap = mkLdapOptions "TT-RSS" {};
952 };
953 };
954 };
955 wallabag = mkOption {
956 description = "Wallabag configuration";
957 type = submodule {
958 options = {
959 postgresql = mkPsqlOptions "Wallabag";
960 ldap = mkLdapOptions "Wallabag" {
961 admin_filter = mkOption { type = str; description = "Admin users filter"; };
962 };
963 redis = mkRedisOptions "Wallabag";
964 secret = mkOption { type = str; description = "App secret"; };
965 };
966 };
967 };
968 ympd = mkOption {
969 description = "Ympd configuration";
970 type = submodule {
971 options = {
972 listenPort = mkOption { type = port; description = "Port to listen to"; };
973 mpd = mkOption {
974 description = "MPD configuration";
975 type = submodule {
976 options = {
977 password = mkOption { type = str; description = "Password to access MPD host"; };
978 host = mkOption { type = str; description = "Host for MPD"; };
979 port = mkOption { type = port; description = "Port to access MPD host"; };
980 };
981 };
982 };
983 };
984 };
985 };
986 yourls = mkOption {
987 description = "Yourls configuration";
988 type = submodule {
989 options = {
87a8bffd 990 mysql = mkMysqlOptions "Yourls" {};
ab8f306d
IB		 991 ldap = mkLdapOptions "Yourls" {};
992 cookieKey = mkOption { type = str; description = "Cookie key"; };
993 };
994 };
995 };
996 };
997 };
998 };
999 websites = mkOption {
1000 description = "Websites configurations";
1001 type = submodule {
1002 options = {
829ef7f1
IB		 1003 isabelle = mkOption {
1004 description = "Isabelle configurations by environment";
ab8f306d
IB		 1005 type =
1006 let
1007 atenSubmodule = mkOption {
1008 description = "environment configuration";
1009 type = submodule {
1010 options = {
1011 environment = mkOption { type = str; description = "Symfony environment"; };
1012 secret = mkOption { type = str; description = "Symfony App secret"; };
1013 postgresql = mkPsqlOptions "Aten";
1014 };
1015 };
1016 };
1017 in
1018 submodule {
1019 options = {
829ef7f1
IB		 1020 aten_production = atenSubmodule;
1021 aten_integration = atenSubmodule;
423c3f1c
IB		 1022 iridologie = mkOption {
1023 description = "environment configuration";
1024 type = submodule {
1025 options = {
1026 environment = mkOption { type = str; description = "SPIP environment"; };
1027 mysql = mkMysqlOptions "Iridologie" {};
1028 ldap = mkLdapOptions "Iridologie" {};
1029 };
1030 };
1031 };
ab8f306d
IB		 1032 };
1033 };
1034 };
1035 chloe = mkOption {
1036 description = "Chloe configurations by environment";
1037 type =
1038 let
1039 chloeSubmodule = mkOption {
1040 description = "environment configuration";
1041 type = submodule {
1042 options = {
423c3f1c 1043 environment = mkOption { type = str; description = "SPIP environment"; };
87a8bffd 1044 mysql = mkMysqlOptions "Chloe" {};
ab8f306d
IB		 1045 ldap = mkLdapOptions "Chloe" {};
1046 };
1047 };
1048 };
1049 in
1050 submodule {
1051 options = {
1052 production = chloeSubmodule;
1053 integration = chloeSubmodule;
1054 };
1055 };
1056 };
1057 connexionswing = mkOption {
1058 description = "Connexionswing configurations by environment";
1059 type =
1060 let
1061 csSubmodule = mkOption {
1062 description = "environment configuration";
1063 type = submodule {
1064 options = {
1065 environment = mkOption { type = str; description = "Symfony environment"; };
87a8bffd 1066 mysql = mkMysqlOptions "Connexionswing" {};
ab8f306d
IB		 1067 secret = mkOption { type = str; description = "Symfony App secret"; };
1068 email = mkOption { type = str; description = "Symfony email notification"; };
1069 };
1070 };
1071 };
1072 in
1073 submodule {
1074 options = {
1075 production = csSubmodule;
1076 integration = csSubmodule;
1077 };
1078 };
1079 };
1080 jerome = mkOption {
1081 description = "Naturaloutil configuration";
1082 type = submodule {
1083 options = {
87a8bffd 1084 mysql = mkMysqlOptions "Naturaloutil" {};
ab8f306d
IB		 1085 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1086 };
1087 };
1088 };
1089 telioTortay = mkOption {
1090 description = "Telio Tortay configuration";
1091 type = submodule {
1092 options = {
1093 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1094 };
1095 };
1096 };
1097 ludivinecassal = mkOption {
1098 description = "Ludivinecassal configurations by environment";
1099 type =
1100 let
1101 lcSubmodule = mkOption {
1102 description = "environment configuration";
1103 type = submodule {
1104 options = {
1105 environment = mkOption { type = str; description = "Symfony environment"; };
87a8bffd 1106 mysql = mkMysqlOptions "LudivineCassal" {};
ab8f306d
IB		 1107 ldap = mkLdapOptions "LudivineCassal" {};
1108 secret = mkOption { type = str; description = "Symfony App secret"; };
1109 };
1110 };
1111 };
1112 in
1113 submodule {
1114 options = {
1115 production = lcSubmodule;
1116 integration = lcSubmodule;
1117 };
1118 };
1119 };
1120 emilia = mkOption {
1121 description = "Emilia configuration";
1122 type = submodule {
1123 options = {
1124 postgresql = mkPsqlOptions "Emilia";
1125 };
1126 };
1127 };
1128 florian = mkOption {
1129 description = "Florian configuration";
1130 type = submodule {
1131 options = {
1132 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1133 };
1134 };
1135 };
1136 nassime = mkOption {
1137 description = "Nassime configuration";
1138 type = submodule {
1139 options = {
1140 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1141 };
1142 };
1143 };
1144 piedsjaloux = mkOption {
1145 description = "Piedsjaloux configurations by environment";
1146 type =
1147 let
1148 pjSubmodule = mkOption {
1149 description = "environment configuration";
1150 type = submodule {
1151 options = {
1152 environment = mkOption { type = str; description = "Symfony environment"; };
87a8bffd 1153 mysql = mkMysqlOptions "Piedsjaloux" {};
ab8f306d
IB		 1154 secret = mkOption { type = str; description = "Symfony App secret"; };
1155 };
1156 };
1157 };
1158 in
1159 submodule {
1160 options = {
1161 production = pjSubmodule;
1162 integration = pjSubmodule;
1163 };
1164 };
1165 };
91b75ffe
IB		 1166 richie = mkOption {
1167 description = "Europe Richie configurations by environment";
1168 type = submodule {
1169 options = {
87a8bffd 1170 mysql = mkMysqlOptions "Richie" {};
91b75ffe
IB		 1171 smtp_mailer = mkOption {
1172 description = "SMTP mailer configuration";
1173 type = submodule {
1174 options = {
1175 user = mkOption { type = str; description = "Username"; };
1176 password = mkOption { type = str; description = "Password"; };
1177 };
1178 };
1179 };
1180 };
1181 };
1182 };
ab8f306d
IB		 1183 tellesflorian = mkOption {
1184 description = "Tellesflorian configurations by environment";
1185 type =
1186 let
1187 tfSubmodule = mkOption {
1188 description = "environment configuration";
1189 type = submodule {
1190 options = {
1191 environment = mkOption { type = str; description = "Symfony environment"; };
87a8bffd 1192 mysql = mkMysqlOptions "Tellesflorian" {};
ab8f306d
IB		 1193 secret = mkOption { type = str; description = "Symfony App secret"; };
1194 invite_passwords = mkOption { type = str; description = "Password basic auth"; };
1195 };
1196 };
1197 };
1198 in
1199 submodule {
1200 options = {
1201 integration = tfSubmodule;
1202 };
1203 };
1204 };
1205 };
1206 };
1207 };
1208
1209 privateFiles = mkOption {
1210 type = path;
1211 description = ''
1212 Path to secret files to make available during build
1213 '';
1214 };
1215 };
619e4f46
IB		 1216 options.hostEnv = mkOption {
1217 readOnly = true;
1218 type = hostEnv;
1219 default = config.myEnv.servers."${name}";
1220 description = "Host environment";
ab8f306d
IB		 1221 };
1222}
My infrastructure configuration