]> git.immae.eu Git - perso/Immae/Config/Nix.git/blame - modules/private/environment.nix
projects / perso / Immae / Config / Nix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Upgrade acme bot
[perso/Immae/Config/Nix.git] / modules / private / environment.nix
CommitLineData
619e4f46 1{ config, lib, name, ... }:
ab8f306d
IB		 2with lib;
3with types;
4with lists;
5let
6 ldapOptions = {
7 base = mkOption { description = "Base of the LDAP tree"; type = str; };
8 host = mkOption { description = "Host to access LDAP"; type = str; };
9 root_dn = mkOption { description = "DN of the root user"; type = str; };
10 root_pw = mkOption { description = "Hashed password of the root user"; type = str; };
11 replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; };
12 replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; };
13 };
14 mkLdapOptions = name: more: mkOption {
15 description = "${name} LDAP configuration";
16 type = submodule {
17 options = ldapOptions // {
18 dn = mkOption { description = "DN of the ${name} user"; type = str; };
19 password = mkOption { description = "password of the ${name} user"; type = str; };
20 filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; };
21 } // more;
22 };
23 };
24 mysqlOptions = {
25 host = mkOption { description = "Host to access Mysql"; type = str; };
619e4f46 26 remoteHost = mkOption { description = "Host to access Mysql from outside"; type = str; };
ab8f306d
IB		 27 port = mkOption { description = "Port to access Mysql"; type = str; };
28 socket = mkOption { description = "Socket to access Mysql"; type = path; };
29 systemUsers = mkOption {
30 description = "Attrs of user-passwords allowed to access mysql";
31 type = attrsOf str;
32 };
33 pam = mkOption {
34 description = "PAM configuration for mysql";
35 type = submodule {
36 options = {
37 dn = mkOption { description = "DN to connect as to check users"; type = str; };
38 password = mkOption { description = "DN password to connect as to check users"; type = str; };
39 filter = mkOption { description = "filter to match users"; type = str; };
40 };
41 };
42 };
43 };
87a8bffd 44 mkMysqlOptions = name: more: mkOption {
ab8f306d
IB		 45 description = "${name} mysql configuration";
46 type = submodule {
47 options = mysqlOptions // {
48 database = mkOption { description = "${name} database"; type = str; };
49 user = mkOption { description = "${name} user"; type = str; };
50 password = mkOption { description = "mysql password of the ${name} user"; type = str; };
87a8bffd 51 } // more;
ab8f306d
IB		 52 };
53 };
54 psqlOptions = {
55 host = mkOption { description = "Host to access Postgresql"; type = str; };
56 port = mkOption { description = "Port to access Postgresql"; type = str; };
57 socket = mkOption { description = "Socket to access Postgresql"; type = path; };
58 pam = mkOption {
59 description = "PAM configuration for psql";
60 type = submodule {
61 options = {
62 dn = mkOption { description = "DN to connect as to check users"; type = str; };
63 password = mkOption { description = "DN password to connect as to check users"; type = str; };
64 filter = mkOption { description = "filter to match users"; type = str; };
65 };
66 };
67 };
68 };
69 mkPsqlOptions = name: mkOption {
70 description = "${name} psql configuration";
71 type = submodule {
72 options = psqlOptions // {
73 database = mkOption { description = "${name} database"; type = str; };
74 schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; };
75 user = mkOption { description = "${name} user"; type = str; };
76 password = mkOption { description = "psql password of the ${name} user"; type = str; };
77 };
78 };
79 };
80 redisOptions = {
81 host = mkOption { description = "Host to access Redis"; type = str; };
82 port = mkOption { description = "Port to access Redis"; type = str; };
83 socket = mkOption { description = "Socket to access Redis"; type = path; };
84 dbs = mkOption {
85 description = "Attrs of db number. Each number should be unique to avoid collision!";
86 type = attrsOf str;
87 };
88 spiped_key = mkOption {
89 type = str;
90 description = ''
91 Key to use with spiped to make a secure channel to replication
92 '';
93 };
94 predixy = mkOption {
95 description = "Predixy configuration. Unused yet";
96 type = submodule {
97 options = {
98 read = mkOption { type = str; description = "Read password"; };
99 };
100 };
101 };
102 };
103 mkRedisOptions = name: mkOption {
104 description = "${name} redis configuration";
105 type = submodule {
106 options = redisOptions // {
107 db = mkOption { description = "${name} database"; type = str; };
108 };
109 };
110 };
619e4f46
IB		 111 hostEnv = submodule {
112 options = {
113 fqdn = mkOption {
114 description = "Host FQDN";
115 type = str;
116 };
117 emails = mkOption {
118 default = [];
119 description = "List of e-mails that the server can be a sender of";
120 type = listOf str;
121 };
122 ldap = mkOption {
123 description = ''
124 LDAP credentials for the host
125 '';
126 type = submodule {
127 options = {
128 password = mkOption { type = string; description = "Password for the LDAP connection"; };
129 dn = mkOption { type = string; description = "DN for the LDAP connection"; };
130 };
131 };
132 };
133 mx = mkOption {
134 description = "subdomain and priority for MX server";
135 default = { enable = false; };
136 type = submodule {
137 options = {
138 enable = mkEnableOption "Enable MX";
139 subdomain = mkOption { type = nullOr str; description = "Subdomain name (mx-*)"; };
140 priority = mkOption { type = nullOr str; description = "Priority"; };
141 };
142 };
143 };
144 ips = mkOption {
145 description = ''
146 attrs of ip4/ip6 grouped by section
147 '';
148 type = attrsOf (submodule {
149 options = {
150 ip4 = mkOption {
151 type = string;
152 description = ''
153 ip4 address of the host
154 '';
155 };
156 ip6 = mkOption {
157 type = listOf string;
158 default = [];
159 description = ''
160 ip6 addresses of the host
161 '';
162 };
163 };
164 });
165 };
166 };
167 };
ab8f306d
IB		 168in
169{
170 options.myEnv = {
171 servers = mkOption {
172 description = ''
173 Attrs of servers information in the cluster (not necessarily handled by nixops)
174 '';
175 default = {};
619e4f46 176 type = attrsOf hostEnv;
ab8f306d
IB		 177 };
178 hetznerCloud = mkOption {
179 description = ''
180 Hetzner Cloud credential information
181 '';
182 type = submodule {
183 options = {
184 authToken = mkOption {
185 type = str;
186 description = ''
187 The API auth token.
188 '';
189 };
190 };
191 };
192 };
193 hetzner = mkOption {
194 description = ''
195 Hetzner credential information
196 '';
197 type = submodule {
198 options = {
199 user = mkOption { type = str; description = "User"; };
200 pass = mkOption { type = str; description = "Password"; };
201 };
202 };
203 };
204 sshd = mkOption {
205 description = ''
206 sshd service credential information
207 '';
208 type = submodule {
209 options = {
210 ldap = mkOption {
211 description = ''
212 LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn
213 '';
214 type = submodule {
215 options = {
216 password = mkOption { description = "Password"; type = str; };
217 };
218 };
219 };
220 };
221 };
222 };
223 ports = mkOption {
224 description = ''
225 non-standard reserved ports. Must be unique!
226 '';
227 type = attrsOf port;
228 default = {};
229 apply = let
230 noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x));
231 in
232 x: if isAttrs x && noDupl x then x else throw "Non unique values for ports";
233 };
234 httpd = mkOption {
235 description = ''
236 httpd service credential information
237 '';
238 type = submodule {
239 options = {
240 ldap = mkOption {
241 description = ''
242 LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn
243 '';
244 type = submodule {
245 options = {
246 password = mkOption { description = "Password"; type = str; };
247 };
248 };
249 };
250 };
251 };
252 };
253 ldap = mkOption {
254 description = ''
255 LDAP server configuration
256 '';
257 type = submodule {
258 options = ldapOptions;
259 };
260 };
261 databases = mkOption {
262 description = "Databases configuration";
263 type = submodule {
264 options = {
265 mysql = mkOption {
266 type = submodule { options = mysqlOptions; };
267 description = "Mysql configuration";
268 };
269 redis = mkOption {
270 type = submodule { options = redisOptions; };
271 description = "Redis configuration";
272 };
273 postgresql = mkOption {
274 type = submodule { options = psqlOptions; };
275 description = "Postgresql configuration";
276 };
277 };
278 };
279 };
280 jabber = mkOption {
281 description = "Jabber configuration";
282 type = submodule {
283 options = {
5b53d86f 284 postfix_user_filter = mkOption { type = str; description = "Postfix filter to get xmpp users"; };
ab8f306d
IB		 285 ldap = mkLdapOptions "Jabber" {};
286 postgresql = mkPsqlOptions "Jabber";
287 };
288 };
289 };
290 users = mkOption {
291 description = "System and regular users uid/gid";
292 type = attrsOf (submodule {
293 options = {
294 uid = mkOption {
295 description = "user uid";
296 type = int;
297 };
298 gid = mkOption {
299 description = "user gid";
300 type = int;
301 };
302 };
303 });
304 };
305 dns = mkOption {
306 description = "DNS configuration";
307 type = submodule {
308 options = {
309 soa = mkOption {
310 description = "SOA information";
311 type = submodule {
312 options = {
313 serial = mkOption {
314 description = "Serial number. Should be incremented at each change and unique";
315 type = str;
316 };
317 refresh = mkOption {
318 description = "Refresh time";
319 type = str;
320 };
321 retry = mkOption {
322 description = "Retry time";
323 type = str;
324 };
325 expire = mkOption {
326 description = "Expire time";
327 type = str;
328 };
329 ttl = mkOption {
330 description = "Default TTL time";
331 type = str;
332 };
333 email = mkOption {
334 description = "hostmaster e-mail";
335 type = str;
336 };
337 primary = mkOption {
338 description = "Primary NS";
339 type = str;
340 };
341 };
342 };
343 };
344 ns = mkOption {
345 description = "Attrs of NS servers group";
346 example = {
347 foo = {
348 "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ];
349 "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ];
350 };
351 };
352 type = attrsOf (attrsOf (listOf str));
353 };
354 slaveZones = mkOption {
355 description = "List of slave zones";
356 type = listOf (submodule {
357 options = {
358 name = mkOption { type = str; description = "zone name"; };
359 masters = mkOption {
360 description = "NS master groups of this zone";
361 type = listOf str;
362 };
363 };
364 });
365 };
366 masterZones = mkOption {
367 description = "List of master zones";
368 type = listOf (submodule {
369 options = {
370 name = mkOption { type = str; description = "zone name"; };
371 slaves = mkOption {
372 description = "NS slave groups of this zone";
373 type = listOf str;
374 };
375 ns = mkOption {
376 description = "groups names that should have their NS entries listed here";
377 type = listOf str;
378 };
379 extra = mkOption {
380 description = "Extra zone configuration for bind";
381 example = ''
382 notify yes;
383 '';
384 type = lines;
385 };
386 entries = mkOption { type = lines; description = "Regular entries of the NS zone"; };
387 withEmail = mkOption {
388 description = "List of domains that should have mail entries (MX, dkim, SPF, ...)";
389 default = [];
390 type = listOf (submodule {
391 options = {
392 domain = mkOption { type = str; description = "Which subdomain is concerned"; };
393 send = mkOption { type = bool; description = "Whether there can be e-mails originating from the subdomain"; };
394 receive = mkOption { type = bool; description = "Whether there can be e-mails arriving to the subdomain"; };
395 };
396 });
397 };
398 };
399 });
400 };
401 };
402 };
403 };
404 backup = mkOption {
405 description = ''
406 Remote backup with duplicity
407 '';
408 type = submodule {
409 options = {
410 password = mkOption { type = str; description = "Password for encrypting files"; };
411 remote = mkOption { type = str; description = "Remote url access"; };
412 accessKeyId = mkOption { type = str; description = "Remote access-key"; };
413 secretAccessKey = mkOption { type = str; description = "Remote access secret"; };
414 };
415 };
416 };
417 rsync_backup = mkOption {
418 description =''
419 Rsync backup configuration from controlled host
420 '';
421 type = submodule {
422 options = {
423 mailto = mkOption { type = str; description = "Where to e-mail on error"; };
424 ssh_key = mkOption {
425 description = "SSH key information";
426 type = submodule {
427 options = {
428 public = mkOption { type = str; description = "Public part of the key"; };
429 private = mkOption { type = lines; description = "Private part of the key"; };
430 };
431 };
432 };
433 profiles = mkOption {
434 description = "Attrs of profiles to backup";
435 type = attrsOf (submodule {
436 options = {
437 keep = mkOption { type = int; description = "Number of backups to keep"; };
438 login = mkOption { type = str; description = "Login to connect to host"; };
439 port = mkOption { type = str; default = "22"; description = "Port to connect to host"; };
440 host = mkOption { type = str; description = "Host to connect to"; };
441 host_key = mkOption { type = str; description = "Host key"; };
442 host_key_type = mkOption { type = str; description = "Host key type"; };
443 parts = mkOption {
444 description = "Parts to backup for this host";
445 type = attrsOf (submodule {
446 options = {
447 remote_folder = mkOption { type = path; description = "Remote folder to backup";};
448 exclude_from = mkOption {
449 type = listOf path;
450 default = [];
451 description = "List of folders/files to exclude from the backup";
452 };
453 files_from = mkOption {
454 type = listOf path;
455 default = [];
456 description = "List of folders/files to backup in the base folder";
457 };
458 args = mkOption {
459 type = nullOr str;
460 default = null;
461 description = "Extra arguments to pass to rsync";
462 };
463 };
464 });
465 };
466 };
467 });
468 };
469 };
470 };
471 };
472 monitoring = mkOption {
473 description = "Monitoring configuration";
474 type = submodule {
475 options = {
476 status_url = mkOption { type = str; description = "URL to push status to"; };
477 status_token = mkOption { type = str; description = "Token for the status url"; };
e820134d 478 http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; };
ab8f306d 479 email = mkOption { type = str; description = "Admin E-mail"; };
e820134d
IB		 480 ssh_public_key = mkOption { type = str; description = "SSH public key"; };
481 ssh_secret_key = mkOption { type = str; description = "SSH secret key"; };
482 imap_login = mkOption { type = str; description = "IMAP login"; };
483 imap_password = mkOption { type = str; description = "IMAP password"; };
25844101 484 eriomem_keys = mkOption { type = listOf (listOf str); description = "Eriomem keys"; default = []; };
e820134d
IB		 485 nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; };
486 slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; };
487 slack_channel = mkOption { type = str; description = "Slack channel to push status update"; };
488 contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; };
ab8f306d
IB		 489 };
490 };
491 };
492 mpd = mkOption {
493 description = "MPD configuration";
494 type = submodule {
495 options = {
496 folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; };
497 password = mkOption { type = str; description = "Password to connect to the MPD instance"; };
498 host = mkOption { type = str; description = "Host to connect to the MPD instance"; };
499 port = mkOption { type = str; description = "Port to connect to the MPD instance"; };
500 };
501 };
502 };
503 ftp = mkOption {
504 description = "FTP configuration";
505 type = submodule {
506 options = {
507 ldap = mkLdapOptions "FTP" {};
508 };
509 };
510 };
511 mail = mkOption {
512 description = "Mail configuration";
513 type = submodule {
514 options = {
515 dmarc = mkOption {
516 description = "DMARC configuration";
517 type = submodule {
518 options = {
519 ignore_hosts = mkOption {
520 type = lines;
521 description = ''
522 Hosts to ignore when checking for dmarc
523 '';
524 };
525 };
526 };
527 };
528 dkim = mkOption {
529 description = "DKIM configuration";
530 type = attrsOf (submodule {
531 options = {
532 public = mkOption {
533 type = str;
534 example = ''
535 ( "v=DKIM1; k=rsa; "
536 "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB" )
537 '';
538 description = "Public entry to put in DNS TXT field";
539 };
540 private = mkOption { type = str; description = "Private key"; };
541 };
542 });
543 };
544 postfix = mkOption {
545 description = "Postfix configuration";
546 type = submodule {
547 options = {
548 additional_mailbox_domains = mkOption {
549 description = ''
550 List of domains that are used as mailbox final destination, in addition to those defined in the DNS records
551 '';
552 type = listOf str;
553 };
87a8bffd
IB		 554 mysql = mkMysqlOptions "Postfix" {
555 password_encrypt = mkOption { type = str; description = "Key to encrypt relay password in database"; };
556 };
ab8f306d
IB		 557 backup_domains = mkOption {
558 description = ''
559 Domains that are accepted for relay as backup domain
560 '';
561 type = attrsOf (submodule {
562 options = {
563 domains = mkOption { type = listOf str; description = "Domains list"; };
564 relay_restrictions = mkOption {
565 type = lines;
566 description = ''
567 Restrictions for relaying the e-mails from the domains
568 '';
569 };
570 recipient_maps = mkOption {
571 description = ''
572 Recipient map to accept relay for.
573 Must be specified for domain, the rules apply to everyone!
574 '';
575 type = listOf (submodule {
576 options = {
577 type = mkOption {
578 type = enum [ "hash" ];
579 description = "Map type";
580 };
581 content = mkOption {
582 type = str;
583 description = "Map content";
584 };
585 };
586 });
587 };
588 };
589 });
590 };
591 };
592 };
593 };
594 dovecot = mkOption {
595 description = "Dovecot configuration";
596 type = submodule {
597 options = {
598 ldap = mkLdapOptions "Dovecot" {
599 pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; };
600 user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; };
601 iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; };
602 iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; };
603 };
604 };
605 };
606 };
607 rspamd = mkOption {
608 description = "rspamd configuration";
609 type = submodule {
610 options = {
611 redis = mkRedisOptions "Redis";
612 read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; };
613 write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; };
614 read_password = mkOption {
615 type = str;
616 description = "Read password for rspamd. Unused";
617 apply = x: "";
618 };
619 write_password = mkOption {
620 type = str;
621 description = "Write password for rspamd. Unused";
622 apply = x: "";
623 };
624 };
625 };
626 };
627 scripts = mkOption {
628 description = "Mail script recipients";
629 type = attrsOf (submodule {
630 options = {
5b53d86f 631 external = mkEnableOption "Create a script_<name>@mail.immae.eu external address";
ab8f306d
IB		 632 src = mkOption {
633 description = ''
634 git source to fetch the script from.
635 It must have a default.nix file as its root accepting a scriptEnv parameter
636 '';
637 type = submodule {
638 options = {
639 url = mkOption { type = str; description = "git url to fetch"; };
640 rev = mkOption { type = str; description = "git reference to fetch"; };
641 };
642 };
643 };
644 env = mkOption {
645 description = "Variables to pass to the script";
646 type = unspecified;
647 };
648 };
649 });
650 };
651 };
652 };
653 };
654 buildbot = mkOption {
655 description = "Buildbot configuration";
656 type = submodule {
657 options = {
658 user = mkOption {
659 description = "Buildbot user";
660 type = submodule {
661 options = {
662 uid = mkOption {
663 description = "user uid";
664 type = int;
665 };
666 gid = mkOption {
667 description = "user gid";
668 type = int;
669 };
670 };
671 };
672 };
673 ldap = mkOption {
674 description = "Ldap configuration for buildbot";
675 type = submodule {
676 options = {
677 password = mkOption { type = str; description = "Buildbot password"; };
678 };
679 };
680 };
681 projects = mkOption {
682 description = "Projects to make a buildbot for";
683 type = attrsOf (submodule {
684 options = {
685 name = mkOption { type = str; description = "Project name"; };
686 packages = mkOption {
687 type = unspecified;
688 example = literalExample ''
689 pkgs: [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ];
690 '';
691 description = ''
692 Function.
693 Builds packages list to make available to buildbot project.
694 Takes pkgs as argument.
695 '';
696 };
697 pythonPackages = mkOption {
698 type = unspecified;
699 example = literalExample ''
700 p: pkgs: [ pkgs.python3Packages.pip ];
701 '';
702 description = ''
703 Function.
704 Builds python packages list to make available to buildbot project.
705 Takes buildbot python module as first argument and pkgs as second argument in order to augment the python modules list.
706 '';
707 };
708 pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; };
709 secrets = mkOption {
710 type = attrsOf str;
711 description = "Secrets for the project to dump as files";
712 };
713 environment = mkOption {
714 type = attrsOf str;
715 description = ''
716 Environment variables for the project.
717 BUILDBOT_ is prefixed to the variable names
718 '';
719 };
720 activationScript = mkOption {
721 type = lines;
722 description = ''
723 Activation script to run during deployment
724 '';
725 };
726 builderPaths = mkOption {
727 type = attrsOf unspecified;
728 default = {};
729 description = ''
730 Attrs of functions to make accessible specifically per builder.
731 Takes pkgs as argument and should return a single path containing binaries.
732 This path will be accessible as BUILDBOT_PATH_<attrskey>
733 '';
734 };
735 webhookTokens = mkOption {
736 type = nullOr (listOf str);
737 default = null;
738 description = ''
739 List of tokens allowed to push to project’s change_hook/base endpoint
740 '';
741 };
742 };
743 });
744 };
745 };
746 };
747 };
748 tools = mkOption {
749 description = "Tools configurations";
750 type = submodule {
751 options = {
752 davical = mkOption {
753 description = "Davical configuration";
754 type = submodule {
755 options = {
756 postgresql = mkPsqlOptions "Davical";
757 ldap = mkLdapOptions "Davical" {};
758 };
759 };
760 };
761 diaspora = mkOption {
762 description = "Diaspora configuration";
763 type = submodule {
764 options = {
765 postgresql = mkPsqlOptions "Diaspora";
766 redis = mkRedisOptions "Diaspora";
767 ldap = mkLdapOptions "Diaspora" {};
768 secret_token = mkOption { type = str; description = "Secret token"; };
769 };
770 };
771 };
772 etherpad-lite = mkOption {
773 description = "Etherpad configuration";
774 type = submodule {
775 options = {
776 postgresql = mkPsqlOptions "Etherpad";
777 ldap = mkLdapOptions "Etherpad" {
778 group_filter = mkOption { type = str; description = "Filter for groups"; };
779 };
780 session_key = mkOption { type = str; description = "Session key"; };
781 api_key = mkOption { type = str; description = "API key"; };
782 redirects = mkOption { type = str; description = "Redirects for apache"; };
783 };
784 };
785 };
786 gitolite = mkOption {
787 description = "Gitolite configuration";
788 type = submodule {
789 options = {
790 ldap = mkLdapOptions "Gitolite" {};
791 };
792 };
793 };
794 kanboard = mkOption {
795 description = "Kanboard configuration";
796 type = submodule {
797 options = {
798 postgresql = mkPsqlOptions "Kanboard";
799 ldap = mkLdapOptions "Kanboard" {
800 admin_dn = mkOption { type = str; description = "Admin DN"; };
801 };
802 };
803 };
804 };
805 mantisbt = mkOption {
806 description = "Mantisbt configuration";
807 type = submodule {
808 options = {
809 postgresql = mkPsqlOptions "Mantisbt";
810 ldap = mkLdapOptions "Mantisbt" {};
811 master_salt = mkOption { type = str; description = "Master salt for password hash"; };
812 };
813 };
814 };
815 mastodon = mkOption {
816 description = "Mastodon configuration";
817 type = submodule {
818 options = {
819 postgresql = mkPsqlOptions "Mastodon";
820 redis = mkRedisOptions "Mastodon";
821 ldap = mkLdapOptions "Mastodon" {};
822 paperclip_secret = mkOption { type = str; description = "Paperclip secret"; };
823 otp_secret = mkOption { type = str; description = "OTP secret"; };
824 secret_key_base = mkOption { type = str; description = "Secret key base"; };
825 vapid = mkOption {
826 description = "vapid key";
827 type = submodule {
828 options = {
829 private = mkOption { type = str; description = "Private key"; };
830 public = mkOption { type = str; description = "Public key"; };
831 };
832 };
833 };
834 };
835 };
836 };
837 mediagoblin = mkOption {
838 description = "Mediagoblin configuration";
839 type = submodule {
840 options = {
841 postgresql = mkPsqlOptions "Mediagoblin";
842 redis = mkRedisOptions "Mediagoblin";
843 ldap = mkLdapOptions "Mediagoblin" {};
844 };
845 };
846 };
847 nextcloud = mkOption {
848 description = "Nextcloud configuration";
849 type = submodule {
850 options = {
851 postgresql = mkPsqlOptions "Peertube";
852 redis = mkRedisOptions "Peertube";
853 password_salt = mkOption { type = str; description = "Password salt"; };
854 instance_id = mkOption { type = str; description = "Instance ID"; };
855 secret = mkOption { type = str; description = "App secret"; };
856 };
857 };
858 };
859 peertube = mkOption {
860 description = "Peertube configuration";
861 type = submodule {
862 options = {
863 listenPort = mkOption { type = port; description = "Port to listen to"; };
864 postgresql = mkPsqlOptions "Peertube";
865 redis = mkRedisOptions "Peertube";
866 ldap = mkLdapOptions "Peertube" {};
867 };
868 };
869 };
870 phpldapadmin = mkOption {
871 description = "phpLdapAdmin configuration";
872 type = submodule {
873 options = {
874 ldap = mkLdapOptions "phpldapadmin" {};
875 };
876 };
877 };
878 rompr = mkOption {
879 description = "Rompr configuration";
880 type = submodule {
881 options = {
882 mpd = mkOption {
883 description = "MPD configuration";
884 type = submodule {
885 options = {
886 host = mkOption { type = str; description = "Host for MPD"; };
887 port = mkOption { type = port; description = "Port to access MPD host"; };
888 };
889 };
890 };
891 };
892 };
893 };
894 roundcubemail = mkOption {
895 description = "Roundcubemail configuration";
896 type = submodule {
897 options = {
898 postgresql = mkPsqlOptions "TT-RSS";
899 secret = mkOption { type = str; description = "Secret"; };
900 };
901 };
902 };
903 shaarli = mkOption {
904 description = "Shaarli configuration";
905 type = submodule {
906 options = {
907 ldap = mkLdapOptions "Shaarli" {};
908 };
909 };
910 };
911 task = mkOption {
912 description = "Taskwarrior configuration";
913 type = submodule {
914 options = {
915 ldap = mkLdapOptions "Taskwarrior" {};
916 taskwarrior-web = mkOption {
917 description = "taskwarrior-web profiles";
918 type = attrsOf (submodule {
919 options = {
920 uid = mkOption {
921 type = listOf str;
922 description = "List of ldap uids having access to this profile";
923 };
924 org = mkOption { type = str; description = "Taskd organisation"; };
925 key = mkOption { type = str; description = "Taskd key"; };
926 date = mkOption { type = str; description = "Preferred date format"; };
927 };
928 });
929 };
930 };
931 };
932 };
933 ttrss = mkOption {
934 description = "TT-RSS configuration";
935 type = submodule {
936 options = {
937 postgresql = mkPsqlOptions "TT-RSS";
938 ldap = mkLdapOptions "TT-RSS" {};
939 };
940 };
941 };
942 wallabag = mkOption {
943 description = "Wallabag configuration";
944 type = submodule {
945 options = {
946 postgresql = mkPsqlOptions "Wallabag";
947 ldap = mkLdapOptions "Wallabag" {
948 admin_filter = mkOption { type = str; description = "Admin users filter"; };
949 };
950 redis = mkRedisOptions "Wallabag";
951 secret = mkOption { type = str; description = "App secret"; };
952 };
953 };
954 };
955 ympd = mkOption {
956 description = "Ympd configuration";
957 type = submodule {
958 options = {
959 listenPort = mkOption { type = port; description = "Port to listen to"; };
960 mpd = mkOption {
961 description = "MPD configuration";
962 type = submodule {
963 options = {
964 password = mkOption { type = str; description = "Password to access MPD host"; };
965 host = mkOption { type = str; description = "Host for MPD"; };
966 port = mkOption { type = port; description = "Port to access MPD host"; };
967 };
968 };
969 };
970 };
971 };
972 };
973 yourls = mkOption {
974 description = "Yourls configuration";
975 type = submodule {
976 options = {
87a8bffd 977 mysql = mkMysqlOptions "Yourls" {};
ab8f306d
IB		 978 ldap = mkLdapOptions "Yourls" {};
979 cookieKey = mkOption { type = str; description = "Cookie key"; };
980 };
981 };
982 };
983 };
984 };
985 };
986 websites = mkOption {
987 description = "Websites configurations";
988 type = submodule {
989 options = {
829ef7f1
IB		 990 isabelle = mkOption {
991 description = "Isabelle configurations by environment";
ab8f306d
IB		 992 type =
993 let
994 atenSubmodule = mkOption {
995 description = "environment configuration";
996 type = submodule {
997 options = {
998 environment = mkOption { type = str; description = "Symfony environment"; };
999 secret = mkOption { type = str; description = "Symfony App secret"; };
1000 postgresql = mkPsqlOptions "Aten";
1001 };
1002 };
1003 };
1004 in
1005 submodule {
1006 options = {
829ef7f1
IB		 1007 aten_production = atenSubmodule;
1008 aten_integration = atenSubmodule;
423c3f1c
IB		 1009 iridologie = mkOption {
1010 description = "environment configuration";
1011 type = submodule {
1012 options = {
1013 environment = mkOption { type = str; description = "SPIP environment"; };
1014 mysql = mkMysqlOptions "Iridologie" {};
1015 ldap = mkLdapOptions "Iridologie" {};
1016 };
1017 };
1018 };
ab8f306d
IB		 1019 };
1020 };
1021 };
1022 chloe = mkOption {
1023 description = "Chloe configurations by environment";
1024 type =
1025 let
1026 chloeSubmodule = mkOption {
1027 description = "environment configuration";
1028 type = submodule {
1029 options = {
423c3f1c 1030 environment = mkOption { type = str; description = "SPIP environment"; };
87a8bffd 1031 mysql = mkMysqlOptions "Chloe" {};
ab8f306d
IB		 1032 ldap = mkLdapOptions "Chloe" {};
1033 };
1034 };
1035 };
1036 in
1037 submodule {
1038 options = {
1039 production = chloeSubmodule;
1040 integration = chloeSubmodule;
1041 };
1042 };
1043 };
1044 connexionswing = mkOption {
1045 description = "Connexionswing configurations by environment";
1046 type =
1047 let
1048 csSubmodule = mkOption {
1049 description = "environment configuration";
1050 type = submodule {
1051 options = {
1052 environment = mkOption { type = str; description = "Symfony environment"; };
87a8bffd 1053 mysql = mkMysqlOptions "Connexionswing" {};
ab8f306d
IB		 1054 secret = mkOption { type = str; description = "Symfony App secret"; };
1055 email = mkOption { type = str; description = "Symfony email notification"; };
1056 };
1057 };
1058 };
1059 in
1060 submodule {
1061 options = {
1062 production = csSubmodule;
1063 integration = csSubmodule;
1064 };
1065 };
1066 };
1067 jerome = mkOption {
1068 description = "Naturaloutil configuration";
1069 type = submodule {
1070 options = {
87a8bffd 1071 mysql = mkMysqlOptions "Naturaloutil" {};
ab8f306d
IB		 1072 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1073 };
1074 };
1075 };
1076 telioTortay = mkOption {
1077 description = "Telio Tortay configuration";
1078 type = submodule {
1079 options = {
1080 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1081 };
1082 };
1083 };
1084 ludivinecassal = mkOption {
1085 description = "Ludivinecassal configurations by environment";
1086 type =
1087 let
1088 lcSubmodule = mkOption {
1089 description = "environment configuration";
1090 type = submodule {
1091 options = {
1092 environment = mkOption { type = str; description = "Symfony environment"; };
87a8bffd 1093 mysql = mkMysqlOptions "LudivineCassal" {};
ab8f306d
IB		 1094 ldap = mkLdapOptions "LudivineCassal" {};
1095 secret = mkOption { type = str; description = "Symfony App secret"; };
1096 };
1097 };
1098 };
1099 in
1100 submodule {
1101 options = {
1102 production = lcSubmodule;
1103 integration = lcSubmodule;
1104 };
1105 };
1106 };
1107 emilia = mkOption {
1108 description = "Emilia configuration";
1109 type = submodule {
1110 options = {
1111 postgresql = mkPsqlOptions "Emilia";
1112 };
1113 };
1114 };
1115 florian = mkOption {
1116 description = "Florian configuration";
1117 type = submodule {
1118 options = {
1119 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1120 };
1121 };
1122 };
1123 nassime = mkOption {
1124 description = "Nassime configuration";
1125 type = submodule {
1126 options = {
1127 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1128 };
1129 };
1130 };
1131 piedsjaloux = mkOption {
1132 description = "Piedsjaloux configurations by environment";
1133 type =
1134 let
1135 pjSubmodule = mkOption {
1136 description = "environment configuration";
1137 type = submodule {
1138 options = {
1139 environment = mkOption { type = str; description = "Symfony environment"; };
87a8bffd 1140 mysql = mkMysqlOptions "Piedsjaloux" {};
ab8f306d
IB		 1141 secret = mkOption { type = str; description = "Symfony App secret"; };
1142 };
1143 };
1144 };
1145 in
1146 submodule {
1147 options = {
1148 production = pjSubmodule;
1149 integration = pjSubmodule;
1150 };
1151 };
1152 };
91b75ffe
IB		 1153 richie = mkOption {
1154 description = "Europe Richie configurations by environment";
1155 type = submodule {
1156 options = {
87a8bffd 1157 mysql = mkMysqlOptions "Richie" {};
91b75ffe
IB		 1158 smtp_mailer = mkOption {
1159 description = "SMTP mailer configuration";
1160 type = submodule {
1161 options = {
1162 user = mkOption { type = str; description = "Username"; };
1163 password = mkOption { type = str; description = "Password"; };
1164 };
1165 };
1166 };
1167 };
1168 };
1169 };
ab8f306d
IB		 1170 tellesflorian = mkOption {
1171 description = "Tellesflorian configurations by environment";
1172 type =
1173 let
1174 tfSubmodule = mkOption {
1175 description = "environment configuration";
1176 type = submodule {
1177 options = {
1178 environment = mkOption { type = str; description = "Symfony environment"; };
87a8bffd 1179 mysql = mkMysqlOptions "Tellesflorian" {};
ab8f306d
IB		 1180 secret = mkOption { type = str; description = "Symfony App secret"; };
1181 invite_passwords = mkOption { type = str; description = "Password basic auth"; };
1182 };
1183 };
1184 };
1185 in
1186 submodule {
1187 options = {
1188 integration = tfSubmodule;
1189 };
1190 };
1191 };
1192 };
1193 };
1194 };
1195
1196 privateFiles = mkOption {
1197 type = path;
1198 description = ''
1199 Path to secret files to make available during build
1200 '';
1201 };
1202 };
619e4f46
IB		 1203 options.hostEnv = mkOption {
1204 readOnly = true;
1205 type = hostEnv;
1206 default = config.myEnv.servers."${name}";
1207 description = "Host environment";
ab8f306d
IB		 1208 };
1209}
My infrastructure configuration