]>
Commit | Line | Data |
---|---|---|
619e4f46 | 1 | { config, lib, name, ... }: |
ab8f306d IB |
2 | with lib; |
3 | with types; | |
4 | with lists; | |
5 | let | |
6 | ldapOptions = { | |
7 | base = mkOption { description = "Base of the LDAP tree"; type = str; }; | |
8 | host = mkOption { description = "Host to access LDAP"; type = str; }; | |
9 | root_dn = mkOption { description = "DN of the root user"; type = str; }; | |
10 | root_pw = mkOption { description = "Hashed password of the root user"; type = str; }; | |
11 | replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; }; | |
12 | replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; }; | |
13 | }; | |
14 | mkLdapOptions = name: more: mkOption { | |
15 | description = "${name} LDAP configuration"; | |
16 | type = submodule { | |
17 | options = ldapOptions // { | |
18 | dn = mkOption { description = "DN of the ${name} user"; type = str; }; | |
19 | password = mkOption { description = "password of the ${name} user"; type = str; }; | |
20 | filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; }; | |
21 | } // more; | |
22 | }; | |
23 | }; | |
24 | mysqlOptions = { | |
25 | host = mkOption { description = "Host to access Mysql"; type = str; }; | |
619e4f46 | 26 | remoteHost = mkOption { description = "Host to access Mysql from outside"; type = str; }; |
ab8f306d IB |
27 | port = mkOption { description = "Port to access Mysql"; type = str; }; |
28 | socket = mkOption { description = "Socket to access Mysql"; type = path; }; | |
29 | systemUsers = mkOption { | |
30 | description = "Attrs of user-passwords allowed to access mysql"; | |
31 | type = attrsOf str; | |
32 | }; | |
33 | pam = mkOption { | |
34 | description = "PAM configuration for mysql"; | |
35 | type = submodule { | |
36 | options = { | |
37 | dn = mkOption { description = "DN to connect as to check users"; type = str; }; | |
38 | password = mkOption { description = "DN password to connect as to check users"; type = str; }; | |
39 | filter = mkOption { description = "filter to match users"; type = str; }; | |
40 | }; | |
41 | }; | |
42 | }; | |
43 | }; | |
87a8bffd | 44 | mkMysqlOptions = name: more: mkOption { |
ab8f306d IB |
45 | description = "${name} mysql configuration"; |
46 | type = submodule { | |
47 | options = mysqlOptions // { | |
48 | database = mkOption { description = "${name} database"; type = str; }; | |
49 | user = mkOption { description = "${name} user"; type = str; }; | |
50 | password = mkOption { description = "mysql password of the ${name} user"; type = str; }; | |
87a8bffd | 51 | } // more; |
ab8f306d IB |
52 | }; |
53 | }; | |
54 | psqlOptions = { | |
55 | host = mkOption { description = "Host to access Postgresql"; type = str; }; | |
56 | port = mkOption { description = "Port to access Postgresql"; type = str; }; | |
57 | socket = mkOption { description = "Socket to access Postgresql"; type = path; }; | |
58 | pam = mkOption { | |
59 | description = "PAM configuration for psql"; | |
60 | type = submodule { | |
61 | options = { | |
62 | dn = mkOption { description = "DN to connect as to check users"; type = str; }; | |
63 | password = mkOption { description = "DN password to connect as to check users"; type = str; }; | |
64 | filter = mkOption { description = "filter to match users"; type = str; }; | |
65 | }; | |
66 | }; | |
67 | }; | |
68 | }; | |
69 | mkPsqlOptions = name: mkOption { | |
70 | description = "${name} psql configuration"; | |
71 | type = submodule { | |
72 | options = psqlOptions // { | |
73 | database = mkOption { description = "${name} database"; type = str; }; | |
74 | schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; }; | |
75 | user = mkOption { description = "${name} user"; type = str; }; | |
76 | password = mkOption { description = "psql password of the ${name} user"; type = str; }; | |
77 | }; | |
78 | }; | |
79 | }; | |
80 | redisOptions = { | |
81 | host = mkOption { description = "Host to access Redis"; type = str; }; | |
82 | port = mkOption { description = "Port to access Redis"; type = str; }; | |
83 | socket = mkOption { description = "Socket to access Redis"; type = path; }; | |
84 | dbs = mkOption { | |
85 | description = "Attrs of db number. Each number should be unique to avoid collision!"; | |
86 | type = attrsOf str; | |
87 | }; | |
88 | spiped_key = mkOption { | |
89 | type = str; | |
90 | description = '' | |
91 | Key to use with spiped to make a secure channel to replication | |
92 | ''; | |
93 | }; | |
94 | predixy = mkOption { | |
95 | description = "Predixy configuration. Unused yet"; | |
96 | type = submodule { | |
97 | options = { | |
98 | read = mkOption { type = str; description = "Read password"; }; | |
99 | }; | |
100 | }; | |
101 | }; | |
102 | }; | |
103 | mkRedisOptions = name: mkOption { | |
104 | description = "${name} redis configuration"; | |
105 | type = submodule { | |
106 | options = redisOptions // { | |
107 | db = mkOption { description = "${name} database"; type = str; }; | |
108 | }; | |
109 | }; | |
110 | }; | |
619e4f46 IB |
111 | hostEnv = submodule { |
112 | options = { | |
113 | fqdn = mkOption { | |
114 | description = "Host FQDN"; | |
115 | type = str; | |
116 | }; | |
117 | emails = mkOption { | |
118 | default = []; | |
119 | description = "List of e-mails that the server can be a sender of"; | |
120 | type = listOf str; | |
121 | }; | |
122 | ldap = mkOption { | |
123 | description = '' | |
124 | LDAP credentials for the host | |
125 | ''; | |
126 | type = submodule { | |
127 | options = { | |
128 | password = mkOption { type = string; description = "Password for the LDAP connection"; }; | |
129 | dn = mkOption { type = string; description = "DN for the LDAP connection"; }; | |
130 | }; | |
131 | }; | |
132 | }; | |
133 | mx = mkOption { | |
134 | description = "subdomain and priority for MX server"; | |
135 | default = { enable = false; }; | |
136 | type = submodule { | |
137 | options = { | |
138 | enable = mkEnableOption "Enable MX"; | |
139 | subdomain = mkOption { type = nullOr str; description = "Subdomain name (mx-*)"; }; | |
140 | priority = mkOption { type = nullOr str; description = "Priority"; }; | |
141 | }; | |
142 | }; | |
143 | }; | |
144 | ips = mkOption { | |
145 | description = '' | |
146 | attrs of ip4/ip6 grouped by section | |
147 | ''; | |
148 | type = attrsOf (submodule { | |
149 | options = { | |
150 | ip4 = mkOption { | |
151 | type = string; | |
152 | description = '' | |
153 | ip4 address of the host | |
154 | ''; | |
155 | }; | |
156 | ip6 = mkOption { | |
157 | type = listOf string; | |
158 | default = []; | |
159 | description = '' | |
160 | ip6 addresses of the host | |
161 | ''; | |
162 | }; | |
163 | }; | |
164 | }); | |
165 | }; | |
166 | }; | |
167 | }; | |
ab8f306d IB |
168 | in |
169 | { | |
170 | options.myEnv = { | |
171 | servers = mkOption { | |
172 | description = '' | |
173 | Attrs of servers information in the cluster (not necessarily handled by nixops) | |
174 | ''; | |
175 | default = {}; | |
619e4f46 | 176 | type = attrsOf hostEnv; |
ab8f306d IB |
177 | }; |
178 | hetznerCloud = mkOption { | |
179 | description = '' | |
180 | Hetzner Cloud credential information | |
181 | ''; | |
182 | type = submodule { | |
183 | options = { | |
184 | authToken = mkOption { | |
185 | type = str; | |
186 | description = '' | |
187 | The API auth token. | |
188 | ''; | |
189 | }; | |
190 | }; | |
191 | }; | |
192 | }; | |
193 | hetzner = mkOption { | |
194 | description = '' | |
195 | Hetzner credential information | |
196 | ''; | |
197 | type = submodule { | |
198 | options = { | |
199 | user = mkOption { type = str; description = "User"; }; | |
200 | pass = mkOption { type = str; description = "Password"; }; | |
201 | }; | |
202 | }; | |
203 | }; | |
204 | sshd = mkOption { | |
205 | description = '' | |
206 | sshd service credential information | |
207 | ''; | |
208 | type = submodule { | |
209 | options = { | |
210 | ldap = mkOption { | |
211 | description = '' | |
212 | LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn | |
213 | ''; | |
214 | type = submodule { | |
215 | options = { | |
216 | password = mkOption { description = "Password"; type = str; }; | |
217 | }; | |
218 | }; | |
219 | }; | |
220 | }; | |
221 | }; | |
222 | }; | |
223 | ports = mkOption { | |
224 | description = '' | |
225 | non-standard reserved ports. Must be unique! | |
226 | ''; | |
227 | type = attrsOf port; | |
228 | default = {}; | |
229 | apply = let | |
230 | noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x)); | |
231 | in | |
232 | x: if isAttrs x && noDupl x then x else throw "Non unique values for ports"; | |
233 | }; | |
234 | httpd = mkOption { | |
235 | description = '' | |
236 | httpd service credential information | |
237 | ''; | |
238 | type = submodule { | |
239 | options = { | |
240 | ldap = mkOption { | |
241 | description = '' | |
242 | LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn | |
243 | ''; | |
244 | type = submodule { | |
245 | options = { | |
246 | password = mkOption { description = "Password"; type = str; }; | |
247 | }; | |
248 | }; | |
249 | }; | |
250 | }; | |
251 | }; | |
252 | }; | |
253 | ldap = mkOption { | |
254 | description = '' | |
255 | LDAP server configuration | |
256 | ''; | |
257 | type = submodule { | |
258 | options = ldapOptions; | |
259 | }; | |
260 | }; | |
261 | databases = mkOption { | |
262 | description = "Databases configuration"; | |
263 | type = submodule { | |
264 | options = { | |
265 | mysql = mkOption { | |
266 | type = submodule { options = mysqlOptions; }; | |
267 | description = "Mysql configuration"; | |
268 | }; | |
269 | redis = mkOption { | |
270 | type = submodule { options = redisOptions; }; | |
271 | description = "Redis configuration"; | |
272 | }; | |
273 | postgresql = mkOption { | |
274 | type = submodule { options = psqlOptions; }; | |
275 | description = "Postgresql configuration"; | |
276 | }; | |
277 | }; | |
278 | }; | |
279 | }; | |
280 | jabber = mkOption { | |
281 | description = "Jabber configuration"; | |
282 | type = submodule { | |
283 | options = { | |
5b53d86f | 284 | postfix_user_filter = mkOption { type = str; description = "Postfix filter to get xmpp users"; }; |
ab8f306d IB |
285 | ldap = mkLdapOptions "Jabber" {}; |
286 | postgresql = mkPsqlOptions "Jabber"; | |
287 | }; | |
288 | }; | |
289 | }; | |
290 | users = mkOption { | |
291 | description = "System and regular users uid/gid"; | |
292 | type = attrsOf (submodule { | |
293 | options = { | |
294 | uid = mkOption { | |
295 | description = "user uid"; | |
296 | type = int; | |
297 | }; | |
298 | gid = mkOption { | |
299 | description = "user gid"; | |
300 | type = int; | |
301 | }; | |
302 | }; | |
303 | }); | |
304 | }; | |
305 | dns = mkOption { | |
306 | description = "DNS configuration"; | |
307 | type = submodule { | |
308 | options = { | |
309 | soa = mkOption { | |
310 | description = "SOA information"; | |
311 | type = submodule { | |
312 | options = { | |
313 | serial = mkOption { | |
314 | description = "Serial number. Should be incremented at each change and unique"; | |
315 | type = str; | |
316 | }; | |
317 | refresh = mkOption { | |
318 | description = "Refresh time"; | |
319 | type = str; | |
320 | }; | |
321 | retry = mkOption { | |
322 | description = "Retry time"; | |
323 | type = str; | |
324 | }; | |
325 | expire = mkOption { | |
326 | description = "Expire time"; | |
327 | type = str; | |
328 | }; | |
329 | ttl = mkOption { | |
330 | description = "Default TTL time"; | |
331 | type = str; | |
332 | }; | |
333 | email = mkOption { | |
334 | description = "hostmaster e-mail"; | |
335 | type = str; | |
336 | }; | |
337 | primary = mkOption { | |
338 | description = "Primary NS"; | |
339 | type = str; | |
340 | }; | |
341 | }; | |
342 | }; | |
343 | }; | |
344 | ns = mkOption { | |
345 | description = "Attrs of NS servers group"; | |
346 | example = { | |
347 | foo = { | |
348 | "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ]; | |
349 | "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ]; | |
350 | }; | |
351 | }; | |
352 | type = attrsOf (attrsOf (listOf str)); | |
353 | }; | |
354 | slaveZones = mkOption { | |
355 | description = "List of slave zones"; | |
356 | type = listOf (submodule { | |
357 | options = { | |
358 | name = mkOption { type = str; description = "zone name"; }; | |
359 | masters = mkOption { | |
360 | description = "NS master groups of this zone"; | |
361 | type = listOf str; | |
362 | }; | |
363 | }; | |
364 | }); | |
365 | }; | |
366 | masterZones = mkOption { | |
367 | description = "List of master zones"; | |
368 | type = listOf (submodule { | |
369 | options = { | |
370 | name = mkOption { type = str; description = "zone name"; }; | |
371 | slaves = mkOption { | |
372 | description = "NS slave groups of this zone"; | |
373 | type = listOf str; | |
374 | }; | |
375 | ns = mkOption { | |
376 | description = "groups names that should have their NS entries listed here"; | |
377 | type = listOf str; | |
378 | }; | |
379 | extra = mkOption { | |
380 | description = "Extra zone configuration for bind"; | |
381 | example = '' | |
382 | notify yes; | |
383 | ''; | |
384 | type = lines; | |
385 | }; | |
386 | entries = mkOption { type = lines; description = "Regular entries of the NS zone"; }; | |
387 | withEmail = mkOption { | |
388 | description = "List of domains that should have mail entries (MX, dkim, SPF, ...)"; | |
389 | default = []; | |
390 | type = listOf (submodule { | |
391 | options = { | |
392 | domain = mkOption { type = str; description = "Which subdomain is concerned"; }; | |
393 | send = mkOption { type = bool; description = "Whether there can be e-mails originating from the subdomain"; }; | |
394 | receive = mkOption { type = bool; description = "Whether there can be e-mails arriving to the subdomain"; }; | |
395 | }; | |
396 | }); | |
397 | }; | |
398 | }; | |
399 | }); | |
400 | }; | |
401 | }; | |
402 | }; | |
403 | }; | |
404 | backup = mkOption { | |
405 | description = '' | |
406 | Remote backup with duplicity | |
407 | ''; | |
408 | type = submodule { | |
409 | options = { | |
410 | password = mkOption { type = str; description = "Password for encrypting files"; }; | |
411 | remote = mkOption { type = str; description = "Remote url access"; }; | |
412 | accessKeyId = mkOption { type = str; description = "Remote access-key"; }; | |
413 | secretAccessKey = mkOption { type = str; description = "Remote access secret"; }; | |
414 | }; | |
415 | }; | |
416 | }; | |
417 | rsync_backup = mkOption { | |
418 | description ='' | |
419 | Rsync backup configuration from controlled host | |
420 | ''; | |
421 | type = submodule { | |
422 | options = { | |
423 | mailto = mkOption { type = str; description = "Where to e-mail on error"; }; | |
424 | ssh_key = mkOption { | |
425 | description = "SSH key information"; | |
426 | type = submodule { | |
427 | options = { | |
428 | public = mkOption { type = str; description = "Public part of the key"; }; | |
429 | private = mkOption { type = lines; description = "Private part of the key"; }; | |
430 | }; | |
431 | }; | |
432 | }; | |
433 | profiles = mkOption { | |
434 | description = "Attrs of profiles to backup"; | |
435 | type = attrsOf (submodule { | |
436 | options = { | |
437 | keep = mkOption { type = int; description = "Number of backups to keep"; }; | |
438 | login = mkOption { type = str; description = "Login to connect to host"; }; | |
439 | port = mkOption { type = str; default = "22"; description = "Port to connect to host"; }; | |
440 | host = mkOption { type = str; description = "Host to connect to"; }; | |
441 | host_key = mkOption { type = str; description = "Host key"; }; | |
442 | host_key_type = mkOption { type = str; description = "Host key type"; }; | |
443 | parts = mkOption { | |
444 | description = "Parts to backup for this host"; | |
445 | type = attrsOf (submodule { | |
446 | options = { | |
447 | remote_folder = mkOption { type = path; description = "Remote folder to backup";}; | |
448 | exclude_from = mkOption { | |
449 | type = listOf path; | |
450 | default = []; | |
451 | description = "List of folders/files to exclude from the backup"; | |
452 | }; | |
453 | files_from = mkOption { | |
454 | type = listOf path; | |
455 | default = []; | |
456 | description = "List of folders/files to backup in the base folder"; | |
457 | }; | |
458 | args = mkOption { | |
459 | type = nullOr str; | |
460 | default = null; | |
461 | description = "Extra arguments to pass to rsync"; | |
462 | }; | |
463 | }; | |
464 | }); | |
465 | }; | |
466 | }; | |
467 | }); | |
468 | }; | |
469 | }; | |
470 | }; | |
471 | }; | |
472 | monitoring = mkOption { | |
473 | description = "Monitoring configuration"; | |
474 | type = submodule { | |
475 | options = { | |
476 | status_url = mkOption { type = str; description = "URL to push status to"; }; | |
477 | status_token = mkOption { type = str; description = "Token for the status url"; }; | |
e820134d | 478 | http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; }; |
ab8f306d | 479 | email = mkOption { type = str; description = "Admin E-mail"; }; |
e820134d IB |
480 | ssh_public_key = mkOption { type = str; description = "SSH public key"; }; |
481 | ssh_secret_key = mkOption { type = str; description = "SSH secret key"; }; | |
482 | imap_login = mkOption { type = str; description = "IMAP login"; }; | |
483 | imap_password = mkOption { type = str; description = "IMAP password"; }; | |
25844101 | 484 | eriomem_keys = mkOption { type = listOf (listOf str); description = "Eriomem keys"; default = []; }; |
e820134d IB |
485 | nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; }; |
486 | slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; }; | |
487 | slack_channel = mkOption { type = str; description = "Slack channel to push status update"; }; | |
488 | contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; }; | |
ab8f306d IB |
489 | }; |
490 | }; | |
491 | }; | |
492 | mpd = mkOption { | |
493 | description = "MPD configuration"; | |
494 | type = submodule { | |
495 | options = { | |
496 | folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; }; | |
497 | password = mkOption { type = str; description = "Password to connect to the MPD instance"; }; | |
498 | host = mkOption { type = str; description = "Host to connect to the MPD instance"; }; | |
499 | port = mkOption { type = str; description = "Port to connect to the MPD instance"; }; | |
500 | }; | |
501 | }; | |
502 | }; | |
503 | ftp = mkOption { | |
504 | description = "FTP configuration"; | |
505 | type = submodule { | |
506 | options = { | |
507 | ldap = mkLdapOptions "FTP" {}; | |
508 | }; | |
509 | }; | |
510 | }; | |
511 | mail = mkOption { | |
512 | description = "Mail configuration"; | |
513 | type = submodule { | |
514 | options = { | |
515 | dmarc = mkOption { | |
516 | description = "DMARC configuration"; | |
517 | type = submodule { | |
518 | options = { | |
519 | ignore_hosts = mkOption { | |
520 | type = lines; | |
521 | description = '' | |
522 | Hosts to ignore when checking for dmarc | |
523 | ''; | |
524 | }; | |
525 | }; | |
526 | }; | |
527 | }; | |
528 | dkim = mkOption { | |
529 | description = "DKIM configuration"; | |
530 | type = attrsOf (submodule { | |
531 | options = { | |
532 | public = mkOption { | |
533 | type = str; | |
534 | example = '' | |
535 | ( "v=DKIM1; k=rsa; " | |
536 | "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB" ) | |
537 | ''; | |
538 | description = "Public entry to put in DNS TXT field"; | |
539 | }; | |
540 | private = mkOption { type = str; description = "Private key"; }; | |
541 | }; | |
542 | }); | |
543 | }; | |
544 | postfix = mkOption { | |
545 | description = "Postfix configuration"; | |
546 | type = submodule { | |
547 | options = { | |
548 | additional_mailbox_domains = mkOption { | |
549 | description = '' | |
550 | List of domains that are used as mailbox final destination, in addition to those defined in the DNS records | |
551 | ''; | |
552 | type = listOf str; | |
553 | }; | |
87a8bffd IB |
554 | mysql = mkMysqlOptions "Postfix" { |
555 | password_encrypt = mkOption { type = str; description = "Key to encrypt relay password in database"; }; | |
556 | }; | |
ab8f306d IB |
557 | backup_domains = mkOption { |
558 | description = '' | |
559 | Domains that are accepted for relay as backup domain | |
560 | ''; | |
561 | type = attrsOf (submodule { | |
562 | options = { | |
563 | domains = mkOption { type = listOf str; description = "Domains list"; }; | |
564 | relay_restrictions = mkOption { | |
565 | type = lines; | |
566 | description = '' | |
567 | Restrictions for relaying the e-mails from the domains | |
568 | ''; | |
569 | }; | |
570 | recipient_maps = mkOption { | |
571 | description = '' | |
572 | Recipient map to accept relay for. | |
573 | Must be specified for domain, the rules apply to everyone! | |
574 | ''; | |
575 | type = listOf (submodule { | |
576 | options = { | |
577 | type = mkOption { | |
578 | type = enum [ "hash" ]; | |
579 | description = "Map type"; | |
580 | }; | |
581 | content = mkOption { | |
582 | type = str; | |
583 | description = "Map content"; | |
584 | }; | |
585 | }; | |
586 | }); | |
587 | }; | |
588 | }; | |
589 | }); | |
590 | }; | |
591 | }; | |
592 | }; | |
593 | }; | |
594 | dovecot = mkOption { | |
595 | description = "Dovecot configuration"; | |
596 | type = submodule { | |
597 | options = { | |
598 | ldap = mkLdapOptions "Dovecot" { | |
599 | pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; }; | |
600 | user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; }; | |
601 | iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; }; | |
602 | iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; }; | |
603 | }; | |
604 | }; | |
605 | }; | |
606 | }; | |
607 | rspamd = mkOption { | |
608 | description = "rspamd configuration"; | |
609 | type = submodule { | |
610 | options = { | |
611 | redis = mkRedisOptions "Redis"; | |
612 | read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; }; | |
613 | write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; }; | |
614 | read_password = mkOption { | |
615 | type = str; | |
616 | description = "Read password for rspamd. Unused"; | |
617 | apply = x: ""; | |
618 | }; | |
619 | write_password = mkOption { | |
620 | type = str; | |
621 | description = "Write password for rspamd. Unused"; | |
622 | apply = x: ""; | |
623 | }; | |
624 | }; | |
625 | }; | |
626 | }; | |
627 | scripts = mkOption { | |
628 | description = "Mail script recipients"; | |
629 | type = attrsOf (submodule { | |
630 | options = { | |
5b53d86f | 631 | external = mkEnableOption "Create a script_<name>@mail.immae.eu external address"; |
ab8f306d IB |
632 | src = mkOption { |
633 | description = '' | |
634 | git source to fetch the script from. | |
635 | It must have a default.nix file as its root accepting a scriptEnv parameter | |
636 | ''; | |
637 | type = submodule { | |
638 | options = { | |
639 | url = mkOption { type = str; description = "git url to fetch"; }; | |
640 | rev = mkOption { type = str; description = "git reference to fetch"; }; | |
641 | }; | |
642 | }; | |
643 | }; | |
644 | env = mkOption { | |
645 | description = "Variables to pass to the script"; | |
646 | type = unspecified; | |
647 | }; | |
648 | }; | |
649 | }); | |
650 | }; | |
651 | }; | |
652 | }; | |
653 | }; | |
654 | buildbot = mkOption { | |
655 | description = "Buildbot configuration"; | |
656 | type = submodule { | |
657 | options = { | |
658 | user = mkOption { | |
659 | description = "Buildbot user"; | |
660 | type = submodule { | |
661 | options = { | |
662 | uid = mkOption { | |
663 | description = "user uid"; | |
664 | type = int; | |
665 | }; | |
666 | gid = mkOption { | |
667 | description = "user gid"; | |
668 | type = int; | |
669 | }; | |
670 | }; | |
671 | }; | |
672 | }; | |
673 | ldap = mkOption { | |
674 | description = "Ldap configuration for buildbot"; | |
675 | type = submodule { | |
676 | options = { | |
677 | password = mkOption { type = str; description = "Buildbot password"; }; | |
678 | }; | |
679 | }; | |
680 | }; | |
681 | projects = mkOption { | |
682 | description = "Projects to make a buildbot for"; | |
683 | type = attrsOf (submodule { | |
684 | options = { | |
685 | name = mkOption { type = str; description = "Project name"; }; | |
686 | packages = mkOption { | |
687 | type = unspecified; | |
688 | example = literalExample '' | |
689 | pkgs: [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ]; | |
690 | ''; | |
691 | description = '' | |
692 | Function. | |
693 | Builds packages list to make available to buildbot project. | |
694 | Takes pkgs as argument. | |
695 | ''; | |
696 | }; | |
697 | pythonPackages = mkOption { | |
698 | type = unspecified; | |
699 | example = literalExample '' | |
700 | p: pkgs: [ pkgs.python3Packages.pip ]; | |
701 | ''; | |
702 | description = '' | |
703 | Function. | |
704 | Builds python packages list to make available to buildbot project. | |
705 | Takes buildbot python module as first argument and pkgs as second argument in order to augment the python modules list. | |
706 | ''; | |
707 | }; | |
708 | pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; }; | |
709 | secrets = mkOption { | |
710 | type = attrsOf str; | |
711 | description = "Secrets for the project to dump as files"; | |
712 | }; | |
713 | environment = mkOption { | |
714 | type = attrsOf str; | |
715 | description = '' | |
716 | Environment variables for the project. | |
717 | BUILDBOT_ is prefixed to the variable names | |
718 | ''; | |
719 | }; | |
720 | activationScript = mkOption { | |
721 | type = lines; | |
722 | description = '' | |
723 | Activation script to run during deployment | |
724 | ''; | |
725 | }; | |
726 | builderPaths = mkOption { | |
727 | type = attrsOf unspecified; | |
728 | default = {}; | |
729 | description = '' | |
730 | Attrs of functions to make accessible specifically per builder. | |
731 | Takes pkgs as argument and should return a single path containing binaries. | |
732 | This path will be accessible as BUILDBOT_PATH_<attrskey> | |
733 | ''; | |
734 | }; | |
735 | webhookTokens = mkOption { | |
736 | type = nullOr (listOf str); | |
737 | default = null; | |
738 | description = '' | |
739 | List of tokens allowed to push to project’s change_hook/base endpoint | |
740 | ''; | |
741 | }; | |
742 | }; | |
743 | }); | |
744 | }; | |
745 | }; | |
746 | }; | |
747 | }; | |
748 | tools = mkOption { | |
749 | description = "Tools configurations"; | |
750 | type = submodule { | |
751 | options = { | |
752 | davical = mkOption { | |
753 | description = "Davical configuration"; | |
754 | type = submodule { | |
755 | options = { | |
756 | postgresql = mkPsqlOptions "Davical"; | |
757 | ldap = mkLdapOptions "Davical" {}; | |
758 | }; | |
759 | }; | |
760 | }; | |
761 | diaspora = mkOption { | |
762 | description = "Diaspora configuration"; | |
763 | type = submodule { | |
764 | options = { | |
765 | postgresql = mkPsqlOptions "Diaspora"; | |
766 | redis = mkRedisOptions "Diaspora"; | |
767 | ldap = mkLdapOptions "Diaspora" {}; | |
768 | secret_token = mkOption { type = str; description = "Secret token"; }; | |
769 | }; | |
770 | }; | |
771 | }; | |
772 | etherpad-lite = mkOption { | |
773 | description = "Etherpad configuration"; | |
774 | type = submodule { | |
775 | options = { | |
776 | postgresql = mkPsqlOptions "Etherpad"; | |
777 | ldap = mkLdapOptions "Etherpad" { | |
778 | group_filter = mkOption { type = str; description = "Filter for groups"; }; | |
779 | }; | |
780 | session_key = mkOption { type = str; description = "Session key"; }; | |
781 | api_key = mkOption { type = str; description = "API key"; }; | |
782 | redirects = mkOption { type = str; description = "Redirects for apache"; }; | |
783 | }; | |
784 | }; | |
785 | }; | |
786 | gitolite = mkOption { | |
787 | description = "Gitolite configuration"; | |
788 | type = submodule { | |
789 | options = { | |
790 | ldap = mkLdapOptions "Gitolite" {}; | |
791 | }; | |
792 | }; | |
793 | }; | |
794 | kanboard = mkOption { | |
795 | description = "Kanboard configuration"; | |
796 | type = submodule { | |
797 | options = { | |
798 | postgresql = mkPsqlOptions "Kanboard"; | |
799 | ldap = mkLdapOptions "Kanboard" { | |
800 | admin_dn = mkOption { type = str; description = "Admin DN"; }; | |
801 | }; | |
802 | }; | |
803 | }; | |
804 | }; | |
805 | mantisbt = mkOption { | |
806 | description = "Mantisbt configuration"; | |
807 | type = submodule { | |
808 | options = { | |
809 | postgresql = mkPsqlOptions "Mantisbt"; | |
810 | ldap = mkLdapOptions "Mantisbt" {}; | |
811 | master_salt = mkOption { type = str; description = "Master salt for password hash"; }; | |
812 | }; | |
813 | }; | |
814 | }; | |
815 | mastodon = mkOption { | |
816 | description = "Mastodon configuration"; | |
817 | type = submodule { | |
818 | options = { | |
819 | postgresql = mkPsqlOptions "Mastodon"; | |
820 | redis = mkRedisOptions "Mastodon"; | |
821 | ldap = mkLdapOptions "Mastodon" {}; | |
822 | paperclip_secret = mkOption { type = str; description = "Paperclip secret"; }; | |
823 | otp_secret = mkOption { type = str; description = "OTP secret"; }; | |
824 | secret_key_base = mkOption { type = str; description = "Secret key base"; }; | |
825 | vapid = mkOption { | |
826 | description = "vapid key"; | |
827 | type = submodule { | |
828 | options = { | |
829 | private = mkOption { type = str; description = "Private key"; }; | |
830 | public = mkOption { type = str; description = "Public key"; }; | |
831 | }; | |
832 | }; | |
833 | }; | |
834 | }; | |
835 | }; | |
836 | }; | |
837 | mediagoblin = mkOption { | |
838 | description = "Mediagoblin configuration"; | |
839 | type = submodule { | |
840 | options = { | |
841 | postgresql = mkPsqlOptions "Mediagoblin"; | |
842 | redis = mkRedisOptions "Mediagoblin"; | |
843 | ldap = mkLdapOptions "Mediagoblin" {}; | |
844 | }; | |
845 | }; | |
846 | }; | |
847 | nextcloud = mkOption { | |
848 | description = "Nextcloud configuration"; | |
849 | type = submodule { | |
850 | options = { | |
851 | postgresql = mkPsqlOptions "Peertube"; | |
852 | redis = mkRedisOptions "Peertube"; | |
853 | password_salt = mkOption { type = str; description = "Password salt"; }; | |
854 | instance_id = mkOption { type = str; description = "Instance ID"; }; | |
855 | secret = mkOption { type = str; description = "App secret"; }; | |
856 | }; | |
857 | }; | |
858 | }; | |
859 | peertube = mkOption { | |
860 | description = "Peertube configuration"; | |
861 | type = submodule { | |
862 | options = { | |
863 | listenPort = mkOption { type = port; description = "Port to listen to"; }; | |
864 | postgresql = mkPsqlOptions "Peertube"; | |
865 | redis = mkRedisOptions "Peertube"; | |
866 | ldap = mkLdapOptions "Peertube" {}; | |
867 | }; | |
868 | }; | |
869 | }; | |
870 | phpldapadmin = mkOption { | |
871 | description = "phpLdapAdmin configuration"; | |
872 | type = submodule { | |
873 | options = { | |
874 | ldap = mkLdapOptions "phpldapadmin" {}; | |
875 | }; | |
876 | }; | |
877 | }; | |
878 | rompr = mkOption { | |
879 | description = "Rompr configuration"; | |
880 | type = submodule { | |
881 | options = { | |
882 | mpd = mkOption { | |
883 | description = "MPD configuration"; | |
884 | type = submodule { | |
885 | options = { | |
886 | host = mkOption { type = str; description = "Host for MPD"; }; | |
887 | port = mkOption { type = port; description = "Port to access MPD host"; }; | |
888 | }; | |
889 | }; | |
890 | }; | |
891 | }; | |
892 | }; | |
893 | }; | |
894 | roundcubemail = mkOption { | |
895 | description = "Roundcubemail configuration"; | |
896 | type = submodule { | |
897 | options = { | |
898 | postgresql = mkPsqlOptions "TT-RSS"; | |
899 | secret = mkOption { type = str; description = "Secret"; }; | |
900 | }; | |
901 | }; | |
902 | }; | |
903 | shaarli = mkOption { | |
904 | description = "Shaarli configuration"; | |
905 | type = submodule { | |
906 | options = { | |
907 | ldap = mkLdapOptions "Shaarli" {}; | |
908 | }; | |
909 | }; | |
910 | }; | |
911 | task = mkOption { | |
912 | description = "Taskwarrior configuration"; | |
913 | type = submodule { | |
914 | options = { | |
915 | ldap = mkLdapOptions "Taskwarrior" {}; | |
916 | taskwarrior-web = mkOption { | |
917 | description = "taskwarrior-web profiles"; | |
918 | type = attrsOf (submodule { | |
919 | options = { | |
920 | uid = mkOption { | |
921 | type = listOf str; | |
922 | description = "List of ldap uids having access to this profile"; | |
923 | }; | |
924 | org = mkOption { type = str; description = "Taskd organisation"; }; | |
925 | key = mkOption { type = str; description = "Taskd key"; }; | |
926 | date = mkOption { type = str; description = "Preferred date format"; }; | |
927 | }; | |
928 | }); | |
929 | }; | |
930 | }; | |
931 | }; | |
932 | }; | |
933 | ttrss = mkOption { | |
934 | description = "TT-RSS configuration"; | |
935 | type = submodule { | |
936 | options = { | |
937 | postgresql = mkPsqlOptions "TT-RSS"; | |
938 | ldap = mkLdapOptions "TT-RSS" {}; | |
939 | }; | |
940 | }; | |
941 | }; | |
942 | wallabag = mkOption { | |
943 | description = "Wallabag configuration"; | |
944 | type = submodule { | |
945 | options = { | |
946 | postgresql = mkPsqlOptions "Wallabag"; | |
947 | ldap = mkLdapOptions "Wallabag" { | |
948 | admin_filter = mkOption { type = str; description = "Admin users filter"; }; | |
949 | }; | |
950 | redis = mkRedisOptions "Wallabag"; | |
951 | secret = mkOption { type = str; description = "App secret"; }; | |
952 | }; | |
953 | }; | |
954 | }; | |
955 | ympd = mkOption { | |
956 | description = "Ympd configuration"; | |
957 | type = submodule { | |
958 | options = { | |
959 | listenPort = mkOption { type = port; description = "Port to listen to"; }; | |
960 | mpd = mkOption { | |
961 | description = "MPD configuration"; | |
962 | type = submodule { | |
963 | options = { | |
964 | password = mkOption { type = str; description = "Password to access MPD host"; }; | |
965 | host = mkOption { type = str; description = "Host for MPD"; }; | |
966 | port = mkOption { type = port; description = "Port to access MPD host"; }; | |
967 | }; | |
968 | }; | |
969 | }; | |
970 | }; | |
971 | }; | |
972 | }; | |
973 | yourls = mkOption { | |
974 | description = "Yourls configuration"; | |
975 | type = submodule { | |
976 | options = { | |
87a8bffd | 977 | mysql = mkMysqlOptions "Yourls" {}; |
ab8f306d IB |
978 | ldap = mkLdapOptions "Yourls" {}; |
979 | cookieKey = mkOption { type = str; description = "Cookie key"; }; | |
980 | }; | |
981 | }; | |
982 | }; | |
983 | }; | |
984 | }; | |
985 | }; | |
986 | websites = mkOption { | |
987 | description = "Websites configurations"; | |
988 | type = submodule { | |
989 | options = { | |
829ef7f1 IB |
990 | isabelle = mkOption { |
991 | description = "Isabelle configurations by environment"; | |
ab8f306d IB |
992 | type = |
993 | let | |
994 | atenSubmodule = mkOption { | |
995 | description = "environment configuration"; | |
996 | type = submodule { | |
997 | options = { | |
998 | environment = mkOption { type = str; description = "Symfony environment"; }; | |
999 | secret = mkOption { type = str; description = "Symfony App secret"; }; | |
1000 | postgresql = mkPsqlOptions "Aten"; | |
1001 | }; | |
1002 | }; | |
1003 | }; | |
1004 | in | |
1005 | submodule { | |
1006 | options = { | |
829ef7f1 IB |
1007 | aten_production = atenSubmodule; |
1008 | aten_integration = atenSubmodule; | |
423c3f1c IB |
1009 | iridologie = mkOption { |
1010 | description = "environment configuration"; | |
1011 | type = submodule { | |
1012 | options = { | |
1013 | environment = mkOption { type = str; description = "SPIP environment"; }; | |
1014 | mysql = mkMysqlOptions "Iridologie" {}; | |
1015 | ldap = mkLdapOptions "Iridologie" {}; | |
1016 | }; | |
1017 | }; | |
1018 | }; | |
ab8f306d IB |
1019 | }; |
1020 | }; | |
1021 | }; | |
1022 | chloe = mkOption { | |
1023 | description = "Chloe configurations by environment"; | |
1024 | type = | |
1025 | let | |
1026 | chloeSubmodule = mkOption { | |
1027 | description = "environment configuration"; | |
1028 | type = submodule { | |
1029 | options = { | |
423c3f1c | 1030 | environment = mkOption { type = str; description = "SPIP environment"; }; |
87a8bffd | 1031 | mysql = mkMysqlOptions "Chloe" {}; |
ab8f306d IB |
1032 | ldap = mkLdapOptions "Chloe" {}; |
1033 | }; | |
1034 | }; | |
1035 | }; | |
1036 | in | |
1037 | submodule { | |
1038 | options = { | |
1039 | production = chloeSubmodule; | |
1040 | integration = chloeSubmodule; | |
1041 | }; | |
1042 | }; | |
1043 | }; | |
1044 | connexionswing = mkOption { | |
1045 | description = "Connexionswing configurations by environment"; | |
1046 | type = | |
1047 | let | |
1048 | csSubmodule = mkOption { | |
1049 | description = "environment configuration"; | |
1050 | type = submodule { | |
1051 | options = { | |
1052 | environment = mkOption { type = str; description = "Symfony environment"; }; | |
87a8bffd | 1053 | mysql = mkMysqlOptions "Connexionswing" {}; |
ab8f306d IB |
1054 | secret = mkOption { type = str; description = "Symfony App secret"; }; |
1055 | email = mkOption { type = str; description = "Symfony email notification"; }; | |
1056 | }; | |
1057 | }; | |
1058 | }; | |
1059 | in | |
1060 | submodule { | |
1061 | options = { | |
1062 | production = csSubmodule; | |
1063 | integration = csSubmodule; | |
1064 | }; | |
1065 | }; | |
1066 | }; | |
1067 | jerome = mkOption { | |
1068 | description = "Naturaloutil configuration"; | |
1069 | type = submodule { | |
1070 | options = { | |
87a8bffd | 1071 | mysql = mkMysqlOptions "Naturaloutil" {}; |
ab8f306d IB |
1072 | server_admin = mkOption { type = str; description = "Server admin e-mail"; }; |
1073 | }; | |
1074 | }; | |
1075 | }; | |
1076 | telioTortay = mkOption { | |
1077 | description = "Telio Tortay configuration"; | |
1078 | type = submodule { | |
1079 | options = { | |
1080 | server_admin = mkOption { type = str; description = "Server admin e-mail"; }; | |
1081 | }; | |
1082 | }; | |
1083 | }; | |
1084 | ludivinecassal = mkOption { | |
1085 | description = "Ludivinecassal configurations by environment"; | |
1086 | type = | |
1087 | let | |
1088 | lcSubmodule = mkOption { | |
1089 | description = "environment configuration"; | |
1090 | type = submodule { | |
1091 | options = { | |
1092 | environment = mkOption { type = str; description = "Symfony environment"; }; | |
87a8bffd | 1093 | mysql = mkMysqlOptions "LudivineCassal" {}; |
ab8f306d IB |
1094 | ldap = mkLdapOptions "LudivineCassal" {}; |
1095 | secret = mkOption { type = str; description = "Symfony App secret"; }; | |
1096 | }; | |
1097 | }; | |
1098 | }; | |
1099 | in | |
1100 | submodule { | |
1101 | options = { | |
1102 | production = lcSubmodule; | |
1103 | integration = lcSubmodule; | |
1104 | }; | |
1105 | }; | |
1106 | }; | |
1107 | emilia = mkOption { | |
1108 | description = "Emilia configuration"; | |
1109 | type = submodule { | |
1110 | options = { | |
1111 | postgresql = mkPsqlOptions "Emilia"; | |
1112 | }; | |
1113 | }; | |
1114 | }; | |
1115 | florian = mkOption { | |
1116 | description = "Florian configuration"; | |
1117 | type = submodule { | |
1118 | options = { | |
1119 | server_admin = mkOption { type = str; description = "Server admin e-mail"; }; | |
1120 | }; | |
1121 | }; | |
1122 | }; | |
1123 | nassime = mkOption { | |
1124 | description = "Nassime configuration"; | |
1125 | type = submodule { | |
1126 | options = { | |
1127 | server_admin = mkOption { type = str; description = "Server admin e-mail"; }; | |
1128 | }; | |
1129 | }; | |
1130 | }; | |
1131 | piedsjaloux = mkOption { | |
1132 | description = "Piedsjaloux configurations by environment"; | |
1133 | type = | |
1134 | let | |
1135 | pjSubmodule = mkOption { | |
1136 | description = "environment configuration"; | |
1137 | type = submodule { | |
1138 | options = { | |
1139 | environment = mkOption { type = str; description = "Symfony environment"; }; | |
87a8bffd | 1140 | mysql = mkMysqlOptions "Piedsjaloux" {}; |
ab8f306d IB |
1141 | secret = mkOption { type = str; description = "Symfony App secret"; }; |
1142 | }; | |
1143 | }; | |
1144 | }; | |
1145 | in | |
1146 | submodule { | |
1147 | options = { | |
1148 | production = pjSubmodule; | |
1149 | integration = pjSubmodule; | |
1150 | }; | |
1151 | }; | |
1152 | }; | |
91b75ffe IB |
1153 | richie = mkOption { |
1154 | description = "Europe Richie configurations by environment"; | |
1155 | type = submodule { | |
1156 | options = { | |
87a8bffd | 1157 | mysql = mkMysqlOptions "Richie" {}; |
91b75ffe IB |
1158 | smtp_mailer = mkOption { |
1159 | description = "SMTP mailer configuration"; | |
1160 | type = submodule { | |
1161 | options = { | |
1162 | user = mkOption { type = str; description = "Username"; }; | |
1163 | password = mkOption { type = str; description = "Password"; }; | |
1164 | }; | |
1165 | }; | |
1166 | }; | |
1167 | }; | |
1168 | }; | |
1169 | }; | |
ab8f306d IB |
1170 | tellesflorian = mkOption { |
1171 | description = "Tellesflorian configurations by environment"; | |
1172 | type = | |
1173 | let | |
1174 | tfSubmodule = mkOption { | |
1175 | description = "environment configuration"; | |
1176 | type = submodule { | |
1177 | options = { | |
1178 | environment = mkOption { type = str; description = "Symfony environment"; }; | |
87a8bffd | 1179 | mysql = mkMysqlOptions "Tellesflorian" {}; |
ab8f306d IB |
1180 | secret = mkOption { type = str; description = "Symfony App secret"; }; |
1181 | invite_passwords = mkOption { type = str; description = "Password basic auth"; }; | |
1182 | }; | |
1183 | }; | |
1184 | }; | |
1185 | in | |
1186 | submodule { | |
1187 | options = { | |
1188 | integration = tfSubmodule; | |
1189 | }; | |
1190 | }; | |
1191 | }; | |
1192 | }; | |
1193 | }; | |
1194 | }; | |
1195 | ||
1196 | privateFiles = mkOption { | |
1197 | type = path; | |
1198 | description = '' | |
1199 | Path to secret files to make available during build | |
1200 | ''; | |
1201 | }; | |
1202 | }; | |
619e4f46 IB |
1203 | options.hostEnv = mkOption { |
1204 | readOnly = true; | |
1205 | type = hostEnv; | |
1206 | default = config.myEnv.servers."${name}"; | |
1207 | description = "Host environment"; | |
ab8f306d IB |
1208 | }; |
1209 | } |