]> git.immae.eu Git - perso/Immae/Config/Nix.git/blame - modules/private/environment.nix
projects / perso / Immae / Config / Nix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Upgrade nixos to latest
[perso/Immae/Config/Nix.git] / modules / private / environment.nix
CommitLineData
ab8f306d
IB		 1{ lib, ... }:
2with lib;
3with types;
4with lists;
5let
6 ldapOptions = {
7 base = mkOption { description = "Base of the LDAP tree"; type = str; };
8 host = mkOption { description = "Host to access LDAP"; type = str; };
9 root_dn = mkOption { description = "DN of the root user"; type = str; };
10 root_pw = mkOption { description = "Hashed password of the root user"; type = str; };
11 replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; };
12 replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; };
13 };
14 mkLdapOptions = name: more: mkOption {
15 description = "${name} LDAP configuration";
16 type = submodule {
17 options = ldapOptions // {
18 dn = mkOption { description = "DN of the ${name} user"; type = str; };
19 password = mkOption { description = "password of the ${name} user"; type = str; };
20 filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; };
21 } // more;
22 };
23 };
24 mysqlOptions = {
25 host = mkOption { description = "Host to access Mysql"; type = str; };
26 port = mkOption { description = "Port to access Mysql"; type = str; };
27 socket = mkOption { description = "Socket to access Mysql"; type = path; };
28 systemUsers = mkOption {
29 description = "Attrs of user-passwords allowed to access mysql";
30 type = attrsOf str;
31 };
32 pam = mkOption {
33 description = "PAM configuration for mysql";
34 type = submodule {
35 options = {
36 dn = mkOption { description = "DN to connect as to check users"; type = str; };
37 password = mkOption { description = "DN password to connect as to check users"; type = str; };
38 filter = mkOption { description = "filter to match users"; type = str; };
39 };
40 };
41 };
42 };
43 mkMysqlOptions = name: mkOption {
44 description = "${name} mysql configuration";
45 type = submodule {
46 options = mysqlOptions // {
47 database = mkOption { description = "${name} database"; type = str; };
48 user = mkOption { description = "${name} user"; type = str; };
49 password = mkOption { description = "mysql password of the ${name} user"; type = str; };
50 };
51 };
52 };
53 psqlOptions = {
54 host = mkOption { description = "Host to access Postgresql"; type = str; };
55 port = mkOption { description = "Port to access Postgresql"; type = str; };
56 socket = mkOption { description = "Socket to access Postgresql"; type = path; };
57 pam = mkOption {
58 description = "PAM configuration for psql";
59 type = submodule {
60 options = {
61 dn = mkOption { description = "DN to connect as to check users"; type = str; };
62 password = mkOption { description = "DN password to connect as to check users"; type = str; };
63 filter = mkOption { description = "filter to match users"; type = str; };
64 };
65 };
66 };
67 };
68 mkPsqlOptions = name: mkOption {
69 description = "${name} psql configuration";
70 type = submodule {
71 options = psqlOptions // {
72 database = mkOption { description = "${name} database"; type = str; };
73 schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; };
74 user = mkOption { description = "${name} user"; type = str; };
75 password = mkOption { description = "psql password of the ${name} user"; type = str; };
76 };
77 };
78 };
79 redisOptions = {
80 host = mkOption { description = "Host to access Redis"; type = str; };
81 port = mkOption { description = "Port to access Redis"; type = str; };
82 socket = mkOption { description = "Socket to access Redis"; type = path; };
83 dbs = mkOption {
84 description = "Attrs of db number. Each number should be unique to avoid collision!";
85 type = attrsOf str;
86 };
87 spiped_key = mkOption {
88 type = str;
89 description = ''
90 Key to use with spiped to make a secure channel to replication
91 '';
92 };
93 predixy = mkOption {
94 description = "Predixy configuration. Unused yet";
95 type = submodule {
96 options = {
97 read = mkOption { type = str; description = "Read password"; };
98 };
99 };
100 };
101 };
102 mkRedisOptions = name: mkOption {
103 description = "${name} redis configuration";
104 type = submodule {
105 options = redisOptions // {
106 db = mkOption { description = "${name} database"; type = str; };
107 };
108 };
109 };
110in
111{
112 options.myEnv = {
113 servers = mkOption {
114 description = ''
115 Attrs of servers information in the cluster (not necessarily handled by nixops)
116 '';
117 default = {};
118 type = attrsOf (submodule {
119 options = {
120 ldap = mkOption {
121 description = ''
122 LDAP credentials for the host
123 '';
124 type = submodule {
125 options = {
126 password = mkOption { type = string; description = "Password for the LDAP connection"; };
127 dn = mkOption { type = string; description = "DN for the LDAP connection"; };
128 };
129 };
130 };
131 ips = mkOption {
132 description = ''
133 attrs of ip4/ip6 grouped by section
134 '';
135 type = attrsOf (submodule {
136 options = {
137 ip4 = mkOption {
138 type = string;
139 description = ''
140 ip4 address of the host
141 '';
142 };
143 ip6 = mkOption {
144 type = listOf string;
145 default = [];
146 description = ''
147 ip6 addresses of the host
148 '';
149 };
150 };
151 });
152 };
153 };
154 });
155 };
156 hetznerCloud = mkOption {
157 description = ''
158 Hetzner Cloud credential information
159 '';
160 type = submodule {
161 options = {
162 authToken = mkOption {
163 type = str;
164 description = ''
165 The API auth token.
166 '';
167 };
168 };
169 };
170 };
171 hetzner = mkOption {
172 description = ''
173 Hetzner credential information
174 '';
175 type = submodule {
176 options = {
177 user = mkOption { type = str; description = "User"; };
178 pass = mkOption { type = str; description = "Password"; };
179 };
180 };
181 };
182 sshd = mkOption {
183 description = ''
184 sshd service credential information
185 '';
186 type = submodule {
187 options = {
188 ldap = mkOption {
189 description = ''
190 LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn
191 '';
192 type = submodule {
193 options = {
194 password = mkOption { description = "Password"; type = str; };
195 };
196 };
197 };
198 };
199 };
200 };
201 ports = mkOption {
202 description = ''
203 non-standard reserved ports. Must be unique!
204 '';
205 type = attrsOf port;
206 default = {};
207 apply = let
208 noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x));
209 in
210 x: if isAttrs x && noDupl x then x else throw "Non unique values for ports";
211 };
212 httpd = mkOption {
213 description = ''
214 httpd service credential information
215 '';
216 type = submodule {
217 options = {
218 ldap = mkOption {
219 description = ''
220 LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn
221 '';
222 type = submodule {
223 options = {
224 password = mkOption { description = "Password"; type = str; };
225 };
226 };
227 };
228 };
229 };
230 };
231 ldap = mkOption {
232 description = ''
233 LDAP server configuration
234 '';
235 type = submodule {
236 options = ldapOptions;
237 };
238 };
239 databases = mkOption {
240 description = "Databases configuration";
241 type = submodule {
242 options = {
243 mysql = mkOption {
244 type = submodule { options = mysqlOptions; };
245 description = "Mysql configuration";
246 };
247 redis = mkOption {
248 type = submodule { options = redisOptions; };
249 description = "Redis configuration";
250 };
251 postgresql = mkOption {
252 type = submodule { options = psqlOptions; };
253 description = "Postgresql configuration";
254 };
255 };
256 };
257 };
258 jabber = mkOption {
259 description = "Jabber configuration";
260 type = submodule {
261 options = {
5b53d86f 262 postfix_user_filter = mkOption { type = str; description = "Postfix filter to get xmpp users"; };
ab8f306d
IB		 263 ldap = mkLdapOptions "Jabber" {};
264 postgresql = mkPsqlOptions "Jabber";
265 };
266 };
267 };
268 users = mkOption {
269 description = "System and regular users uid/gid";
270 type = attrsOf (submodule {
271 options = {
272 uid = mkOption {
273 description = "user uid";
274 type = int;
275 };
276 gid = mkOption {
277 description = "user gid";
278 type = int;
279 };
280 };
281 });
282 };
283 dns = mkOption {
284 description = "DNS configuration";
285 type = submodule {
286 options = {
287 soa = mkOption {
288 description = "SOA information";
289 type = submodule {
290 options = {
291 serial = mkOption {
292 description = "Serial number. Should be incremented at each change and unique";
293 type = str;
294 };
295 refresh = mkOption {
296 description = "Refresh time";
297 type = str;
298 };
299 retry = mkOption {
300 description = "Retry time";
301 type = str;
302 };
303 expire = mkOption {
304 description = "Expire time";
305 type = str;
306 };
307 ttl = mkOption {
308 description = "Default TTL time";
309 type = str;
310 };
311 email = mkOption {
312 description = "hostmaster e-mail";
313 type = str;
314 };
315 primary = mkOption {
316 description = "Primary NS";
317 type = str;
318 };
319 };
320 };
321 };
322 ns = mkOption {
323 description = "Attrs of NS servers group";
324 example = {
325 foo = {
326 "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ];
327 "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ];
328 };
329 };
330 type = attrsOf (attrsOf (listOf str));
331 };
332 slaveZones = mkOption {
333 description = "List of slave zones";
334 type = listOf (submodule {
335 options = {
336 name = mkOption { type = str; description = "zone name"; };
337 masters = mkOption {
338 description = "NS master groups of this zone";
339 type = listOf str;
340 };
341 };
342 });
343 };
344 masterZones = mkOption {
345 description = "List of master zones";
346 type = listOf (submodule {
347 options = {
348 name = mkOption { type = str; description = "zone name"; };
349 slaves = mkOption {
350 description = "NS slave groups of this zone";
351 type = listOf str;
352 };
353 ns = mkOption {
354 description = "groups names that should have their NS entries listed here";
355 type = listOf str;
356 };
357 extra = mkOption {
358 description = "Extra zone configuration for bind";
359 example = ''
360 notify yes;
361 '';
362 type = lines;
363 };
364 entries = mkOption { type = lines; description = "Regular entries of the NS zone"; };
365 withEmail = mkOption {
366 description = "List of domains that should have mail entries (MX, dkim, SPF, ...)";
367 default = [];
368 type = listOf (submodule {
369 options = {
370 domain = mkOption { type = str; description = "Which subdomain is concerned"; };
371 send = mkOption { type = bool; description = "Whether there can be e-mails originating from the subdomain"; };
372 receive = mkOption { type = bool; description = "Whether there can be e-mails arriving to the subdomain"; };
373 };
374 });
375 };
376 };
377 });
378 };
379 };
380 };
381 };
382 backup = mkOption {
383 description = ''
384 Remote backup with duplicity
385 '';
386 type = submodule {
387 options = {
388 password = mkOption { type = str; description = "Password for encrypting files"; };
389 remote = mkOption { type = str; description = "Remote url access"; };
390 accessKeyId = mkOption { type = str; description = "Remote access-key"; };
391 secretAccessKey = mkOption { type = str; description = "Remote access secret"; };
392 };
393 };
394 };
395 rsync_backup = mkOption {
396 description =''
397 Rsync backup configuration from controlled host
398 '';
399 type = submodule {
400 options = {
401 mailto = mkOption { type = str; description = "Where to e-mail on error"; };
402 ssh_key = mkOption {
403 description = "SSH key information";
404 type = submodule {
405 options = {
406 public = mkOption { type = str; description = "Public part of the key"; };
407 private = mkOption { type = lines; description = "Private part of the key"; };
408 };
409 };
410 };
411 profiles = mkOption {
412 description = "Attrs of profiles to backup";
413 type = attrsOf (submodule {
414 options = {
415 keep = mkOption { type = int; description = "Number of backups to keep"; };
416 login = mkOption { type = str; description = "Login to connect to host"; };
417 port = mkOption { type = str; default = "22"; description = "Port to connect to host"; };
418 host = mkOption { type = str; description = "Host to connect to"; };
419 host_key = mkOption { type = str; description = "Host key"; };
420 host_key_type = mkOption { type = str; description = "Host key type"; };
421 parts = mkOption {
422 description = "Parts to backup for this host";
423 type = attrsOf (submodule {
424 options = {
425 remote_folder = mkOption { type = path; description = "Remote folder to backup";};
426 exclude_from = mkOption {
427 type = listOf path;
428 default = [];
429 description = "List of folders/files to exclude from the backup";
430 };
431 files_from = mkOption {
432 type = listOf path;
433 default = [];
434 description = "List of folders/files to backup in the base folder";
435 };
436 args = mkOption {
437 type = nullOr str;
438 default = null;
439 description = "Extra arguments to pass to rsync";
440 };
441 };
442 });
443 };
444 };
445 });
446 };
447 };
448 };
449 };
450 monitoring = mkOption {
451 description = "Monitoring configuration";
452 type = submodule {
453 options = {
454 status_url = mkOption { type = str; description = "URL to push status to"; };
455 status_token = mkOption { type = str; description = "Token for the status url"; };
456 email = mkOption { type = str; description = "Admin E-mail"; };
457 };
458 };
459 };
460 mpd = mkOption {
461 description = "MPD configuration";
462 type = submodule {
463 options = {
464 folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; };
465 password = mkOption { type = str; description = "Password to connect to the MPD instance"; };
466 host = mkOption { type = str; description = "Host to connect to the MPD instance"; };
467 port = mkOption { type = str; description = "Port to connect to the MPD instance"; };
468 };
469 };
470 };
471 ftp = mkOption {
472 description = "FTP configuration";
473 type = submodule {
474 options = {
475 ldap = mkLdapOptions "FTP" {};
476 };
477 };
478 };
479 mail = mkOption {
480 description = "Mail configuration";
481 type = submodule {
482 options = {
483 dmarc = mkOption {
484 description = "DMARC configuration";
485 type = submodule {
486 options = {
487 ignore_hosts = mkOption {
488 type = lines;
489 description = ''
490 Hosts to ignore when checking for dmarc
491 '';
492 };
493 };
494 };
495 };
496 dkim = mkOption {
497 description = "DKIM configuration";
498 type = attrsOf (submodule {
499 options = {
500 public = mkOption {
501 type = str;
502 example = ''
503 ( "v=DKIM1; k=rsa; "
504 "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB" )
505 '';
506 description = "Public entry to put in DNS TXT field";
507 };
508 private = mkOption { type = str; description = "Private key"; };
509 };
510 });
511 };
512 postfix = mkOption {
513 description = "Postfix configuration";
514 type = submodule {
515 options = {
516 additional_mailbox_domains = mkOption {
517 description = ''
518 List of domains that are used as mailbox final destination, in addition to those defined in the DNS records
519 '';
520 type = listOf str;
521 };
522 mysql = mkMysqlOptions "Postfix";
523 backup_domains = mkOption {
524 description = ''
525 Domains that are accepted for relay as backup domain
526 '';
527 type = attrsOf (submodule {
528 options = {
529 domains = mkOption { type = listOf str; description = "Domains list"; };
530 relay_restrictions = mkOption {
531 type = lines;
532 description = ''
533 Restrictions for relaying the e-mails from the domains
534 '';
535 };
536 recipient_maps = mkOption {
537 description = ''
538 Recipient map to accept relay for.
539 Must be specified for domain, the rules apply to everyone!
540 '';
541 type = listOf (submodule {
542 options = {
543 type = mkOption {
544 type = enum [ "hash" ];
545 description = "Map type";
546 };
547 content = mkOption {
548 type = str;
549 description = "Map content";
550 };
551 };
552 });
553 };
554 };
555 });
556 };
557 };
558 };
559 };
560 dovecot = mkOption {
561 description = "Dovecot configuration";
562 type = submodule {
563 options = {
564 ldap = mkLdapOptions "Dovecot" {
565 pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; };
566 user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; };
567 iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; };
568 iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; };
569 };
570 };
571 };
572 };
573 rspamd = mkOption {
574 description = "rspamd configuration";
575 type = submodule {
576 options = {
577 redis = mkRedisOptions "Redis";
578 read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; };
579 write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; };
580 read_password = mkOption {
581 type = str;
582 description = "Read password for rspamd. Unused";
583 apply = x: "";
584 };
585 write_password = mkOption {
586 type = str;
587 description = "Write password for rspamd. Unused";
588 apply = x: "";
589 };
590 };
591 };
592 };
593 scripts = mkOption {
594 description = "Mail script recipients";
595 type = attrsOf (submodule {
596 options = {
5b53d86f 597 external = mkEnableOption "Create a script_<name>@mail.immae.eu external address";
ab8f306d
IB		 598 src = mkOption {
599 description = ''
600 git source to fetch the script from.
601 It must have a default.nix file as its root accepting a scriptEnv parameter
602 '';
603 type = submodule {
604 options = {
605 url = mkOption { type = str; description = "git url to fetch"; };
606 rev = mkOption { type = str; description = "git reference to fetch"; };
607 };
608 };
609 };
610 env = mkOption {
611 description = "Variables to pass to the script";
612 type = unspecified;
613 };
614 };
615 });
616 };
617 };
618 };
619 };
620 buildbot = mkOption {
621 description = "Buildbot configuration";
622 type = submodule {
623 options = {
624 user = mkOption {
625 description = "Buildbot user";
626 type = submodule {
627 options = {
628 uid = mkOption {
629 description = "user uid";
630 type = int;
631 };
632 gid = mkOption {
633 description = "user gid";
634 type = int;
635 };
636 };
637 };
638 };
639 ldap = mkOption {
640 description = "Ldap configuration for buildbot";
641 type = submodule {
642 options = {
643 password = mkOption { type = str; description = "Buildbot password"; };
644 };
645 };
646 };
647 projects = mkOption {
648 description = "Projects to make a buildbot for";
649 type = attrsOf (submodule {
650 options = {
651 name = mkOption { type = str; description = "Project name"; };
652 packages = mkOption {
653 type = unspecified;
654 example = literalExample ''
655 pkgs: [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ];
656 '';
657 description = ''
658 Function.
659 Builds packages list to make available to buildbot project.
660 Takes pkgs as argument.
661 '';
662 };
663 pythonPackages = mkOption {
664 type = unspecified;
665 example = literalExample ''
666 p: pkgs: [ pkgs.python3Packages.pip ];
667 '';
668 description = ''
669 Function.
670 Builds python packages list to make available to buildbot project.
671 Takes buildbot python module as first argument and pkgs as second argument in order to augment the python modules list.
672 '';
673 };
674 pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; };
675 secrets = mkOption {
676 type = attrsOf str;
677 description = "Secrets for the project to dump as files";
678 };
679 environment = mkOption {
680 type = attrsOf str;
681 description = ''
682 Environment variables for the project.
683 BUILDBOT_ is prefixed to the variable names
684 '';
685 };
686 activationScript = mkOption {
687 type = lines;
688 description = ''
689 Activation script to run during deployment
690 '';
691 };
692 builderPaths = mkOption {
693 type = attrsOf unspecified;
694 default = {};
695 description = ''
696 Attrs of functions to make accessible specifically per builder.
697 Takes pkgs as argument and should return a single path containing binaries.
698 This path will be accessible as BUILDBOT_PATH_<attrskey>
699 '';
700 };
701 webhookTokens = mkOption {
702 type = nullOr (listOf str);
703 default = null;
704 description = ''
705 List of tokens allowed to push to project’s change_hook/base endpoint
706 '';
707 };
708 };
709 });
710 };
711 };
712 };
713 };
714 tools = mkOption {
715 description = "Tools configurations";
716 type = submodule {
717 options = {
718 davical = mkOption {
719 description = "Davical configuration";
720 type = submodule {
721 options = {
722 postgresql = mkPsqlOptions "Davical";
723 ldap = mkLdapOptions "Davical" {};
724 };
725 };
726 };
727 diaspora = mkOption {
728 description = "Diaspora configuration";
729 type = submodule {
730 options = {
731 postgresql = mkPsqlOptions "Diaspora";
732 redis = mkRedisOptions "Diaspora";
733 ldap = mkLdapOptions "Diaspora" {};
734 secret_token = mkOption { type = str; description = "Secret token"; };
735 };
736 };
737 };
738 etherpad-lite = mkOption {
739 description = "Etherpad configuration";
740 type = submodule {
741 options = {
742 postgresql = mkPsqlOptions "Etherpad";
743 ldap = mkLdapOptions "Etherpad" {
744 group_filter = mkOption { type = str; description = "Filter for groups"; };
745 };
746 session_key = mkOption { type = str; description = "Session key"; };
747 api_key = mkOption { type = str; description = "API key"; };
748 redirects = mkOption { type = str; description = "Redirects for apache"; };
749 };
750 };
751 };
752 gitolite = mkOption {
753 description = "Gitolite configuration";
754 type = submodule {
755 options = {
756 ldap = mkLdapOptions "Gitolite" {};
757 };
758 };
759 };
760 kanboard = mkOption {
761 description = "Kanboard configuration";
762 type = submodule {
763 options = {
764 postgresql = mkPsqlOptions "Kanboard";
765 ldap = mkLdapOptions "Kanboard" {
766 admin_dn = mkOption { type = str; description = "Admin DN"; };
767 };
768 };
769 };
770 };
771 mantisbt = mkOption {
772 description = "Mantisbt configuration";
773 type = submodule {
774 options = {
775 postgresql = mkPsqlOptions "Mantisbt";
776 ldap = mkLdapOptions "Mantisbt" {};
777 master_salt = mkOption { type = str; description = "Master salt for password hash"; };
778 };
779 };
780 };
781 mastodon = mkOption {
782 description = "Mastodon configuration";
783 type = submodule {
784 options = {
785 postgresql = mkPsqlOptions "Mastodon";
786 redis = mkRedisOptions "Mastodon";
787 ldap = mkLdapOptions "Mastodon" {};
788 paperclip_secret = mkOption { type = str; description = "Paperclip secret"; };
789 otp_secret = mkOption { type = str; description = "OTP secret"; };
790 secret_key_base = mkOption { type = str; description = "Secret key base"; };
791 vapid = mkOption {
792 description = "vapid key";
793 type = submodule {
794 options = {
795 private = mkOption { type = str; description = "Private key"; };
796 public = mkOption { type = str; description = "Public key"; };
797 };
798 };
799 };
800 };
801 };
802 };
803 mediagoblin = mkOption {
804 description = "Mediagoblin configuration";
805 type = submodule {
806 options = {
807 postgresql = mkPsqlOptions "Mediagoblin";
808 redis = mkRedisOptions "Mediagoblin";
809 ldap = mkLdapOptions "Mediagoblin" {};
810 };
811 };
812 };
813 nextcloud = mkOption {
814 description = "Nextcloud configuration";
815 type = submodule {
816 options = {
817 postgresql = mkPsqlOptions "Peertube";
818 redis = mkRedisOptions "Peertube";
819 password_salt = mkOption { type = str; description = "Password salt"; };
820 instance_id = mkOption { type = str; description = "Instance ID"; };
821 secret = mkOption { type = str; description = "App secret"; };
822 };
823 };
824 };
825 peertube = mkOption {
826 description = "Peertube configuration";
827 type = submodule {
828 options = {
829 listenPort = mkOption { type = port; description = "Port to listen to"; };
830 postgresql = mkPsqlOptions "Peertube";
831 redis = mkRedisOptions "Peertube";
832 ldap = mkLdapOptions "Peertube" {};
833 };
834 };
835 };
836 phpldapadmin = mkOption {
837 description = "phpLdapAdmin configuration";
838 type = submodule {
839 options = {
840 ldap = mkLdapOptions "phpldapadmin" {};
841 };
842 };
843 };
844 rompr = mkOption {
845 description = "Rompr configuration";
846 type = submodule {
847 options = {
848 mpd = mkOption {
849 description = "MPD configuration";
850 type = submodule {
851 options = {
852 host = mkOption { type = str; description = "Host for MPD"; };
853 port = mkOption { type = port; description = "Port to access MPD host"; };
854 };
855 };
856 };
857 };
858 };
859 };
860 roundcubemail = mkOption {
861 description = "Roundcubemail configuration";
862 type = submodule {
863 options = {
864 postgresql = mkPsqlOptions "TT-RSS";
865 secret = mkOption { type = str; description = "Secret"; };
866 };
867 };
868 };
869 shaarli = mkOption {
870 description = "Shaarli configuration";
871 type = submodule {
872 options = {
873 ldap = mkLdapOptions "Shaarli" {};
874 };
875 };
876 };
877 task = mkOption {
878 description = "Taskwarrior configuration";
879 type = submodule {
880 options = {
881 ldap = mkLdapOptions "Taskwarrior" {};
882 taskwarrior-web = mkOption {
883 description = "taskwarrior-web profiles";
884 type = attrsOf (submodule {
885 options = {
886 uid = mkOption {
887 type = listOf str;
888 description = "List of ldap uids having access to this profile";
889 };
890 org = mkOption { type = str; description = "Taskd organisation"; };
891 key = mkOption { type = str; description = "Taskd key"; };
892 date = mkOption { type = str; description = "Preferred date format"; };
893 };
894 });
895 };
896 };
897 };
898 };
899 ttrss = mkOption {
900 description = "TT-RSS configuration";
901 type = submodule {
902 options = {
903 postgresql = mkPsqlOptions "TT-RSS";
904 ldap = mkLdapOptions "TT-RSS" {};
905 };
906 };
907 };
908 wallabag = mkOption {
909 description = "Wallabag configuration";
910 type = submodule {
911 options = {
912 postgresql = mkPsqlOptions "Wallabag";
913 ldap = mkLdapOptions "Wallabag" {
914 admin_filter = mkOption { type = str; description = "Admin users filter"; };
915 };
916 redis = mkRedisOptions "Wallabag";
917 secret = mkOption { type = str; description = "App secret"; };
918 };
919 };
920 };
921 ympd = mkOption {
922 description = "Ympd configuration";
923 type = submodule {
924 options = {
925 listenPort = mkOption { type = port; description = "Port to listen to"; };
926 mpd = mkOption {
927 description = "MPD configuration";
928 type = submodule {
929 options = {
930 password = mkOption { type = str; description = "Password to access MPD host"; };
931 host = mkOption { type = str; description = "Host for MPD"; };
932 port = mkOption { type = port; description = "Port to access MPD host"; };
933 };
934 };
935 };
936 };
937 };
938 };
939 yourls = mkOption {
940 description = "Yourls configuration";
941 type = submodule {
942 options = {
943 mysql = mkMysqlOptions "Yourls";
944 ldap = mkLdapOptions "Yourls" {};
945 cookieKey = mkOption { type = str; description = "Cookie key"; };
946 };
947 };
948 };
949 };
950 };
951 };
952 websites = mkOption {
953 description = "Websites configurations";
954 type = submodule {
955 options = {
829ef7f1
IB		 956 isabelle = mkOption {
957 description = "Isabelle configurations by environment";
ab8f306d
IB		 958 type =
959 let
960 atenSubmodule = mkOption {
961 description = "environment configuration";
962 type = submodule {
963 options = {
964 environment = mkOption { type = str; description = "Symfony environment"; };
965 secret = mkOption { type = str; description = "Symfony App secret"; };
966 postgresql = mkPsqlOptions "Aten";
967 };
968 };
969 };
970 in
971 submodule {
972 options = {
829ef7f1
IB		 973 aten_production = atenSubmodule;
974 aten_integration = atenSubmodule;
ab8f306d
IB		 975 };
976 };
977 };
978 chloe = mkOption {
979 description = "Chloe configurations by environment";
980 type =
981 let
982 chloeSubmodule = mkOption {
983 description = "environment configuration";
984 type = submodule {
985 options = {
986 environment = mkOption { type = str; description = "Symfony environment"; };
987 mysql = mkMysqlOptions "Chloe";
988 ldap = mkLdapOptions "Chloe" {};
989 };
990 };
991 };
992 in
993 submodule {
994 options = {
995 production = chloeSubmodule;
996 integration = chloeSubmodule;
997 };
998 };
999 };
1000 connexionswing = mkOption {
1001 description = "Connexionswing configurations by environment";
1002 type =
1003 let
1004 csSubmodule = mkOption {
1005 description = "environment configuration";
1006 type = submodule {
1007 options = {
1008 environment = mkOption { type = str; description = "Symfony environment"; };
1009 mysql = mkMysqlOptions "Connexionswing";
1010 secret = mkOption { type = str; description = "Symfony App secret"; };
1011 email = mkOption { type = str; description = "Symfony email notification"; };
1012 };
1013 };
1014 };
1015 in
1016 submodule {
1017 options = {
1018 production = csSubmodule;
1019 integration = csSubmodule;
1020 };
1021 };
1022 };
1023 jerome = mkOption {
1024 description = "Naturaloutil configuration";
1025 type = submodule {
1026 options = {
1027 mysql = mkMysqlOptions "Naturaloutil";
1028 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1029 };
1030 };
1031 };
1032 telioTortay = mkOption {
1033 description = "Telio Tortay configuration";
1034 type = submodule {
1035 options = {
1036 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1037 };
1038 };
1039 };
1040 ludivinecassal = mkOption {
1041 description = "Ludivinecassal configurations by environment";
1042 type =
1043 let
1044 lcSubmodule = mkOption {
1045 description = "environment configuration";
1046 type = submodule {
1047 options = {
1048 environment = mkOption { type = str; description = "Symfony environment"; };
1049 mysql = mkMysqlOptions "LudivineCassal";
1050 ldap = mkLdapOptions "LudivineCassal" {};
1051 secret = mkOption { type = str; description = "Symfony App secret"; };
1052 };
1053 };
1054 };
1055 in
1056 submodule {
1057 options = {
1058 production = lcSubmodule;
1059 integration = lcSubmodule;
1060 };
1061 };
1062 };
1063 emilia = mkOption {
1064 description = "Emilia configuration";
1065 type = submodule {
1066 options = {
1067 postgresql = mkPsqlOptions "Emilia";
1068 };
1069 };
1070 };
1071 florian = mkOption {
1072 description = "Florian configuration";
1073 type = submodule {
1074 options = {
1075 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1076 };
1077 };
1078 };
1079 nassime = mkOption {
1080 description = "Nassime configuration";
1081 type = submodule {
1082 options = {
1083 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1084 };
1085 };
1086 };
1087 piedsjaloux = mkOption {
1088 description = "Piedsjaloux configurations by environment";
1089 type =
1090 let
1091 pjSubmodule = mkOption {
1092 description = "environment configuration";
1093 type = submodule {
1094 options = {
1095 environment = mkOption { type = str; description = "Symfony environment"; };
1096 mysql = mkMysqlOptions "Piedsjaloux";
1097 secret = mkOption { type = str; description = "Symfony App secret"; };
1098 };
1099 };
1100 };
1101 in
1102 submodule {
1103 options = {
1104 production = pjSubmodule;
1105 integration = pjSubmodule;
1106 };
1107 };
1108 };
91b75ffe
IB		 1109 richie = mkOption {
1110 description = "Europe Richie configurations by environment";
1111 type = submodule {
1112 options = {
1113 mysql = mkMysqlOptions "Richie";
1114 smtp_mailer = mkOption {
1115 description = "SMTP mailer configuration";
1116 type = submodule {
1117 options = {
1118 user = mkOption { type = str; description = "Username"; };
1119 password = mkOption { type = str; description = "Password"; };
1120 };
1121 };
1122 };
1123 };
1124 };
1125 };
ab8f306d
IB		 1126 tellesflorian = mkOption {
1127 description = "Tellesflorian configurations by environment";
1128 type =
1129 let
1130 tfSubmodule = mkOption {
1131 description = "environment configuration";
1132 type = submodule {
1133 options = {
1134 environment = mkOption { type = str; description = "Symfony environment"; };
1135 mysql = mkMysqlOptions "Tellesflorian";
1136 secret = mkOption { type = str; description = "Symfony App secret"; };
1137 invite_passwords = mkOption { type = str; description = "Password basic auth"; };
1138 };
1139 };
1140 };
1141 in
1142 submodule {
1143 options = {
1144 integration = tfSubmodule;
1145 };
1146 };
1147 };
1148 };
1149 };
1150 };
1151
1152 privateFiles = mkOption {
1153 type = path;
1154 description = ''
1155 Path to secret files to make available during build
1156 '';
1157 };
1158 };
1159 options.hostEnv = {
1160 FQDN = mkOption {
1161 type = string;
1162 description = ''
1163 FQDN of the current host.
1164 '';
1165 };
1166 };
1167}
My infrastructure configuration