]> git.immae.eu Git - perso/Immae/Config/Nix.git/blame - modules/private/environment.nix
projects / perso / Immae / Config / Nix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Adjustments for monitoring
[perso/Immae/Config/Nix.git] / modules / private / environment.nix
CommitLineData
619e4f46 1{ config, lib, name, ... }:
ab8f306d
IB		 2with lib;
3with types;
4with lists;
5let
6 ldapOptions = {
7 base = mkOption { description = "Base of the LDAP tree"; type = str; };
8 host = mkOption { description = "Host to access LDAP"; type = str; };
9 root_dn = mkOption { description = "DN of the root user"; type = str; };
10 root_pw = mkOption { description = "Hashed password of the root user"; type = str; };
11 replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; };
12 replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; };
13 };
14 mkLdapOptions = name: more: mkOption {
15 description = "${name} LDAP configuration";
16 type = submodule {
17 options = ldapOptions // {
18 dn = mkOption { description = "DN of the ${name} user"; type = str; };
19 password = mkOption { description = "password of the ${name} user"; type = str; };
20 filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; };
21 } // more;
22 };
23 };
24 mysqlOptions = {
25 host = mkOption { description = "Host to access Mysql"; type = str; };
619e4f46 26 remoteHost = mkOption { description = "Host to access Mysql from outside"; type = str; };
ab8f306d
IB		 27 port = mkOption { description = "Port to access Mysql"; type = str; };
28 socket = mkOption { description = "Socket to access Mysql"; type = path; };
29 systemUsers = mkOption {
30 description = "Attrs of user-passwords allowed to access mysql";
31 type = attrsOf str;
32 };
33 pam = mkOption {
34 description = "PAM configuration for mysql";
35 type = submodule {
36 options = {
37 dn = mkOption { description = "DN to connect as to check users"; type = str; };
38 password = mkOption { description = "DN password to connect as to check users"; type = str; };
39 filter = mkOption { description = "filter to match users"; type = str; };
40 };
41 };
42 };
43 };
87a8bffd 44 mkMysqlOptions = name: more: mkOption {
ab8f306d
IB		 45 description = "${name} mysql configuration";
46 type = submodule {
47 options = mysqlOptions // {
48 database = mkOption { description = "${name} database"; type = str; };
49 user = mkOption { description = "${name} user"; type = str; };
50 password = mkOption { description = "mysql password of the ${name} user"; type = str; };
87a8bffd 51 } // more;
ab8f306d
IB		 52 };
53 };
54 psqlOptions = {
55 host = mkOption { description = "Host to access Postgresql"; type = str; };
56 port = mkOption { description = "Port to access Postgresql"; type = str; };
57 socket = mkOption { description = "Socket to access Postgresql"; type = path; };
58 pam = mkOption {
59 description = "PAM configuration for psql";
60 type = submodule {
61 options = {
62 dn = mkOption { description = "DN to connect as to check users"; type = str; };
63 password = mkOption { description = "DN password to connect as to check users"; type = str; };
64 filter = mkOption { description = "filter to match users"; type = str; };
65 };
66 };
67 };
68 };
69 mkPsqlOptions = name: mkOption {
70 description = "${name} psql configuration";
71 type = submodule {
72 options = psqlOptions // {
73 database = mkOption { description = "${name} database"; type = str; };
74 schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; };
75 user = mkOption { description = "${name} user"; type = str; };
76 password = mkOption { description = "psql password of the ${name} user"; type = str; };
77 };
78 };
79 };
80 redisOptions = {
81 host = mkOption { description = "Host to access Redis"; type = str; };
82 port = mkOption { description = "Port to access Redis"; type = str; };
83 socket = mkOption { description = "Socket to access Redis"; type = path; };
84 dbs = mkOption {
85 description = "Attrs of db number. Each number should be unique to avoid collision!";
86 type = attrsOf str;
87 };
88 spiped_key = mkOption {
89 type = str;
90 description = ''
91 Key to use with spiped to make a secure channel to replication
92 '';
93 };
94 predixy = mkOption {
95 description = "Predixy configuration. Unused yet";
96 type = submodule {
97 options = {
98 read = mkOption { type = str; description = "Read password"; };
99 };
100 };
101 };
102 };
103 mkRedisOptions = name: mkOption {
104 description = "${name} redis configuration";
105 type = submodule {
106 options = redisOptions // {
107 db = mkOption { description = "${name} database"; type = str; };
108 };
109 };
110 };
6338573a
IB		 111 smtpOptions = {
112 host = mkOption { description = "Host to access SMTP"; type = str; };
113 port = mkOption { description = "Port to access SMTP"; type = str; };
114 };
115 mkSmtpOptions = name: mkOption {
116 description = "${name} smtp configuration";
117 type = submodule {
118 options = smtpOptions // {
119 email = mkOption { description = "${name} email"; type = str; };
120 password = mkOption { description = "SMTP password of the ${name} user"; type = str; };
121 };
122 };
123 };
619e4f46
IB		 124 hostEnv = submodule {
125 options = {
126 fqdn = mkOption {
127 description = "Host FQDN";
128 type = str;
129 };
8a304ef4
IB		 130 users = mkOption {
131 type = unspecified;
132 default = pkgs: [];
133 description = ''
134 Sublist of users from realUsers. Function that takes pkgs as
135 argument and gives an array as a result
136 '';
137 };
619e4f46
IB		 138 emails = mkOption {
139 default = [];
140 description = "List of e-mails that the server can be a sender of";
141 type = listOf str;
142 };
143 ldap = mkOption {
144 description = ''
145 LDAP credentials for the host
146 '';
147 type = submodule {
148 options = {
5400b9b6
IB		 149 password = mkOption { type = str; description = "Password for the LDAP connection"; };
150 dn = mkOption { type = str; description = "DN for the LDAP connection"; };
619e4f46
IB		 151 };
152 };
153 };
154 mx = mkOption {
155 description = "subdomain and priority for MX server";
156 default = { enable = false; };
157 type = submodule {
158 options = {
159 enable = mkEnableOption "Enable MX";
160 subdomain = mkOption { type = nullOr str; description = "Subdomain name (mx-*)"; };
161 priority = mkOption { type = nullOr str; description = "Priority"; };
162 };
163 };
164 };
165 ips = mkOption {
166 description = ''
167 attrs of ip4/ip6 grouped by section
168 '';
169 type = attrsOf (submodule {
170 options = {
171 ip4 = mkOption {
5400b9b6 172 type = str;
619e4f46
IB		 173 description = ''
174 ip4 address of the host
175 '';
176 };
177 ip6 = mkOption {
5400b9b6 178 type = listOf str;
619e4f46
IB		 179 default = [];
180 description = ''
181 ip6 addresses of the host
182 '';
183 };
184 };
185 });
186 };
187 };
188 };
ab8f306d
IB		 189in
190{
191 options.myEnv = {
192 servers = mkOption {
193 description = ''
194 Attrs of servers information in the cluster (not necessarily handled by nixops)
195 '';
196 default = {};
619e4f46 197 type = attrsOf hostEnv;
ab8f306d
IB		 198 };
199 hetznerCloud = mkOption {
200 description = ''
201 Hetzner Cloud credential information
202 '';
203 type = submodule {
204 options = {
205 authToken = mkOption {
206 type = str;
207 description = ''
208 The API auth token.
209 '';
210 };
211 };
212 };
213 };
214 hetzner = mkOption {
215 description = ''
216 Hetzner credential information
217 '';
218 type = submodule {
219 options = {
220 user = mkOption { type = str; description = "User"; };
221 pass = mkOption { type = str; description = "Password"; };
222 };
223 };
224 };
225 sshd = mkOption {
226 description = ''
227 sshd service credential information
228 '';
229 type = submodule {
230 options = {
231 ldap = mkOption {
232 description = ''
233 LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn
234 '';
235 type = submodule {
236 options = {
237 password = mkOption { description = "Password"; type = str; };
238 };
239 };
240 };
241 };
242 };
243 };
244 ports = mkOption {
245 description = ''
246 non-standard reserved ports. Must be unique!
247 '';
248 type = attrsOf port;
249 default = {};
250 apply = let
251 noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x));
252 in
253 x: if isAttrs x && noDupl x then x else throw "Non unique values for ports";
254 };
255 httpd = mkOption {
256 description = ''
257 httpd service credential information
258 '';
259 type = submodule {
260 options = {
261 ldap = mkOption {
262 description = ''
263 LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn
264 '';
265 type = submodule {
266 options = {
267 password = mkOption { description = "Password"; type = str; };
268 };
269 };
270 };
271 };
272 };
273 };
6338573a
IB		 274 smtp = mkOption {
275 type = submodule { options = smtpOptions; };
276 description = "SMTP configuration";
277 };
ab8f306d
IB		 278 ldap = mkOption {
279 description = ''
280 LDAP server configuration
281 '';
282 type = submodule {
283 options = ldapOptions;
284 };
285 };
286 databases = mkOption {
287 description = "Databases configuration";
288 type = submodule {
289 options = {
290 mysql = mkOption {
291 type = submodule { options = mysqlOptions; };
292 description = "Mysql configuration";
293 };
294 redis = mkOption {
295 type = submodule { options = redisOptions; };
296 description = "Redis configuration";
297 };
298 postgresql = mkOption {
299 type = submodule { options = psqlOptions; };
300 description = "Postgresql configuration";
301 };
302 };
303 };
304 };
305 jabber = mkOption {
306 description = "Jabber configuration";
307 type = submodule {
308 options = {
5b53d86f 309 postfix_user_filter = mkOption { type = str; description = "Postfix filter to get xmpp users"; };
ab8f306d
IB		 310 ldap = mkLdapOptions "Jabber" {};
311 postgresql = mkPsqlOptions "Jabber";
312 };
313 };
314 };
8a304ef4
IB		 315 realUsers = mkOption {
316 description = ''
317 Attrset of function taking pkgs as argument.
318 Real users settings, should provide a subattr of users.users.<name>
319 with at least: name, (hashed)Password, shell
320 '';
321 type = attrsOf unspecified;
322 };
ab8f306d
IB		 323 users = mkOption {
324 description = "System and regular users uid/gid";
325 type = attrsOf (submodule {
326 options = {
327 uid = mkOption {
328 description = "user uid";
329 type = int;
330 };
331 gid = mkOption {
332 description = "user gid";
333 type = int;
334 };
335 };
336 });
337 };
338 dns = mkOption {
339 description = "DNS configuration";
340 type = submodule {
341 options = {
342 soa = mkOption {
343 description = "SOA information";
344 type = submodule {
345 options = {
346 serial = mkOption {
347 description = "Serial number. Should be incremented at each change and unique";
348 type = str;
349 };
350 refresh = mkOption {
351 description = "Refresh time";
352 type = str;
353 };
354 retry = mkOption {
355 description = "Retry time";
356 type = str;
357 };
358 expire = mkOption {
359 description = "Expire time";
360 type = str;
361 };
362 ttl = mkOption {
363 description = "Default TTL time";
364 type = str;
365 };
366 email = mkOption {
367 description = "hostmaster e-mail";
368 type = str;
369 };
370 primary = mkOption {
371 description = "Primary NS";
372 type = str;
373 };
374 };
375 };
376 };
377 ns = mkOption {
378 description = "Attrs of NS servers group";
379 example = {
380 foo = {
381 "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ];
382 "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ];
383 };
384 };
385 type = attrsOf (attrsOf (listOf str));
386 };
387 slaveZones = mkOption {
388 description = "List of slave zones";
389 type = listOf (submodule {
390 options = {
391 name = mkOption { type = str; description = "zone name"; };
392 masters = mkOption {
393 description = "NS master groups of this zone";
394 type = listOf str;
395 };
396 };
397 });
398 };
399 masterZones = mkOption {
400 description = "List of master zones";
401 type = listOf (submodule {
402 options = {
403 name = mkOption { type = str; description = "zone name"; };
68ff82c6 404 withCAA = mkOption { type = nullOr str; description = "CAA entry"; default = null; };
ab8f306d
IB		 405 slaves = mkOption {
406 description = "NS slave groups of this zone";
407 type = listOf str;
408 };
409 ns = mkOption {
410 description = "groups names that should have their NS entries listed here";
411 type = listOf str;
412 };
413 extra = mkOption {
414 description = "Extra zone configuration for bind";
415 example = ''
416 notify yes;
417 '';
418 type = lines;
419 };
420 entries = mkOption { type = lines; description = "Regular entries of the NS zone"; };
421 withEmail = mkOption {
422 description = "List of domains that should have mail entries (MX, dkim, SPF, ...)";
423 default = [];
424 type = listOf (submodule {
425 options = {
426 domain = mkOption { type = str; description = "Which subdomain is concerned"; };
427 send = mkOption { type = bool; description = "Whether there can be e-mails originating from the subdomain"; };
428 receive = mkOption { type = bool; description = "Whether there can be e-mails arriving to the subdomain"; };
429 };
430 });
431 };
432 };
433 });
434 };
435 };
436 };
437 };
438 backup = mkOption {
439 description = ''
440 Remote backup with duplicity
441 '';
442 type = submodule {
443 options = {
444 password = mkOption { type = str; description = "Password for encrypting files"; };
5a61f6ad
IB		 445 remotes = mkOption {
446 type = attrsOf (submodule {
447 options = {
448 remote = mkOption {
449 type = unspecified;
450 example = literalExample ''
451 bucket: "s3://some_host/${bucket}";
452 '';
453 description = ''
454 Function.
455 Takes a bucket name as argument and returns a url
456 '';
457 };
458 accessKeyId = mkOption { type = str; description = "Remote access-key"; };
459 secretAccessKey = mkOption { type = str; description = "Remote access secret"; };
460 };
461 });
462 };
ab8f306d
IB		 463 };
464 };
465 };
5dda316b
IB		 466 zrepl_backup = mkOption {
467 type = submodule {
468 options = {
469 ssh_key = mkOption {
470 description = "SSH key information";
471 type = submodule {
472 options = {
473 public = mkOption { type = str; description = "Public part of the key"; };
474 private = mkOption { type = lines; description = "Private part of the key"; };
475 };
476 };
477 };
478 mysql = mkMysqlOptions "Zrepl" {};
479 };
480 };
481 };
ab8f306d
IB		 482 rsync_backup = mkOption {
483 description =''
484 Rsync backup configuration from controlled host
485 '';
486 type = submodule {
487 options = {
ab8f306d
IB		 488 ssh_key = mkOption {
489 description = "SSH key information";
490 type = submodule {
491 options = {
492 public = mkOption { type = str; description = "Public part of the key"; };
493 private = mkOption { type = lines; description = "Private part of the key"; };
494 };
495 };
496 };
497 profiles = mkOption {
498 description = "Attrs of profiles to backup";
499 type = attrsOf (submodule {
500 options = {
501 keep = mkOption { type = int; description = "Number of backups to keep"; };
46b7e627 502 check_command = mkOption { type = str; description = "command to check if backup needs to be done"; default = "backup"; };
ab8f306d
IB		 503 login = mkOption { type = str; description = "Login to connect to host"; };
504 port = mkOption { type = str; default = "22"; description = "Port to connect to host"; };
505 host = mkOption { type = str; description = "Host to connect to"; };
506 host_key = mkOption { type = str; description = "Host key"; };
507 host_key_type = mkOption { type = str; description = "Host key type"; };
508 parts = mkOption {
509 description = "Parts to backup for this host";
510 type = attrsOf (submodule {
511 options = {
512 remote_folder = mkOption { type = path; description = "Remote folder to backup";};
513 exclude_from = mkOption {
514 type = listOf path;
515 default = [];
516 description = "List of folders/files to exclude from the backup";
517 };
518 files_from = mkOption {
519 type = listOf path;
520 default = [];
521 description = "List of folders/files to backup in the base folder";
522 };
523 args = mkOption {
524 type = nullOr str;
525 default = null;
526 description = "Extra arguments to pass to rsync";
527 };
528 };
529 });
530 };
531 };
532 });
533 };
534 };
535 };
536 };
537 monitoring = mkOption {
538 description = "Monitoring configuration";
539 type = submodule {
540 options = {
541 status_url = mkOption { type = str; description = "URL to push status to"; };
542 status_token = mkOption { type = str; description = "Token for the status url"; };
e820134d 543 http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; };
ab8f306d 544 email = mkOption { type = str; description = "Admin E-mail"; };
e820134d
IB		 545 ssh_public_key = mkOption { type = str; description = "SSH public key"; };
546 ssh_secret_key = mkOption { type = str; description = "SSH secret key"; };
547 imap_login = mkOption { type = str; description = "IMAP login"; };
548 imap_password = mkOption { type = str; description = "IMAP password"; };
25844101 549 eriomem_keys = mkOption { type = listOf (listOf str); description = "Eriomem keys"; default = []; };
6191bdeb
IB		 550 ovh_sms = mkOption {
551 description = "OVH credentials for sms script";
552 type = submodule {
553 options = {
554 endpoint = mkOption { type = str; default = "ovh-eu"; description = "OVH endpoint"; };
555 application_key = mkOption { type = str; description = "Application key"; };
556 application_secret = mkOption { type = str; description = "Application secret"; };
557 consumer_key = mkOption { type = str; description = "Consumer key"; };
558 account = mkOption { type = str; description = "Account"; };
559 };
560 };
561 };
2edbb2d8
IB		 562 eban = mkOption {
563 description = "Eban credentials for webhook";
564 type = submodule {
565 options = {
c41d0de8 566 user = mkOption { type = str; description = "User"; };
2edbb2d8
IB		 567 password = mkOption { type = str; description = "Password"; };
568 };
569 };
570 };
e820134d
IB		 571 nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; };
572 slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; };
573 slack_channel = mkOption { type = str; description = "Slack channel to push status update"; };
e43fdf34
IB		 574 netdata_aggregator = mkOption { type = str; description = "Url where netdata information should be sent"; };
575 netdata_keys = mkOption { type = attrsOf str; description = "netdata host keys"; };
e820134d 576 contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; };
71a2425e
IB		 577 email_check = mkOption {
578 description = "Emails services to check";
579 type = attrsOf (submodule {
580 options = {
581 local = mkOption { type = bool; default = false; description = "Use local configuration"; };
582 port = mkOption { type = nullOr str; default = null; description = "Port to connect to ssh"; };
583 login = mkOption { type = nullOr str; default = null; description = "Login to connect to ssh"; };
584 targets = mkOption { type = listOf str; description = "Hosts to send E-mails to"; };
ef0a9217
IB		 585 mail_address = mkOption { type = nullOr str; default = null; description = "E-mail recipient part to send e-mail to"; };
586 mail_domain = mkOption { type = nullOr str; default = null; description = "E-mail domain part to send e-mail to"; };
71a2425e
IB		 587 };
588 });
589 };
ab8f306d
IB		 590 };
591 };
592 };
593 mpd = mkOption {
594 description = "MPD configuration";
595 type = submodule {
596 options = {
597 folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; };
598 password = mkOption { type = str; description = "Password to connect to the MPD instance"; };
599 host = mkOption { type = str; description = "Host to connect to the MPD instance"; };
600 port = mkOption { type = str; description = "Port to connect to the MPD instance"; };
601 };
602 };
603 };
604 ftp = mkOption {
605 description = "FTP configuration";
606 type = submodule {
607 options = {
608 ldap = mkLdapOptions "FTP" {};
609 };
610 };
611 };
ea9c6fe8
IB		 612 vpn = mkOption {
613 description = "VPN configuration";
614 type = attrsOf (submodule {
615 options = {
616 prefix = mkOption { type = str; description = "ipv6 prefix for the vpn subnet"; };
617 privateKey = mkOption { type = str; description = "Private key for the host"; };
618 publicKey = mkOption { type = str; description = "Public key for the host"; };
619 };
620 });
621 };
ab8f306d
IB		 622 mail = mkOption {
623 description = "Mail configuration";
624 type = submodule {
625 options = {
626 dmarc = mkOption {
627 description = "DMARC configuration";
628 type = submodule {
629 options = {
630 ignore_hosts = mkOption {
631 type = lines;
632 description = ''
633 Hosts to ignore when checking for dmarc
634 '';
635 };
636 };
637 };
638 };
639 dkim = mkOption {
640 description = "DKIM configuration";
641 type = attrsOf (submodule {
642 options = {
643 public = mkOption {
644 type = str;
645 example = ''
646 ( "v=DKIM1; k=rsa; "
647 "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB" )
648 '';
649 description = "Public entry to put in DNS TXT field";
650 };
651 private = mkOption { type = str; description = "Private key"; };
652 };
653 });
654 };
655 postfix = mkOption {
656 description = "Postfix configuration";
657 type = submodule {
658 options = {
659 additional_mailbox_domains = mkOption {
660 description = ''
661 List of domains that are used as mailbox final destination, in addition to those defined in the DNS records
662 '';
663 type = listOf str;
664 };
87a8bffd
IB		 665 mysql = mkMysqlOptions "Postfix" {
666 password_encrypt = mkOption { type = str; description = "Key to encrypt relay password in database"; };
667 };
ab8f306d
IB		 668 backup_domains = mkOption {
669 description = ''
670 Domains that are accepted for relay as backup domain
671 '';
672 type = attrsOf (submodule {
673 options = {
674 domains = mkOption { type = listOf str; description = "Domains list"; };
675 relay_restrictions = mkOption {
676 type = lines;
677 description = ''
678 Restrictions for relaying the e-mails from the domains
679 '';
680 };
681 recipient_maps = mkOption {
682 description = ''
683 Recipient map to accept relay for.
684 Must be specified for domain, the rules apply to everyone!
685 '';
686 type = listOf (submodule {
687 options = {
688 type = mkOption {
689 type = enum [ "hash" ];
690 description = "Map type";
691 };
692 content = mkOption {
693 type = str;
694 description = "Map content";
695 };
696 };
697 });
698 };
699 };
700 });
701 };
702 };
703 };
704 };
705 dovecot = mkOption {
706 description = "Dovecot configuration";
707 type = submodule {
708 options = {
709 ldap = mkLdapOptions "Dovecot" {
710 pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; };
711 user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; };
712 iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; };
713 iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; };
22b4bd78 714 postfix_mailbox_filter = mkOption { type = str; description = "Postfix filter to get mailboxes"; };
ab8f306d
IB		 715 };
716 };
717 };
718 };
719 rspamd = mkOption {
720 description = "rspamd configuration";
721 type = submodule {
722 options = {
723 redis = mkRedisOptions "Redis";
724 read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; };
725 write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; };
726 read_password = mkOption {
727 type = str;
728 description = "Read password for rspamd. Unused";
729 apply = x: "";
730 };
731 write_password = mkOption {
732 type = str;
733 description = "Write password for rspamd. Unused";
734 apply = x: "";
735 };
736 };
737 };
738 };
739 scripts = mkOption {
740 description = "Mail script recipients";
741 type = attrsOf (submodule {
742 options = {
5b53d86f 743 external = mkEnableOption "Create a script_<name>@mail.immae.eu external address";
ab8f306d
IB		 744 src = mkOption {
745 description = ''
746 git source to fetch the script from.
747 It must have a default.nix file as its root accepting a scriptEnv parameter
748 '';
749 type = submodule {
750 options = {
751 url = mkOption { type = str; description = "git url to fetch"; };
752 rev = mkOption { type = str; description = "git reference to fetch"; };
753 };
754 };
755 };
756 env = mkOption {
757 description = "Variables to pass to the script";
758 type = unspecified;
759 };
760 };
761 });
762 };
418a4ed7
IB		 763 sympa = mkOption {
764 description = "Sympa configuration";
765 type = submodule {
766 options = {
767 listmasters = mkOption {
768 type = listOf str;
769 description = "Listmasters";
770 };
771 postgresql = mkPsqlOptions "Sympa";
772 data_sources = mkOption {
773 type = attrsOf str;
774 default = {};
775 description = "Data sources to make available to sympa";
776 };
777 scenari = mkOption {
778 type = attrsOf str;
779 default = {};
780 description = "Scenari to make available to sympa";
781 };
782 };
783 };
784 };
ab8f306d
IB		 785 };
786 };
787 };
788 buildbot = mkOption {
789 description = "Buildbot configuration";
790 type = submodule {
791 options = {
792 user = mkOption {
793 description = "Buildbot user";
794 type = submodule {
795 options = {
796 uid = mkOption {
797 description = "user uid";
798 type = int;
799 };
800 gid = mkOption {
801 description = "user gid";
802 type = int;
803 };
804 };
805 };
806 };
807 ldap = mkOption {
808 description = "Ldap configuration for buildbot";
809 type = submodule {
810 options = {
811 password = mkOption { type = str; description = "Buildbot password"; };
812 };
813 };
814 };
815 projects = mkOption {
816 description = "Projects to make a buildbot for";
817 type = attrsOf (submodule {
818 options = {
819 name = mkOption { type = str; description = "Project name"; };
820 packages = mkOption {
821 type = unspecified;
822 example = literalExample ''
823 pkgs: [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ];
824 '';
825 description = ''
826 Function.
827 Builds packages list to make available to buildbot project.
828 Takes pkgs as argument.
829 '';
830 };
831 pythonPackages = mkOption {
832 type = unspecified;
833 example = literalExample ''
834 p: pkgs: [ pkgs.python3Packages.pip ];
835 '';
836 description = ''
837 Function.
838 Builds python packages list to make available to buildbot project.
839 Takes buildbot python module as first argument and pkgs as second argument in order to augment the python modules list.
840 '';
841 };
842 pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; };
843 secrets = mkOption {
844 type = attrsOf str;
845 description = "Secrets for the project to dump as files";
846 };
847 environment = mkOption {
848 type = attrsOf str;
849 description = ''
850 Environment variables for the project.
851 BUILDBOT_ is prefixed to the variable names
852 '';
853 };
854 activationScript = mkOption {
855 type = lines;
856 description = ''
857 Activation script to run during deployment
858 '';
859 };
860 builderPaths = mkOption {
861 type = attrsOf unspecified;
862 default = {};
863 description = ''
864 Attrs of functions to make accessible specifically per builder.
865 Takes pkgs as argument and should return a single path containing binaries.
866 This path will be accessible as BUILDBOT_PATH_<attrskey>
867 '';
868 };
869 webhookTokens = mkOption {
870 type = nullOr (listOf str);
871 default = null;
872 description = ''
873 List of tokens allowed to push to project’s change_hook/base endpoint
874 '';
875 };
876 };
877 });
878 };
879 };
880 };
881 };
882 tools = mkOption {
883 description = "Tools configurations";
884 type = submodule {
885 options = {
251c0a13 886 contact = mkOption { type = str; description = "Contact e-mail address"; };
4c42e0be
IB		 887 assets = mkOption {
888 default = {};
889 type = attrsOf (submodule {
890 options = {
891 url = mkOption { type = str; description = "URL to fetch"; };
892 sha256 = mkOption { type = str; description = "Hash of the url"; };
893 };
894 });
895 description = "Assets to provide on assets.immae.eu";
896 };
ab8f306d
IB		 897 davical = mkOption {
898 description = "Davical configuration";
899 type = submodule {
900 options = {
901 postgresql = mkPsqlOptions "Davical";
902 ldap = mkLdapOptions "Davical" {};
903 };
904 };
905 };
906 diaspora = mkOption {
907 description = "Diaspora configuration";
908 type = submodule {
909 options = {
910 postgresql = mkPsqlOptions "Diaspora";
911 redis = mkRedisOptions "Diaspora";
912 ldap = mkLdapOptions "Diaspora" {};
913 secret_token = mkOption { type = str; description = "Secret token"; };
914 };
915 };
916 };
7df5e532
IB		 917 dmarc_reports = mkOption {
918 description = "DMARC reports configuration";
919 type = submodule {
920 options = {
921 mysql = mkMysqlOptions "DMARC" {};
9c08c3bc 922 anonymous_key = mkOption { type = str; description = "Anonymous hashing key"; };
7df5e532
IB		 923 };
924 };
925 };
ab8f306d
IB		 926 etherpad-lite = mkOption {
927 description = "Etherpad configuration";
928 type = submodule {
929 options = {
930 postgresql = mkPsqlOptions "Etherpad";
931 ldap = mkLdapOptions "Etherpad" {
932 group_filter = mkOption { type = str; description = "Filter for groups"; };
933 };
f0d942ac 934 adminPassword = mkOption { type = str; description = "Admin password for mypads / admin"; };
ab8f306d
IB		 935 session_key = mkOption { type = str; description = "Session key"; };
936 api_key = mkOption { type = str; description = "API key"; };
937 redirects = mkOption { type = str; description = "Redirects for apache"; };
938 };
939 };
940 };
941 gitolite = mkOption {
942 description = "Gitolite configuration";
943 type = submodule {
944 options = {
945 ldap = mkLdapOptions "Gitolite" {};
946 };
947 };
948 };
949 kanboard = mkOption {
950 description = "Kanboard configuration";
951 type = submodule {
952 options = {
953 postgresql = mkPsqlOptions "Kanboard";
954 ldap = mkLdapOptions "Kanboard" {
955 admin_dn = mkOption { type = str; description = "Admin DN"; };
956 };
957 };
958 };
959 };
960 mantisbt = mkOption {
961 description = "Mantisbt configuration";
962 type = submodule {
963 options = {
964 postgresql = mkPsqlOptions "Mantisbt";
965 ldap = mkLdapOptions "Mantisbt" {};
966 master_salt = mkOption { type = str; description = "Master salt for password hash"; };
967 };
968 };
969 };
970 mastodon = mkOption {
971 description = "Mastodon configuration";
972 type = submodule {
973 options = {
974 postgresql = mkPsqlOptions "Mastodon";
975 redis = mkRedisOptions "Mastodon";
976 ldap = mkLdapOptions "Mastodon" {};
977 paperclip_secret = mkOption { type = str; description = "Paperclip secret"; };
978 otp_secret = mkOption { type = str; description = "OTP secret"; };
979 secret_key_base = mkOption { type = str; description = "Secret key base"; };
980 vapid = mkOption {
981 description = "vapid key";
982 type = submodule {
983 options = {
984 private = mkOption { type = str; description = "Private key"; };
985 public = mkOption { type = str; description = "Public key"; };
986 };
987 };
988 };
989 };
990 };
991 };
992 mediagoblin = mkOption {
993 description = "Mediagoblin configuration";
994 type = submodule {
995 options = {
996 postgresql = mkPsqlOptions "Mediagoblin";
997 redis = mkRedisOptions "Mediagoblin";
998 ldap = mkLdapOptions "Mediagoblin" {};
999 };
1000 };
1001 };
1002 nextcloud = mkOption {
1003 description = "Nextcloud configuration";
1004 type = submodule {
1005 options = {
1006 postgresql = mkPsqlOptions "Peertube";
1007 redis = mkRedisOptions "Peertube";
1008 password_salt = mkOption { type = str; description = "Password salt"; };
1009 instance_id = mkOption { type = str; description = "Instance ID"; };
1010 secret = mkOption { type = str; description = "App secret"; };
1011 };
1012 };
1013 };
1014 peertube = mkOption {
1015 description = "Peertube configuration";
1016 type = submodule {
1017 options = {
1018 listenPort = mkOption { type = port; description = "Port to listen to"; };
1019 postgresql = mkPsqlOptions "Peertube";
1020 redis = mkRedisOptions "Peertube";
1021 ldap = mkLdapOptions "Peertube" {};
1022 };
1023 };
1024 };
8a05c7fb
IB		 1025 syden_peertube = mkOption {
1026 description = "Peertube Syden configuration";
1027 type = submodule {
1028 options = {
1029 listenPort = mkOption { type = port; description = "Port to listen to"; };
1030 postgresql = mkPsqlOptions "Peertube";
1031 redis = mkRedisOptions "Peertube";
1032 };
1033 };
1034 };
ab8f306d
IB		 1035 phpldapadmin = mkOption {
1036 description = "phpLdapAdmin configuration";
1037 type = submodule {
1038 options = {
1039 ldap = mkLdapOptions "phpldapadmin" {};
1040 };
1041 };
1042 };
1043 rompr = mkOption {
1044 description = "Rompr configuration";
1045 type = submodule {
1046 options = {
1047 mpd = mkOption {
1048 description = "MPD configuration";
1049 type = submodule {
1050 options = {
1051 host = mkOption { type = str; description = "Host for MPD"; };
1052 port = mkOption { type = port; description = "Port to access MPD host"; };
1053 };
1054 };
1055 };
1056 };
1057 };
1058 };
1059 roundcubemail = mkOption {
1060 description = "Roundcubemail configuration";
1061 type = submodule {
1062 options = {
1063 postgresql = mkPsqlOptions "TT-RSS";
1064 secret = mkOption { type = str; description = "Secret"; };
1065 };
1066 };
1067 };
1068 shaarli = mkOption {
1069 description = "Shaarli configuration";
1070 type = submodule {
1071 options = {
1072 ldap = mkLdapOptions "Shaarli" {};
1073 };
1074 };
1075 };
a97118c4
IB		 1076 status_engine = mkOption {
1077 description = "Status Engine configuration";
1078 type = submodule {
1079 options = {
1080 mysql = mkMysqlOptions "StatusEngine" {};
1081 ldap = mkLdapOptions "StatusEngine" {};
1082 };
1083 };
1084 };
ab8f306d
IB		 1085 task = mkOption {
1086 description = "Taskwarrior configuration";
1087 type = submodule {
1088 options = {
1089 ldap = mkLdapOptions "Taskwarrior" {};
1090 taskwarrior-web = mkOption {
1091 description = "taskwarrior-web profiles";
1092 type = attrsOf (submodule {
1093 options = {
1094 uid = mkOption {
1095 type = listOf str;
1096 description = "List of ldap uids having access to this profile";
1097 };
1098 org = mkOption { type = str; description = "Taskd organisation"; };
1099 key = mkOption { type = str; description = "Taskd key"; };
1100 date = mkOption { type = str; description = "Preferred date format"; };
1101 };
1102 });
1103 };
1104 };
1105 };
1106 };
1107 ttrss = mkOption {
1108 description = "TT-RSS configuration";
1109 type = submodule {
1110 options = {
1111 postgresql = mkPsqlOptions "TT-RSS";
1112 ldap = mkLdapOptions "TT-RSS" {};
1113 };
1114 };
1115 };
1116 wallabag = mkOption {
1117 description = "Wallabag configuration";
1118 type = submodule {
1119 options = {
1120 postgresql = mkPsqlOptions "Wallabag";
1121 ldap = mkLdapOptions "Wallabag" {
1122 admin_filter = mkOption { type = str; description = "Admin users filter"; };
1123 };
1124 redis = mkRedisOptions "Wallabag";
1125 secret = mkOption { type = str; description = "App secret"; };
1126 };
1127 };
1128 };
251c0a13
IB		 1129 webhooks = mkOption {
1130 type = attrsOf str;
1131 description = "Mapping 'name'.php => script for webhooks";
1132 };
68c45ad5
IB		 1133 csp_reports = mkOption {
1134 description = "CSP report configuration";
1135 type = submodule {
1136 options = {
1137 report_uri = mkOption { type = str; description = "URI to report CSP violations to"; };
1138 policies = mkOption { type = attrsOf str; description = "CSP policies to apply"; };
1139 postgresql = mkPsqlOptions "CSP reports";
1140 };
1141 };
1142 };
6338573a
IB		 1143 commento = mkOption {
1144 description = "Commento configuration";
1145 type = submodule {
1146 options = {
1147 listenPort = mkOption { type = port; description = "Port to listen to"; };
1148 postgresql = mkPsqlOptions "Commento";
1149 smtp = mkSmtpOptions "Commento";
1150 };
1151 };
1152 };
ab8f306d
IB		 1153 ympd = mkOption {
1154 description = "Ympd configuration";
1155 type = submodule {
1156 options = {
1157 listenPort = mkOption { type = port; description = "Port to listen to"; };
1158 mpd = mkOption {
1159 description = "MPD configuration";
1160 type = submodule {
1161 options = {
1162 password = mkOption { type = str; description = "Password to access MPD host"; };
1163 host = mkOption { type = str; description = "Host for MPD"; };
1164 port = mkOption { type = port; description = "Port to access MPD host"; };
1165 };
1166 };
1167 };
1168 };
1169 };
1170 };
1171 yourls = mkOption {
1172 description = "Yourls configuration";
1173 type = submodule {
1174 options = {
87a8bffd 1175 mysql = mkMysqlOptions "Yourls" {};
ab8f306d
IB		 1176 ldap = mkLdapOptions "Yourls" {};
1177 cookieKey = mkOption { type = str; description = "Cookie key"; };
1178 };
1179 };
1180 };
1181 };
1182 };
1183 };
75489e72 1184 serverSpecific = mkOption { type = attrsOf unspecified; description = "Server specific configuration"; };
ab8f306d
IB		 1185 websites = mkOption {
1186 description = "Websites configurations";
1187 type = submodule {
1188 options = {
91b3d06b
IB		 1189 immae = mkOption {
1190 description = "Immae configuration by environment";
1191 type = submodule {
1192 options = {
1193 temp = mkOption {
1194 description = "Temp configuration";
1195 type = submodule {
1196 options = {
1197 ldap = mkLdapOptions "Immae temp" {
1198 filter = mkOption { type = str; description = "Filter for user access"; };
1199 };
1200 };
1201 };
1202 };
1203 };
1204 };
1205 };
829ef7f1
IB		 1206 isabelle = mkOption {
1207 description = "Isabelle configurations by environment";
ab8f306d
IB		 1208 type =
1209 let
1210 atenSubmodule = mkOption {
1211 description = "environment configuration";
1212 type = submodule {
1213 options = {
1214 environment = mkOption { type = str; description = "Symfony environment"; };
1215 secret = mkOption { type = str; description = "Symfony App secret"; };
1216 postgresql = mkPsqlOptions "Aten";
1217 };
1218 };
1219 };
1220 in
1221 submodule {
1222 options = {
829ef7f1
IB		 1223 aten_production = atenSubmodule;
1224 aten_integration = atenSubmodule;
423c3f1c
IB		 1225 iridologie = mkOption {
1226 description = "environment configuration";
1227 type = submodule {
1228 options = {
1229 environment = mkOption { type = str; description = "SPIP environment"; };
1230 mysql = mkMysqlOptions "Iridologie" {};
1231 ldap = mkLdapOptions "Iridologie" {};
1232 };
1233 };
1234 };
ab8f306d
IB		 1235 };
1236 };
1237 };
1238 chloe = mkOption {
1239 description = "Chloe configurations by environment";
1240 type =
1241 let
1242 chloeSubmodule = mkOption {
1243 description = "environment configuration";
1244 type = submodule {
1245 options = {
423c3f1c 1246 environment = mkOption { type = str; description = "SPIP environment"; };
87a8bffd 1247 mysql = mkMysqlOptions "Chloe" {};
ab8f306d
IB		 1248 ldap = mkLdapOptions "Chloe" {};
1249 };
1250 };
1251 };
1252 in
1253 submodule {
1254 options = {
1255 production = chloeSubmodule;
1256 integration = chloeSubmodule;
1257 };
1258 };
1259 };
1260 connexionswing = mkOption {
1261 description = "Connexionswing configurations by environment";
1262 type =
1263 let
1264 csSubmodule = mkOption {
1265 description = "environment configuration";
1266 type = submodule {
1267 options = {
1268 environment = mkOption { type = str; description = "Symfony environment"; };
87a8bffd 1269 mysql = mkMysqlOptions "Connexionswing" {};
ab8f306d
IB		 1270 secret = mkOption { type = str; description = "Symfony App secret"; };
1271 email = mkOption { type = str; description = "Symfony email notification"; };
1272 };
1273 };
1274 };
1275 in
1276 submodule {
1277 options = {
1278 production = csSubmodule;
1279 integration = csSubmodule;
1280 };
1281 };
1282 };
1283 jerome = mkOption {
1284 description = "Naturaloutil configuration";
1285 type = submodule {
1286 options = {
87a8bffd 1287 mysql = mkMysqlOptions "Naturaloutil" {};
ab8f306d
IB		 1288 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1289 };
1290 };
1291 };
d3452fc5 1292 telio_tortay = mkOption {
ab8f306d
IB		 1293 description = "Telio Tortay configuration";
1294 type = submodule {
1295 options = {
1296 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1297 };
1298 };
1299 };
d3452fc5 1300 ludivine = mkOption {
ab8f306d
IB		 1301 description = "Ludivinecassal configurations by environment";
1302 type =
1303 let
1304 lcSubmodule = mkOption {
1305 description = "environment configuration";
1306 type = submodule {
1307 options = {
1308 environment = mkOption { type = str; description = "Symfony environment"; };
87a8bffd 1309 mysql = mkMysqlOptions "LudivineCassal" {};
ab8f306d
IB		 1310 ldap = mkLdapOptions "LudivineCassal" {};
1311 secret = mkOption { type = str; description = "Symfony App secret"; };
1312 };
1313 };
1314 };
1315 in
1316 submodule {
1317 options = {
1318 production = lcSubmodule;
1319 integration = lcSubmodule;
1320 };
1321 };
1322 };
1323 emilia = mkOption {
1324 description = "Emilia configuration";
1325 type = submodule {
1326 options = {
1327 postgresql = mkPsqlOptions "Emilia";
1328 };
1329 };
1330 };
1331 florian = mkOption {
1332 description = "Florian configuration";
1333 type = submodule {
1334 options = {
1335 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1336 };
1337 };
1338 };
1339 nassime = mkOption {
1340 description = "Nassime configuration";
1341 type = submodule {
1342 options = {
1343 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1344 };
1345 };
1346 };
1347 piedsjaloux = mkOption {
1348 description = "Piedsjaloux configurations by environment";
1349 type =
1350 let
1351 pjSubmodule = mkOption {
1352 description = "environment configuration";
1353 type = submodule {
1354 options = {
1355 environment = mkOption { type = str; description = "Symfony environment"; };
87a8bffd 1356 mysql = mkMysqlOptions "Piedsjaloux" {};
ab8f306d
IB		 1357 secret = mkOption { type = str; description = "Symfony App secret"; };
1358 };
1359 };
1360 };
1361 in
1362 submodule {
1363 options = {
1364 production = pjSubmodule;
1365 integration = pjSubmodule;
1366 };
1367 };
1368 };
91b75ffe
IB		 1369 richie = mkOption {
1370 description = "Europe Richie configurations by environment";
1371 type = submodule {
1372 options = {
87a8bffd 1373 mysql = mkMysqlOptions "Richie" {};
91b75ffe
IB		 1374 smtp_mailer = mkOption {
1375 description = "SMTP mailer configuration";
1376 type = submodule {
1377 options = {
1378 user = mkOption { type = str; description = "Username"; };
1379 password = mkOption { type = str; description = "Password"; };
1380 };
1381 };
1382 };
1383 };
1384 };
1385 };
6c95e93c
IB		 1386 caldance = mkOption {
1387 description = "Caldance configurations by environment";
1388 type = submodule {
1389 options = {
1390 integration = mkOption {
1391 description = "environment configuration";
1392 type = submodule {
1393 options = {
1394 password = mkOption { type = str; description = "Password file content for basic auth"; };
1395 };
1396 };
1397 };
1398 };
1399 };
1400 };
ab8f306d
IB		 1401 tellesflorian = mkOption {
1402 description = "Tellesflorian configurations by environment";
1403 type =
1404 let
1405 tfSubmodule = mkOption {
1406 description = "environment configuration";
1407 type = submodule {
1408 options = {
1409 environment = mkOption { type = str; description = "Symfony environment"; };
87a8bffd 1410 mysql = mkMysqlOptions "Tellesflorian" {};
ab8f306d
IB		 1411 secret = mkOption { type = str; description = "Symfony App secret"; };
1412 invite_passwords = mkOption { type = str; description = "Password basic auth"; };
1413 };
1414 };
1415 };
1416 in
1417 submodule {
1418 options = {
1419 integration = tfSubmodule;
1420 };
1421 };
1422 };
1423 };
1424 };
1425 };
1426
1427 privateFiles = mkOption {
1428 type = path;
1429 description = ''
1430 Path to secret files to make available during build
1431 '';
1432 };
1433 };
619e4f46
IB		 1434 options.hostEnv = mkOption {
1435 readOnly = true;
1436 type = hostEnv;
1437 default = config.myEnv.servers."${name}";
1438 description = "Host environment";
ab8f306d
IB		 1439 };
1440}
My infrastructure configuration