]> git.immae.eu Git - perso/Immae/Config/Nix.git/blame - modules/private/environment.nix
projects / perso / Immae / Config / Nix.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add php to iridologie website
[perso/Immae/Config/Nix.git] / modules / private / environment.nix
CommitLineData
ab8f306d
IB		 1{ lib, ... }:
2with lib;
3with types;
4with lists;
5let
6 ldapOptions = {
7 base = mkOption { description = "Base of the LDAP tree"; type = str; };
8 host = mkOption { description = "Host to access LDAP"; type = str; };
9 root_dn = mkOption { description = "DN of the root user"; type = str; };
10 root_pw = mkOption { description = "Hashed password of the root user"; type = str; };
11 replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; };
12 replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; };
13 };
14 mkLdapOptions = name: more: mkOption {
15 description = "${name} LDAP configuration";
16 type = submodule {
17 options = ldapOptions // {
18 dn = mkOption { description = "DN of the ${name} user"; type = str; };
19 password = mkOption { description = "password of the ${name} user"; type = str; };
20 filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; };
21 } // more;
22 };
23 };
24 mysqlOptions = {
25 host = mkOption { description = "Host to access Mysql"; type = str; };
26 port = mkOption { description = "Port to access Mysql"; type = str; };
27 socket = mkOption { description = "Socket to access Mysql"; type = path; };
28 systemUsers = mkOption {
29 description = "Attrs of user-passwords allowed to access mysql";
30 type = attrsOf str;
31 };
32 pam = mkOption {
33 description = "PAM configuration for mysql";
34 type = submodule {
35 options = {
36 dn = mkOption { description = "DN to connect as to check users"; type = str; };
37 password = mkOption { description = "DN password to connect as to check users"; type = str; };
38 filter = mkOption { description = "filter to match users"; type = str; };
39 };
40 };
41 };
42 };
87a8bffd 43 mkMysqlOptions = name: more: mkOption {
ab8f306d
IB		 44 description = "${name} mysql configuration";
45 type = submodule {
46 options = mysqlOptions // {
47 database = mkOption { description = "${name} database"; type = str; };
48 user = mkOption { description = "${name} user"; type = str; };
49 password = mkOption { description = "mysql password of the ${name} user"; type = str; };
87a8bffd 50 } // more;
ab8f306d
IB		 51 };
52 };
53 psqlOptions = {
54 host = mkOption { description = "Host to access Postgresql"; type = str; };
55 port = mkOption { description = "Port to access Postgresql"; type = str; };
56 socket = mkOption { description = "Socket to access Postgresql"; type = path; };
57 pam = mkOption {
58 description = "PAM configuration for psql";
59 type = submodule {
60 options = {
61 dn = mkOption { description = "DN to connect as to check users"; type = str; };
62 password = mkOption { description = "DN password to connect as to check users"; type = str; };
63 filter = mkOption { description = "filter to match users"; type = str; };
64 };
65 };
66 };
67 };
68 mkPsqlOptions = name: mkOption {
69 description = "${name} psql configuration";
70 type = submodule {
71 options = psqlOptions // {
72 database = mkOption { description = "${name} database"; type = str; };
73 schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; };
74 user = mkOption { description = "${name} user"; type = str; };
75 password = mkOption { description = "psql password of the ${name} user"; type = str; };
76 };
77 };
78 };
79 redisOptions = {
80 host = mkOption { description = "Host to access Redis"; type = str; };
81 port = mkOption { description = "Port to access Redis"; type = str; };
82 socket = mkOption { description = "Socket to access Redis"; type = path; };
83 dbs = mkOption {
84 description = "Attrs of db number. Each number should be unique to avoid collision!";
85 type = attrsOf str;
86 };
87 spiped_key = mkOption {
88 type = str;
89 description = ''
90 Key to use with spiped to make a secure channel to replication
91 '';
92 };
93 predixy = mkOption {
94 description = "Predixy configuration. Unused yet";
95 type = submodule {
96 options = {
97 read = mkOption { type = str; description = "Read password"; };
98 };
99 };
100 };
101 };
102 mkRedisOptions = name: mkOption {
103 description = "${name} redis configuration";
104 type = submodule {
105 options = redisOptions // {
106 db = mkOption { description = "${name} database"; type = str; };
107 };
108 };
109 };
110in
111{
112 options.myEnv = {
113 servers = mkOption {
114 description = ''
115 Attrs of servers information in the cluster (not necessarily handled by nixops)
116 '';
117 default = {};
118 type = attrsOf (submodule {
119 options = {
e820134d
IB		 120 emails = mkOption {
121 default = [];
122 description = "List of e-mails that the server can be a sender of";
123 type = listOf str;
124 };
ab8f306d
IB		 125 ldap = mkOption {
126 description = ''
127 LDAP credentials for the host
128 '';
129 type = submodule {
130 options = {
131 password = mkOption { type = string; description = "Password for the LDAP connection"; };
132 dn = mkOption { type = string; description = "DN for the LDAP connection"; };
133 };
134 };
135 };
136 ips = mkOption {
137 description = ''
138 attrs of ip4/ip6 grouped by section
139 '';
140 type = attrsOf (submodule {
141 options = {
142 ip4 = mkOption {
143 type = string;
144 description = ''
145 ip4 address of the host
146 '';
147 };
148 ip6 = mkOption {
149 type = listOf string;
150 default = [];
151 description = ''
152 ip6 addresses of the host
153 '';
154 };
155 };
156 });
157 };
158 };
159 });
160 };
161 hetznerCloud = mkOption {
162 description = ''
163 Hetzner Cloud credential information
164 '';
165 type = submodule {
166 options = {
167 authToken = mkOption {
168 type = str;
169 description = ''
170 The API auth token.
171 '';
172 };
173 };
174 };
175 };
176 hetzner = mkOption {
177 description = ''
178 Hetzner credential information
179 '';
180 type = submodule {
181 options = {
182 user = mkOption { type = str; description = "User"; };
183 pass = mkOption { type = str; description = "Password"; };
184 };
185 };
186 };
187 sshd = mkOption {
188 description = ''
189 sshd service credential information
190 '';
191 type = submodule {
192 options = {
193 ldap = mkOption {
194 description = ''
195 LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn
196 '';
197 type = submodule {
198 options = {
199 password = mkOption { description = "Password"; type = str; };
200 };
201 };
202 };
203 };
204 };
205 };
206 ports = mkOption {
207 description = ''
208 non-standard reserved ports. Must be unique!
209 '';
210 type = attrsOf port;
211 default = {};
212 apply = let
213 noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x));
214 in
215 x: if isAttrs x && noDupl x then x else throw "Non unique values for ports";
216 };
217 httpd = mkOption {
218 description = ''
219 httpd service credential information
220 '';
221 type = submodule {
222 options = {
223 ldap = mkOption {
224 description = ''
225 LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn
226 '';
227 type = submodule {
228 options = {
229 password = mkOption { description = "Password"; type = str; };
230 };
231 };
232 };
233 };
234 };
235 };
236 ldap = mkOption {
237 description = ''
238 LDAP server configuration
239 '';
240 type = submodule {
241 options = ldapOptions;
242 };
243 };
244 databases = mkOption {
245 description = "Databases configuration";
246 type = submodule {
247 options = {
248 mysql = mkOption {
249 type = submodule { options = mysqlOptions; };
250 description = "Mysql configuration";
251 };
252 redis = mkOption {
253 type = submodule { options = redisOptions; };
254 description = "Redis configuration";
255 };
256 postgresql = mkOption {
257 type = submodule { options = psqlOptions; };
258 description = "Postgresql configuration";
259 };
260 };
261 };
262 };
263 jabber = mkOption {
264 description = "Jabber configuration";
265 type = submodule {
266 options = {
5b53d86f 267 postfix_user_filter = mkOption { type = str; description = "Postfix filter to get xmpp users"; };
ab8f306d
IB		 268 ldap = mkLdapOptions "Jabber" {};
269 postgresql = mkPsqlOptions "Jabber";
270 };
271 };
272 };
273 users = mkOption {
274 description = "System and regular users uid/gid";
275 type = attrsOf (submodule {
276 options = {
277 uid = mkOption {
278 description = "user uid";
279 type = int;
280 };
281 gid = mkOption {
282 description = "user gid";
283 type = int;
284 };
285 };
286 });
287 };
288 dns = mkOption {
289 description = "DNS configuration";
290 type = submodule {
291 options = {
292 soa = mkOption {
293 description = "SOA information";
294 type = submodule {
295 options = {
296 serial = mkOption {
297 description = "Serial number. Should be incremented at each change and unique";
298 type = str;
299 };
300 refresh = mkOption {
301 description = "Refresh time";
302 type = str;
303 };
304 retry = mkOption {
305 description = "Retry time";
306 type = str;
307 };
308 expire = mkOption {
309 description = "Expire time";
310 type = str;
311 };
312 ttl = mkOption {
313 description = "Default TTL time";
314 type = str;
315 };
316 email = mkOption {
317 description = "hostmaster e-mail";
318 type = str;
319 };
320 primary = mkOption {
321 description = "Primary NS";
322 type = str;
323 };
324 };
325 };
326 };
327 ns = mkOption {
328 description = "Attrs of NS servers group";
329 example = {
330 foo = {
331 "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ];
332 "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ];
333 };
334 };
335 type = attrsOf (attrsOf (listOf str));
336 };
337 slaveZones = mkOption {
338 description = "List of slave zones";
339 type = listOf (submodule {
340 options = {
341 name = mkOption { type = str; description = "zone name"; };
342 masters = mkOption {
343 description = "NS master groups of this zone";
344 type = listOf str;
345 };
346 };
347 });
348 };
349 masterZones = mkOption {
350 description = "List of master zones";
351 type = listOf (submodule {
352 options = {
353 name = mkOption { type = str; description = "zone name"; };
354 slaves = mkOption {
355 description = "NS slave groups of this zone";
356 type = listOf str;
357 };
358 ns = mkOption {
359 description = "groups names that should have their NS entries listed here";
360 type = listOf str;
361 };
362 extra = mkOption {
363 description = "Extra zone configuration for bind";
364 example = ''
365 notify yes;
366 '';
367 type = lines;
368 };
369 entries = mkOption { type = lines; description = "Regular entries of the NS zone"; };
370 withEmail = mkOption {
371 description = "List of domains that should have mail entries (MX, dkim, SPF, ...)";
372 default = [];
373 type = listOf (submodule {
374 options = {
375 domain = mkOption { type = str; description = "Which subdomain is concerned"; };
376 send = mkOption { type = bool; description = "Whether there can be e-mails originating from the subdomain"; };
377 receive = mkOption { type = bool; description = "Whether there can be e-mails arriving to the subdomain"; };
378 };
379 });
380 };
381 };
382 });
383 };
384 };
385 };
386 };
387 backup = mkOption {
388 description = ''
389 Remote backup with duplicity
390 '';
391 type = submodule {
392 options = {
393 password = mkOption { type = str; description = "Password for encrypting files"; };
394 remote = mkOption { type = str; description = "Remote url access"; };
395 accessKeyId = mkOption { type = str; description = "Remote access-key"; };
396 secretAccessKey = mkOption { type = str; description = "Remote access secret"; };
397 };
398 };
399 };
400 rsync_backup = mkOption {
401 description =''
402 Rsync backup configuration from controlled host
403 '';
404 type = submodule {
405 options = {
406 mailto = mkOption { type = str; description = "Where to e-mail on error"; };
407 ssh_key = mkOption {
408 description = "SSH key information";
409 type = submodule {
410 options = {
411 public = mkOption { type = str; description = "Public part of the key"; };
412 private = mkOption { type = lines; description = "Private part of the key"; };
413 };
414 };
415 };
416 profiles = mkOption {
417 description = "Attrs of profiles to backup";
418 type = attrsOf (submodule {
419 options = {
420 keep = mkOption { type = int; description = "Number of backups to keep"; };
421 login = mkOption { type = str; description = "Login to connect to host"; };
422 port = mkOption { type = str; default = "22"; description = "Port to connect to host"; };
423 host = mkOption { type = str; description = "Host to connect to"; };
424 host_key = mkOption { type = str; description = "Host key"; };
425 host_key_type = mkOption { type = str; description = "Host key type"; };
426 parts = mkOption {
427 description = "Parts to backup for this host";
428 type = attrsOf (submodule {
429 options = {
430 remote_folder = mkOption { type = path; description = "Remote folder to backup";};
431 exclude_from = mkOption {
432 type = listOf path;
433 default = [];
434 description = "List of folders/files to exclude from the backup";
435 };
436 files_from = mkOption {
437 type = listOf path;
438 default = [];
439 description = "List of folders/files to backup in the base folder";
440 };
441 args = mkOption {
442 type = nullOr str;
443 default = null;
444 description = "Extra arguments to pass to rsync";
445 };
446 };
447 });
448 };
449 };
450 });
451 };
452 };
453 };
454 };
455 monitoring = mkOption {
456 description = "Monitoring configuration";
457 type = submodule {
458 options = {
459 status_url = mkOption { type = str; description = "URL to push status to"; };
460 status_token = mkOption { type = str; description = "Token for the status url"; };
e820134d 461 http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; };
ab8f306d 462 email = mkOption { type = str; description = "Admin E-mail"; };
e820134d
IB		 463 ssh_public_key = mkOption { type = str; description = "SSH public key"; };
464 ssh_secret_key = mkOption { type = str; description = "SSH secret key"; };
465 imap_login = mkOption { type = str; description = "IMAP login"; };
466 imap_password = mkOption { type = str; description = "IMAP password"; };
467 nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; };
468 slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; };
469 slack_channel = mkOption { type = str; description = "Slack channel to push status update"; };
470 contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; };
ab8f306d
IB		 471 };
472 };
473 };
474 mpd = mkOption {
475 description = "MPD configuration";
476 type = submodule {
477 options = {
478 folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; };
479 password = mkOption { type = str; description = "Password to connect to the MPD instance"; };
480 host = mkOption { type = str; description = "Host to connect to the MPD instance"; };
481 port = mkOption { type = str; description = "Port to connect to the MPD instance"; };
482 };
483 };
484 };
485 ftp = mkOption {
486 description = "FTP configuration";
487 type = submodule {
488 options = {
489 ldap = mkLdapOptions "FTP" {};
490 };
491 };
492 };
493 mail = mkOption {
494 description = "Mail configuration";
495 type = submodule {
496 options = {
497 dmarc = mkOption {
498 description = "DMARC configuration";
499 type = submodule {
500 options = {
501 ignore_hosts = mkOption {
502 type = lines;
503 description = ''
504 Hosts to ignore when checking for dmarc
505 '';
506 };
507 };
508 };
509 };
510 dkim = mkOption {
511 description = "DKIM configuration";
512 type = attrsOf (submodule {
513 options = {
514 public = mkOption {
515 type = str;
516 example = ''
517 ( "v=DKIM1; k=rsa; "
518 "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB" )
519 '';
520 description = "Public entry to put in DNS TXT field";
521 };
522 private = mkOption { type = str; description = "Private key"; };
523 };
524 });
525 };
526 postfix = mkOption {
527 description = "Postfix configuration";
528 type = submodule {
529 options = {
530 additional_mailbox_domains = mkOption {
531 description = ''
532 List of domains that are used as mailbox final destination, in addition to those defined in the DNS records
533 '';
534 type = listOf str;
535 };
87a8bffd
IB		 536 mysql = mkMysqlOptions "Postfix" {
537 password_encrypt = mkOption { type = str; description = "Key to encrypt relay password in database"; };
538 };
ab8f306d
IB		 539 backup_domains = mkOption {
540 description = ''
541 Domains that are accepted for relay as backup domain
542 '';
543 type = attrsOf (submodule {
544 options = {
545 domains = mkOption { type = listOf str; description = "Domains list"; };
546 relay_restrictions = mkOption {
547 type = lines;
548 description = ''
549 Restrictions for relaying the e-mails from the domains
550 '';
551 };
552 recipient_maps = mkOption {
553 description = ''
554 Recipient map to accept relay for.
555 Must be specified for domain, the rules apply to everyone!
556 '';
557 type = listOf (submodule {
558 options = {
559 type = mkOption {
560 type = enum [ "hash" ];
561 description = "Map type";
562 };
563 content = mkOption {
564 type = str;
565 description = "Map content";
566 };
567 };
568 });
569 };
570 };
571 });
572 };
573 };
574 };
575 };
576 dovecot = mkOption {
577 description = "Dovecot configuration";
578 type = submodule {
579 options = {
580 ldap = mkLdapOptions "Dovecot" {
581 pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; };
582 user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; };
583 iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; };
584 iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; };
585 };
586 };
587 };
588 };
589 rspamd = mkOption {
590 description = "rspamd configuration";
591 type = submodule {
592 options = {
593 redis = mkRedisOptions "Redis";
594 read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; };
595 write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; };
596 read_password = mkOption {
597 type = str;
598 description = "Read password for rspamd. Unused";
599 apply = x: "";
600 };
601 write_password = mkOption {
602 type = str;
603 description = "Write password for rspamd. Unused";
604 apply = x: "";
605 };
606 };
607 };
608 };
609 scripts = mkOption {
610 description = "Mail script recipients";
611 type = attrsOf (submodule {
612 options = {
5b53d86f 613 external = mkEnableOption "Create a script_<name>@mail.immae.eu external address";
ab8f306d
IB		 614 src = mkOption {
615 description = ''
616 git source to fetch the script from.
617 It must have a default.nix file as its root accepting a scriptEnv parameter
618 '';
619 type = submodule {
620 options = {
621 url = mkOption { type = str; description = "git url to fetch"; };
622 rev = mkOption { type = str; description = "git reference to fetch"; };
623 };
624 };
625 };
626 env = mkOption {
627 description = "Variables to pass to the script";
628 type = unspecified;
629 };
630 };
631 });
632 };
633 };
634 };
635 };
636 buildbot = mkOption {
637 description = "Buildbot configuration";
638 type = submodule {
639 options = {
640 user = mkOption {
641 description = "Buildbot user";
642 type = submodule {
643 options = {
644 uid = mkOption {
645 description = "user uid";
646 type = int;
647 };
648 gid = mkOption {
649 description = "user gid";
650 type = int;
651 };
652 };
653 };
654 };
655 ldap = mkOption {
656 description = "Ldap configuration for buildbot";
657 type = submodule {
658 options = {
659 password = mkOption { type = str; description = "Buildbot password"; };
660 };
661 };
662 };
663 projects = mkOption {
664 description = "Projects to make a buildbot for";
665 type = attrsOf (submodule {
666 options = {
667 name = mkOption { type = str; description = "Project name"; };
668 packages = mkOption {
669 type = unspecified;
670 example = literalExample ''
671 pkgs: [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ];
672 '';
673 description = ''
674 Function.
675 Builds packages list to make available to buildbot project.
676 Takes pkgs as argument.
677 '';
678 };
679 pythonPackages = mkOption {
680 type = unspecified;
681 example = literalExample ''
682 p: pkgs: [ pkgs.python3Packages.pip ];
683 '';
684 description = ''
685 Function.
686 Builds python packages list to make available to buildbot project.
687 Takes buildbot python module as first argument and pkgs as second argument in order to augment the python modules list.
688 '';
689 };
690 pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; };
691 secrets = mkOption {
692 type = attrsOf str;
693 description = "Secrets for the project to dump as files";
694 };
695 environment = mkOption {
696 type = attrsOf str;
697 description = ''
698 Environment variables for the project.
699 BUILDBOT_ is prefixed to the variable names
700 '';
701 };
702 activationScript = mkOption {
703 type = lines;
704 description = ''
705 Activation script to run during deployment
706 '';
707 };
708 builderPaths = mkOption {
709 type = attrsOf unspecified;
710 default = {};
711 description = ''
712 Attrs of functions to make accessible specifically per builder.
713 Takes pkgs as argument and should return a single path containing binaries.
714 This path will be accessible as BUILDBOT_PATH_<attrskey>
715 '';
716 };
717 webhookTokens = mkOption {
718 type = nullOr (listOf str);
719 default = null;
720 description = ''
721 List of tokens allowed to push to project’s change_hook/base endpoint
722 '';
723 };
724 };
725 });
726 };
727 };
728 };
729 };
730 tools = mkOption {
731 description = "Tools configurations";
732 type = submodule {
733 options = {
734 davical = mkOption {
735 description = "Davical configuration";
736 type = submodule {
737 options = {
738 postgresql = mkPsqlOptions "Davical";
739 ldap = mkLdapOptions "Davical" {};
740 };
741 };
742 };
743 diaspora = mkOption {
744 description = "Diaspora configuration";
745 type = submodule {
746 options = {
747 postgresql = mkPsqlOptions "Diaspora";
748 redis = mkRedisOptions "Diaspora";
749 ldap = mkLdapOptions "Diaspora" {};
750 secret_token = mkOption { type = str; description = "Secret token"; };
751 };
752 };
753 };
754 etherpad-lite = mkOption {
755 description = "Etherpad configuration";
756 type = submodule {
757 options = {
758 postgresql = mkPsqlOptions "Etherpad";
759 ldap = mkLdapOptions "Etherpad" {
760 group_filter = mkOption { type = str; description = "Filter for groups"; };
761 };
762 session_key = mkOption { type = str; description = "Session key"; };
763 api_key = mkOption { type = str; description = "API key"; };
764 redirects = mkOption { type = str; description = "Redirects for apache"; };
765 };
766 };
767 };
768 gitolite = mkOption {
769 description = "Gitolite configuration";
770 type = submodule {
771 options = {
772 ldap = mkLdapOptions "Gitolite" {};
773 };
774 };
775 };
776 kanboard = mkOption {
777 description = "Kanboard configuration";
778 type = submodule {
779 options = {
780 postgresql = mkPsqlOptions "Kanboard";
781 ldap = mkLdapOptions "Kanboard" {
782 admin_dn = mkOption { type = str; description = "Admin DN"; };
783 };
784 };
785 };
786 };
787 mantisbt = mkOption {
788 description = "Mantisbt configuration";
789 type = submodule {
790 options = {
791 postgresql = mkPsqlOptions "Mantisbt";
792 ldap = mkLdapOptions "Mantisbt" {};
793 master_salt = mkOption { type = str; description = "Master salt for password hash"; };
794 };
795 };
796 };
797 mastodon = mkOption {
798 description = "Mastodon configuration";
799 type = submodule {
800 options = {
801 postgresql = mkPsqlOptions "Mastodon";
802 redis = mkRedisOptions "Mastodon";
803 ldap = mkLdapOptions "Mastodon" {};
804 paperclip_secret = mkOption { type = str; description = "Paperclip secret"; };
805 otp_secret = mkOption { type = str; description = "OTP secret"; };
806 secret_key_base = mkOption { type = str; description = "Secret key base"; };
807 vapid = mkOption {
808 description = "vapid key";
809 type = submodule {
810 options = {
811 private = mkOption { type = str; description = "Private key"; };
812 public = mkOption { type = str; description = "Public key"; };
813 };
814 };
815 };
816 };
817 };
818 };
819 mediagoblin = mkOption {
820 description = "Mediagoblin configuration";
821 type = submodule {
822 options = {
823 postgresql = mkPsqlOptions "Mediagoblin";
824 redis = mkRedisOptions "Mediagoblin";
825 ldap = mkLdapOptions "Mediagoblin" {};
826 };
827 };
828 };
829 nextcloud = mkOption {
830 description = "Nextcloud configuration";
831 type = submodule {
832 options = {
833 postgresql = mkPsqlOptions "Peertube";
834 redis = mkRedisOptions "Peertube";
835 password_salt = mkOption { type = str; description = "Password salt"; };
836 instance_id = mkOption { type = str; description = "Instance ID"; };
837 secret = mkOption { type = str; description = "App secret"; };
838 };
839 };
840 };
841 peertube = mkOption {
842 description = "Peertube configuration";
843 type = submodule {
844 options = {
845 listenPort = mkOption { type = port; description = "Port to listen to"; };
846 postgresql = mkPsqlOptions "Peertube";
847 redis = mkRedisOptions "Peertube";
848 ldap = mkLdapOptions "Peertube" {};
849 };
850 };
851 };
852 phpldapadmin = mkOption {
853 description = "phpLdapAdmin configuration";
854 type = submodule {
855 options = {
856 ldap = mkLdapOptions "phpldapadmin" {};
857 };
858 };
859 };
860 rompr = mkOption {
861 description = "Rompr configuration";
862 type = submodule {
863 options = {
864 mpd = mkOption {
865 description = "MPD configuration";
866 type = submodule {
867 options = {
868 host = mkOption { type = str; description = "Host for MPD"; };
869 port = mkOption { type = port; description = "Port to access MPD host"; };
870 };
871 };
872 };
873 };
874 };
875 };
876 roundcubemail = mkOption {
877 description = "Roundcubemail configuration";
878 type = submodule {
879 options = {
880 postgresql = mkPsqlOptions "TT-RSS";
881 secret = mkOption { type = str; description = "Secret"; };
882 };
883 };
884 };
885 shaarli = mkOption {
886 description = "Shaarli configuration";
887 type = submodule {
888 options = {
889 ldap = mkLdapOptions "Shaarli" {};
890 };
891 };
892 };
893 task = mkOption {
894 description = "Taskwarrior configuration";
895 type = submodule {
896 options = {
897 ldap = mkLdapOptions "Taskwarrior" {};
898 taskwarrior-web = mkOption {
899 description = "taskwarrior-web profiles";
900 type = attrsOf (submodule {
901 options = {
902 uid = mkOption {
903 type = listOf str;
904 description = "List of ldap uids having access to this profile";
905 };
906 org = mkOption { type = str; description = "Taskd organisation"; };
907 key = mkOption { type = str; description = "Taskd key"; };
908 date = mkOption { type = str; description = "Preferred date format"; };
909 };
910 });
911 };
912 };
913 };
914 };
915 ttrss = mkOption {
916 description = "TT-RSS configuration";
917 type = submodule {
918 options = {
919 postgresql = mkPsqlOptions "TT-RSS";
920 ldap = mkLdapOptions "TT-RSS" {};
921 };
922 };
923 };
924 wallabag = mkOption {
925 description = "Wallabag configuration";
926 type = submodule {
927 options = {
928 postgresql = mkPsqlOptions "Wallabag";
929 ldap = mkLdapOptions "Wallabag" {
930 admin_filter = mkOption { type = str; description = "Admin users filter"; };
931 };
932 redis = mkRedisOptions "Wallabag";
933 secret = mkOption { type = str; description = "App secret"; };
934 };
935 };
936 };
937 ympd = mkOption {
938 description = "Ympd configuration";
939 type = submodule {
940 options = {
941 listenPort = mkOption { type = port; description = "Port to listen to"; };
942 mpd = mkOption {
943 description = "MPD configuration";
944 type = submodule {
945 options = {
946 password = mkOption { type = str; description = "Password to access MPD host"; };
947 host = mkOption { type = str; description = "Host for MPD"; };
948 port = mkOption { type = port; description = "Port to access MPD host"; };
949 };
950 };
951 };
952 };
953 };
954 };
955 yourls = mkOption {
956 description = "Yourls configuration";
957 type = submodule {
958 options = {
87a8bffd 959 mysql = mkMysqlOptions "Yourls" {};
ab8f306d
IB		 960 ldap = mkLdapOptions "Yourls" {};
961 cookieKey = mkOption { type = str; description = "Cookie key"; };
962 };
963 };
964 };
965 };
966 };
967 };
968 websites = mkOption {
969 description = "Websites configurations";
970 type = submodule {
971 options = {
829ef7f1
IB		 972 isabelle = mkOption {
973 description = "Isabelle configurations by environment";
ab8f306d
IB		 974 type =
975 let
976 atenSubmodule = mkOption {
977 description = "environment configuration";
978 type = submodule {
979 options = {
980 environment = mkOption { type = str; description = "Symfony environment"; };
981 secret = mkOption { type = str; description = "Symfony App secret"; };
982 postgresql = mkPsqlOptions "Aten";
983 };
984 };
985 };
986 in
987 submodule {
988 options = {
829ef7f1
IB		 989 aten_production = atenSubmodule;
990 aten_integration = atenSubmodule;
ab8f306d
IB		 991 };
992 };
993 };
994 chloe = mkOption {
995 description = "Chloe configurations by environment";
996 type =
997 let
998 chloeSubmodule = mkOption {
999 description = "environment configuration";
1000 type = submodule {
1001 options = {
1002 environment = mkOption { type = str; description = "Symfony environment"; };
87a8bffd 1003 mysql = mkMysqlOptions "Chloe" {};
ab8f306d
IB		 1004 ldap = mkLdapOptions "Chloe" {};
1005 };
1006 };
1007 };
1008 in
1009 submodule {
1010 options = {
1011 production = chloeSubmodule;
1012 integration = chloeSubmodule;
1013 };
1014 };
1015 };
1016 connexionswing = mkOption {
1017 description = "Connexionswing configurations by environment";
1018 type =
1019 let
1020 csSubmodule = mkOption {
1021 description = "environment configuration";
1022 type = submodule {
1023 options = {
1024 environment = mkOption { type = str; description = "Symfony environment"; };
87a8bffd 1025 mysql = mkMysqlOptions "Connexionswing" {};
ab8f306d
IB		 1026 secret = mkOption { type = str; description = "Symfony App secret"; };
1027 email = mkOption { type = str; description = "Symfony email notification"; };
1028 };
1029 };
1030 };
1031 in
1032 submodule {
1033 options = {
1034 production = csSubmodule;
1035 integration = csSubmodule;
1036 };
1037 };
1038 };
1039 jerome = mkOption {
1040 description = "Naturaloutil configuration";
1041 type = submodule {
1042 options = {
87a8bffd 1043 mysql = mkMysqlOptions "Naturaloutil" {};
ab8f306d
IB		 1044 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1045 };
1046 };
1047 };
1048 telioTortay = mkOption {
1049 description = "Telio Tortay configuration";
1050 type = submodule {
1051 options = {
1052 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1053 };
1054 };
1055 };
1056 ludivinecassal = mkOption {
1057 description = "Ludivinecassal configurations by environment";
1058 type =
1059 let
1060 lcSubmodule = mkOption {
1061 description = "environment configuration";
1062 type = submodule {
1063 options = {
1064 environment = mkOption { type = str; description = "Symfony environment"; };
87a8bffd 1065 mysql = mkMysqlOptions "LudivineCassal" {};
ab8f306d
IB		 1066 ldap = mkLdapOptions "LudivineCassal" {};
1067 secret = mkOption { type = str; description = "Symfony App secret"; };
1068 };
1069 };
1070 };
1071 in
1072 submodule {
1073 options = {
1074 production = lcSubmodule;
1075 integration = lcSubmodule;
1076 };
1077 };
1078 };
1079 emilia = mkOption {
1080 description = "Emilia configuration";
1081 type = submodule {
1082 options = {
1083 postgresql = mkPsqlOptions "Emilia";
1084 };
1085 };
1086 };
1087 florian = mkOption {
1088 description = "Florian configuration";
1089 type = submodule {
1090 options = {
1091 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1092 };
1093 };
1094 };
1095 nassime = mkOption {
1096 description = "Nassime configuration";
1097 type = submodule {
1098 options = {
1099 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1100 };
1101 };
1102 };
1103 piedsjaloux = mkOption {
1104 description = "Piedsjaloux configurations by environment";
1105 type =
1106 let
1107 pjSubmodule = mkOption {
1108 description = "environment configuration";
1109 type = submodule {
1110 options = {
1111 environment = mkOption { type = str; description = "Symfony environment"; };
87a8bffd 1112 mysql = mkMysqlOptions "Piedsjaloux" {};
ab8f306d
IB		 1113 secret = mkOption { type = str; description = "Symfony App secret"; };
1114 };
1115 };
1116 };
1117 in
1118 submodule {
1119 options = {
1120 production = pjSubmodule;
1121 integration = pjSubmodule;
1122 };
1123 };
1124 };
91b75ffe
IB		 1125 richie = mkOption {
1126 description = "Europe Richie configurations by environment";
1127 type = submodule {
1128 options = {
87a8bffd 1129 mysql = mkMysqlOptions "Richie" {};
91b75ffe
IB		 1130 smtp_mailer = mkOption {
1131 description = "SMTP mailer configuration";
1132 type = submodule {
1133 options = {
1134 user = mkOption { type = str; description = "Username"; };
1135 password = mkOption { type = str; description = "Password"; };
1136 };
1137 };
1138 };
1139 };
1140 };
1141 };
ab8f306d
IB		 1142 tellesflorian = mkOption {
1143 description = "Tellesflorian configurations by environment";
1144 type =
1145 let
1146 tfSubmodule = mkOption {
1147 description = "environment configuration";
1148 type = submodule {
1149 options = {
1150 environment = mkOption { type = str; description = "Symfony environment"; };
87a8bffd 1151 mysql = mkMysqlOptions "Tellesflorian" {};
ab8f306d
IB		 1152 secret = mkOption { type = str; description = "Symfony App secret"; };
1153 invite_passwords = mkOption { type = str; description = "Password basic auth"; };
1154 };
1155 };
1156 };
1157 in
1158 submodule {
1159 options = {
1160 integration = tfSubmodule;
1161 };
1162 };
1163 };
1164 };
1165 };
1166 };
1167
1168 privateFiles = mkOption {
1169 type = path;
1170 description = ''
1171 Path to secret files to make available during build
1172 '';
1173 };
1174 };
1175 options.hostEnv = {
1176 FQDN = mkOption {
1177 type = string;
1178 description = ''
1179 FQDN of the current host.
1180 '';
1181 };
1182 };
1183}
My infrastructure configuration