]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - flakes/private/environment/flake.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Squash changes containing private information
[perso/Immae/Config/Nix.git] / flakes / private / environment / flake.nix
1 {
2 outputs = { self }: {
3 nixosModule = self.nixosModules.environment;
4 nixosModules.environment = { config, lib, name, ... }:
5 with lib;
6 with types;
7 with lists;
8 let
9 ldapOptions = {
10 base = mkOption { description = "Base of the LDAP tree"; type = str; };
11 host = mkOption { description = "Host to access LDAP"; type = str; };
12 root_dn = mkOption { description = "DN of the root user"; type = str; };
13 root_pw = mkOption { description = "Hashed password of the root user"; type = str; };
14 replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; };
15 replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; };
16 };
17 mkLdapOptions = name: more: mkOption {
18 description = "${name} LDAP configuration";
19 type = submodule {
20 options = ldapOptions // {
21 dn = mkOption { description = "DN of the ${name} user"; type = str; };
22 password = mkOption { description = "password of the ${name} user"; type = str; };
23 filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; };
24 } // more;
25 };
26 };
27 mysqlOptions = {
28 host = mkOption { description = "Host to access Mysql"; type = str; };
29 remoteHost = mkOption { description = "Host to access Mysql from outside"; type = str; };
30 port = mkOption { description = "Port to access Mysql"; type = int; };
31 socket = mkOption { description = "Socket to access Mysql"; type = path; };
32 systemUsers = mkOption {
33 description = "Attrs of user-passwords allowed to access mysql";
34 type = attrsOf str;
35 };
36 pam = mkOption {
37 description = "PAM configuration for mysql";
38 type = submodule {
39 options = {
40 dn = mkOption { description = "DN to connect as to check users"; type = str; };
41 password = mkOption { description = "DN password to connect as to check users"; type = str; };
42 filter = mkOption { description = "filter to match users"; type = str; };
43 };
44 };
45 };
46 };
47 mkMysqlOptions = name: more: mkOption {
48 description = "${name} mysql configuration";
49 type = submodule {
50 options = mysqlOptions // {
51 database = mkOption { description = "${name} database"; type = str; };
52 user = mkOption { description = "${name} user"; type = str; };
53 password = mkOption { description = "mysql password of the ${name} user"; type = str; };
54 } // more;
55 };
56 };
57 psqlOptions = {
58 host = mkOption { description = "Host to access Postgresql"; type = str; };
59 port = mkOption { description = "Port to access Postgresql"; type = str; };
60 socket = mkOption { description = "Socket to access Postgresql"; type = path; };
61 pam = mkOption {
62 description = "PAM configuration for psql";
63 type = submodule {
64 options = {
65 dn = mkOption { description = "DN to connect as to check users"; type = str; };
66 password = mkOption { description = "DN password to connect as to check users"; type = str; };
67 filter = mkOption { description = "filter to match users"; type = str; };
68 };
69 };
70 };
71 };
72 mkPsqlOptions = name: mkOption {
73 description = "${name} psql configuration";
74 type = submodule {
75 options = psqlOptions // {
76 database = mkOption { description = "${name} database"; type = str; };
77 schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; };
78 user = mkOption { description = "${name} user"; type = str; };
79 password = mkOption { description = "psql password of the ${name} user"; type = str; };
80 };
81 };
82 };
83 redisOptions = {
84 host = mkOption { description = "Host to access Redis"; type = str; };
85 port = mkOption { description = "Port to access Redis"; type = str; };
86 socket = mkOption { description = "Socket to access Redis"; type = path; };
87 dbs = mkOption {
88 description = "Attrs of db number. Each number should be unique to avoid collision!";
89 type = attrsOf str;
90 };
91 spiped_key = mkOption {
92 type = str;
93 description = ''
94 Key to use with spiped to make a secure channel to replication
95 '';
96 };
97 predixy = mkOption {
98 description = "Predixy configuration. Unused yet";
99 type = submodule {
100 options = {
101 read = mkOption { type = str; description = "Read password"; };
102 };
103 };
104 };
105 };
106 mkRedisOptions = name: mkOption {
107 description = "${name} redis configuration";
108 type = submodule {
109 options = redisOptions // {
110 db = mkOption { description = "${name} database"; type = str; };
111 };
112 };
113 };
114 smtpOptions = {
115 host = mkOption { description = "Host to access SMTP"; type = str; };
116 port = mkOption { description = "Port to access SMTP"; type = str; };
117 };
118 mkSmtpOptions = name: mkOption {
119 description = "${name} smtp configuration";
120 type = submodule {
121 options = smtpOptions // {
122 email = mkOption { description = "${name} email"; type = str; };
123 password = mkOption { description = "SMTP password of the ${name} user"; type = str; };
124 };
125 };
126 };
127 hostEnv = submodule {
128 options = {
129 fqdn = mkOption {
130 description = "Host FQDN";
131 type = str;
132 };
133 hostKey = mkOption {
134 type = nullOr str;
135 default = null;
136 description = ''
137 ssh host key
138 '';
139 };
140 isVm = mkEnableOption "The host is a vm";
141 users = mkOption {
142 type = unspecified;
143 default = pkgs: [];
144 description = ''
145 Sublist of users from realUsers. Function that takes pkgs as
146 argument and gives an array as a result
147 '';
148 };
149 emails = mkOption {
150 default = [];
151 description = "List of e-mails that the server can be a sender of";
152 type = listOf str;
153 };
154 ldap = mkOption {
155 description = ''
156 LDAP credentials for the host
157 '';
158 type = submodule {
159 options = {
160 password = mkOption { type = str; description = "Password for the LDAP connection"; };
161 dn = mkOption { type = str; description = "DN for the LDAP connection"; };
162 };
163 };
164 };
165 mx = mkOption {
166 description = "subdomain and priority for MX server";
167 default = { enable = false; };
168 type = submodule {
169 options = {
170 enable = mkEnableOption "Enable MX";
171 subdomain = mkOption { type = nullOr str; description = "Subdomain name (mx-*)"; };
172 priority = mkOption { type = nullOr int; description = "Priority"; };
173 };
174 };
175 };
176 ips = mkOption {
177 description = ''
178 attrs of ip4/ip6 grouped by section
179 '';
180 type = attrsOf (submodule {
181 options = {
182 alias = mkOption {
183 type = nullOr str;
184 default = null;
185 description = ''
186 alias to use in DNS for that group
187 '';
188 };
189 ip4 = mkOption {
190 type = listOf str;
191 default = [];
192 description = ''
193 ip4 addresses of the host
194 '';
195 };
196 ip6 = mkOption {
197 type = listOf str;
198 default = [];
199 description = ''
200 ip6 addresses of the host
201 '';
202 };
203 };
204 });
205 };
206 };
207 };
208 in
209 {
210 # Necessary for situations where flake gets included multiple times
211 key = builtins.hashString "sha256" (builtins.path { path = self.sourceInfo.outPath; name = "source"; });
212
213 options.myEnv = {
214 servers = mkOption {
215 description = ''
216 Attrs of servers information in the cluster (not necessarily handled by nixops)
217 '';
218 default = {};
219 type = attrsOf hostEnv;
220 };
221 hetznerCloud = mkOption {
222 description = ''
223 Hetzner Cloud credential information
224 '';
225 type = submodule {
226 options = {
227 authToken = mkOption {
228 type = str;
229 description = ''
230 The API auth token.
231 '';
232 };
233 };
234 };
235 };
236 hetzner = mkOption {
237 description = ''
238 Hetzner credential information
239 '';
240 type = submodule {
241 options = {
242 user = mkOption { type = str; description = "User"; };
243 pass = mkOption { type = str; description = "Password"; };
244 };
245 };
246 };
247 sshd = mkOption {
248 description = ''
249 sshd service credential information
250 '';
251 type = submodule {
252 options = {
253 rootKeys = mkOption { type = attrsOf str; description = "Keys of root users"; };
254 ldap = mkOption {
255 description = ''
256 LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn
257 '';
258 type = submodule {
259 options = {
260 password = mkOption { description = "Password"; type = str; };
261 };
262 };
263 };
264 psql = mkOption {
265 description = ''
266 PSQL credentials for immae_auth_read
267 '';
268 type = submodule {
269 options = {
270 password = mkOption { description = "Password"; type = str; };
271 };
272 };
273 };
274 };
275 };
276 };
277 ports = mkOption {
278 description = ''
279 non-standard reserved ports. Must be unique!
280 '';
281 type = attrsOf port;
282 default = {};
283 apply = let
284 noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x));
285 in
286 x: if isAttrs x && noDupl x then x else throw "Non unique values for ports";
287 };
288 httpd = mkOption {
289 description = ''
290 httpd service credential information
291 '';
292 type = submodule {
293 options = {
294 ldap = mkOption {
295 description = ''
296 LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn
297 '';
298 type = submodule {
299 options = {
300 password = mkOption { description = "Password"; type = str; };
301 };
302 };
303 };
304 };
305 };
306 };
307 smtp = mkOption {
308 type = submodule { options = smtpOptions; };
309 description = "SMTP configuration";
310 };
311 ldap = mkOption {
312 description = ''
313 LDAP server configuration
314 '';
315 type = submodule {
316 options = ldapOptions;
317 };
318 };
319 databases = mkOption {
320 description = "Databases configuration";
321 type = submodule {
322 options = {
323 mysql = mkOption {
324 type = submodule { options = mysqlOptions; };
325 description = "Mysql configuration";
326 };
327 redis = mkOption {
328 type = submodule { options = redisOptions; };
329 description = "Redis configuration";
330 };
331 postgresql = mkOption {
332 type = submodule { options = psqlOptions; };
333 description = "Postgresql configuration";
334 };
335 };
336 };
337 };
338 jabber = mkOption {
339 description = "Jabber configuration";
340 type = submodule {
341 options = {
342 postfix_user_filter = mkOption { type = str; description = "Postfix filter to get xmpp users"; };
343 ldap = mkLdapOptions "Jabber" {};
344 postgresql = mkPsqlOptions "Jabber";
345 };
346 };
347 };
348 realUsers = mkOption {
349 description = ''
350 Attrset of function taking pkgs as argument.
351 Real users settings, should provide a subattr of users.users.<name>
352 with at least: name, (hashed)Password, shell
353 '';
354 type = attrsOf unspecified;
355 };
356 users = mkOption {
357 description = "System and regular users uid/gid";
358 type = attrsOf (submodule {
359 options = {
360 uid = mkOption {
361 description = "user uid";
362 type = int;
363 };
364 gid = mkOption {
365 description = "user gid";
366 type = int;
367 };
368 };
369 });
370 };
371 dns = mkOption {
372 description = "DNS configuration";
373 type = submodule {
374 options = {
375 ns = mkOption {
376 description = "Attrs of NS servers group";
377 example = {
378 foo = {
379 "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ];
380 "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ];
381 };
382 };
383 type = attrsOf (attrsOf (listOf str));
384 };
385 };
386 };
387 };
388 backup = mkOption {
389 description = ''
390 Remote backup with duplicity
391 '';
392 type = submodule {
393 options = {
394 password = mkOption { type = str; description = "Password for encrypting files"; };
395 remotes = mkOption {
396 type = attrsOf (submodule {
397 options = {
398 remote = mkOption {
399 type = functionTo str;
400 example = literalExample ''
401 bucket: "s3://some_host/${bucket}";
402 '';
403 description = ''
404 Function.
405 Takes a bucket name as argument and returns a url
406 '';
407 };
408 accessKeyId = mkOption { type = str; description = "Remote access-key"; };
409 secretAccessKey = mkOption { type = str; description = "Remote access secret"; };
410 };
411 });
412 };
413 };
414 };
415 };
416 zrepl_backup = mkOption {
417 type = submodule {
418 options = {
419 ssh_key = mkOption {
420 description = "SSH key information";
421 type = submodule {
422 options = {
423 public = mkOption { type = str; description = "Public part of the key"; };
424 private = mkOption { type = lines; description = "Private part of the key"; };
425 };
426 };
427 };
428 mysql = mkMysqlOptions "Zrepl" {};
429 certs = mkOption {
430 description = "Certificates";
431 type = attrsOf (submodule {
432 options = {
433 key = mkOption { type = str; description = "Key"; };
434 certificate = mkOption { type = str; description = "Certificate"; };
435 };
436 });
437 };
438 };
439 };
440 };
441 rsync_backup = mkOption {
442 description =''
443 Rsync backup configuration from controlled host
444 '';
445 type = submodule {
446 options = {
447 ssh_key = mkOption {
448 description = "SSH key information";
449 type = submodule {
450 options = {
451 public = mkOption { type = str; description = "Public part of the key"; };
452 private = mkOption { type = lines; description = "Private part of the key"; };
453 };
454 };
455 };
456 profiles = mkOption {
457 description = "Attrs of profiles to backup";
458 default = {};
459 type = attrsOf (submodule {
460 options = {
461 keep = mkOption { type = int; description = "Number of backups to keep"; };
462 check_command = mkOption { type = str; description = "command to check if backup needs to be done"; default = "backup"; };
463 login = mkOption { type = str; description = "Login to connect to host"; };
464 port = mkOption { type = str; default = "22"; description = "Port to connect to host"; };
465 host = mkOption { type = str; description = "Host to connect to"; };
466 host_key = mkOption { type = str; description = "Host key"; };
467 host_key_type = mkOption { type = str; description = "Host key type"; };
468 parts = mkOption {
469 description = "Parts to backup for this host";
470 type = attrsOf (submodule {
471 options = {
472 remote_folder = mkOption { type = path; description = "Remote folder to backup";};
473 exclude_from = mkOption {
474 type = listOf path;
475 default = [];
476 description = "List of folders/files to exclude from the backup";
477 };
478 files_from = mkOption {
479 type = listOf path;
480 default = [];
481 description = "List of folders/files to backup in the base folder";
482 };
483 args = mkOption {
484 type = nullOr str;
485 default = null;
486 description = "Extra arguments to pass to rsync";
487 };
488 };
489 });
490 };
491 };
492 });
493 };
494 };
495 };
496 };
497 monitoring = mkOption {
498 description = "Monitoring configuration";
499 type = submodule {
500 options = {
501 status_url = mkOption { type = str; description = "URL to push status to"; };
502 status_token = mkOption { type = str; description = "Token for the status url"; };
503 http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; };
504 email = mkOption { type = str; description = "Admin E-mail"; };
505 ssh_public_key = mkOption { type = str; description = "SSH public key"; };
506 ssh_secret_key = mkOption { type = str; description = "SSH secret key"; };
507 imap_login = mkOption { type = str; description = "IMAP login"; };
508 imap_password = mkOption { type = str; description = "IMAP password"; };
509 eriomem_keys = mkOption { type = listOf (listOf str); description = "Eriomem keys"; default = []; };
510 ovh_sms = mkOption {
511 description = "OVH credentials for sms script";
512 type = submodule {
513 options = {
514 endpoint = mkOption { type = str; default = "ovh-eu"; description = "OVH endpoint"; };
515 application_key = mkOption { type = str; description = "Application key"; };
516 application_secret = mkOption { type = str; description = "Application secret"; };
517 consumer_key = mkOption { type = str; description = "Consumer key"; };
518 account = mkOption { type = str; description = "Account"; };
519 };
520 };
521 };
522 nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; };
523 apprise_urls = mkOption { type = str; description = "Apprise space-separated urls to push status update"; };
524 netdata_aggregator = mkOption { type = str; description = "Url where netdata information should be sent"; };
525 netdata_keys = mkOption { type = attrsOf str; description = "netdata host keys"; };
526 immae_contact = mkOption { type = str; description = "Immae Contact e-mail"; };
527 email_check = mkOption {
528 description = "Emails services to check";
529 type = attrsOf (submodule {
530 options = {
531 local = mkOption { type = bool; default = false; description = "Use local configuration"; };
532 port = mkOption { type = nullOr str; default = null; description = "Port to connect to ssh"; };
533 login = mkOption { type = nullOr str; default = null; description = "Login to connect to ssh"; };
534 targets = mkOption { type = listOf str; description = "Hosts to send E-mails to"; };
535 mail_address = mkOption { type = nullOr str; default = null; description = "E-mail recipient part to send e-mail to"; };
536 mail_domain = mkOption { type = nullOr str; default = null; description = "E-mail domain part to send e-mail to"; };
537 };
538 });
539 };
540 };
541 };
542 };
543 mpd = mkOption {
544 description = "MPD configuration";
545 type = submodule {
546 options = {
547 folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; };
548 password = mkOption { type = str; description = "Password to connect to the MPD instance"; };
549 host = mkOption { type = str; description = "Host to connect to the MPD instance"; };
550 port = mkOption { type = str; description = "Port to connect to the MPD instance"; };
551 };
552 };
553 };
554 ftp = mkOption {
555 description = "FTP configuration";
556 type = submodule {
557 options = {
558 ldap = mkLdapOptions "FTP" {
559 proftpd_filter = mkOption { type = str; description = "Filter for proftpd listing in LDAP"; };
560 pure-ftpd_filter = mkOption { type = str; description = "Filter for pure-ftpd listing in LDAP"; };
561 };
562 };
563 };
564 };
565 vpn = mkOption {
566 description = "VPN configuration";
567 type = attrsOf (submodule {
568 options = {
569 prefix = mkOption { type = str; description = "ipv6 prefix for the vpn subnet"; };
570 privateKey = mkOption { type = str; description = "Private key for the host"; };
571 publicKey = mkOption { type = str; description = "Public key for the host"; };
572 };
573 });
574 };
575 mail = mkOption {
576 description = "Mail configuration";
577 type = submodule {
578 options = {
579 dmarc = mkOption {
580 description = "DMARC configuration";
581 type = submodule {
582 options = {
583 ignore_hosts = mkOption {
584 type = lines;
585 description = ''
586 Hosts to ignore when checking for dmarc
587 '';
588 };
589 };
590 };
591 };
592 dkim = mkOption {
593 description = "DKIM configuration";
594 type = attrsOf (submodule {
595 options = {
596 public = mkOption {
597 type = attrsOf str;
598 example = literalExample ''
599 {
600 v = "DKIM1";
601 k = "rsa";
602 p = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB";
603 }
604 '';
605 description = "Public entry to put in DNS TXT field";
606 };
607 private = mkOption { type = nullOr str; default = null; description = "Private key"; };
608 };
609 });
610 };
611 postfix = mkOption {
612 description = "Postfix configuration";
613 type = submodule {
614 options = {
615 mysql = mkMysqlOptions "Postfix" {
616 password_encrypt = mkOption { type = str; description = "Key to encrypt relay password in database"; };
617 };
618 admins = mkOption {
619 description = ''
620 List of admins meant to receive common aliases
621 '';
622 type = listOf str;
623 };
624 common_aliases = mkOption {
625 description = ''
626 List of aliases common to all hosts, to forward to admins
627 '';
628 type = listOf str;
629 };
630 other_aliases = mkOption {
631 description = ''
632 Other list of aliases, to forward to admins
633 '';
634 type = listOf str;
635 };
636 };
637 };
638 };
639 dovecot = mkOption {
640 description = "Dovecot configuration";
641 type = submodule {
642 options = {
643 ldap = mkLdapOptions "Dovecot" {
644 pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; };
645 user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; };
646 iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; };
647 iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; };
648 postfix_mailbox_filter = mkOption { type = str; description = "Postfix filter to get mailboxes"; };
649 };
650 };
651 };
652 };
653 rspamd = mkOption {
654 description = "rspamd configuration";
655 type = submodule {
656 options = {
657 redis = mkRedisOptions "Redis";
658 read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; };
659 write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; };
660 read_password = mkOption {
661 type = str;
662 description = "Read password for rspamd. Unused";
663 apply = x: "";
664 };
665 write_password = mkOption {
666 type = str;
667 description = "Write password for rspamd. Unused";
668 apply = x: "";
669 };
670 };
671 };
672 };
673 sympa = mkOption {
674 description = "Sympa configuration";
675 type = submodule {
676 options = {
677 listmasters = mkOption {
678 type = listOf str;
679 description = "Listmasters";
680 };
681 postgresql = mkPsqlOptions "Sympa";
682 data_sources = mkOption {
683 type = attrsOf str;
684 default = {};
685 description = "Data sources to make available to sympa";
686 };
687 scenari = mkOption {
688 type = attrsOf str;
689 default = {};
690 description = "Scenari to make available to sympa";
691 };
692 };
693 };
694 };
695 };
696 };
697 };
698 coturn = mkOption {
699 description = "Coturn configuration";
700 type = submodule {
701 options = {
702 auth_access_key = mkOption { type = str; description = "key to access coturn"; };
703 };
704 };
705 };
706 buildbot = mkOption {
707 description = "Buildbot configuration";
708 type = submodule {
709 options = {
710 ssh_key = mkOption {
711 description = "SSH key information";
712 type = submodule {
713 options = {
714 public = mkOption { type = str; description = "Public part of the key"; };
715 private = mkOption { type = lines; description = "Private part of the key"; };
716 };
717 };
718 };
719 workerPassword = mkOption { description = "Buildbot worker password"; type = str; };
720 user = mkOption {
721 description = "Buildbot user";
722 type = submodule {
723 options = {
724 uid = mkOption {
725 description = "user uid";
726 type = int;
727 };
728 gid = mkOption {
729 description = "user gid";
730 type = int;
731 };
732 };
733 };
734 };
735 ldap = mkOption {
736 description = "Ldap configuration for buildbot";
737 type = submodule {
738 options = {
739 password = mkOption { type = str; description = "Buildbot password"; };
740 };
741 };
742 };
743 projects = mkOption {
744 description = "Projects to make a buildbot for";
745 type = attrsOf (submodule {
746 options = {
747 name = mkOption { type = str; description = "Project name"; };
748 src = mkOption { type = path; description = "source of the project configuration"; };
749 packages = mkOption {
750 type = listOf package;
751 example = literalExample ''
752 [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ];
753 '';
754 description = ''
755 Builds packages list to make available to buildbot project.
756 '';
757 };
758 pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; };
759 workerPort = mkOption { type = port; description = "Port for the worker"; };
760 secrets = mkOption {
761 type = attrsOf lines;
762 description = "Secrets for the project to dump as files";
763 };
764 secretsDeps = mkOption {
765 type = listOf package;
766 default = [];
767 description = "Dependencies of file that will land in secrets";
768 };
769 environment = mkOption {
770 type = attrsOf str;
771 description = ''
772 Environment variables for the project.
773 BUILDBOT_ is prefixed to the variable names
774 '';
775 };
776 activationScript = mkOption {
777 type = lines;
778 description = ''
779 Activation script to run during deployment
780 '';
781 };
782 webhookTokens = mkOption {
783 type = nullOr (listOf str);
784 default = null;
785 description = ''
786 List of tokens allowed to push to project’s change_hook/base endpoint
787 '';
788 };
789 };
790 });
791 };
792 };
793 };
794 };
795 tools = mkOption {
796 description = "Tools configurations";
797 type = submodule {
798 options = {
799 contact = mkOption { type = str; description = "Contact e-mail address"; };
800 assets = mkOption {
801 default = {};
802 type = attrsOf (submodule {
803 options = {
804 assetType = mkOption { type = enum ["tgz" "url" "googleFont"]; default = "url"; description = "Type of asset"; };
805 tgzRemoveComponents = mkOption { type = int; default = 0; description = "Remove components when extracting"; };
806 url = mkOption { type = str; description = "URL to fetch"; };
807 sha256 = mkOption { type = str; description = "Hash of the url"; };
808 };
809 });
810 description = "Assets to provide on assets.immae.eu";
811 };
812 davical = mkOption {
813 description = "Davical configuration";
814 type = submodule {
815 options = {
816 postgresql = mkPsqlOptions "Davical";
817 ldap = mkLdapOptions "Davical" {};
818 };
819 };
820 };
821 diaspora = mkOption {
822 description = "Diaspora configuration";
823 type = submodule {
824 options = {
825 postgresql = mkPsqlOptions "Diaspora";
826 redis = mkRedisOptions "Diaspora";
827 ldap = mkLdapOptions "Diaspora" {};
828 secret_token = mkOption { type = str; description = "Secret token"; };
829 };
830 };
831 };
832 dmarc_reports = mkOption {
833 description = "DMARC reports configuration";
834 type = submodule {
835 options = {
836 mysql = mkMysqlOptions "DMARC" {};
837 anonymous_key = mkOption { type = str; description = "Anonymous hashing key"; };
838 };
839 };
840 };
841 etherpad-lite = mkOption {
842 description = "Etherpad configuration";
843 type = submodule {
844 options = {
845 postgresql = mkPsqlOptions "Etherpad";
846 ldap = mkLdapOptions "Etherpad" {
847 group_filter = mkOption { type = str; description = "Filter for groups"; };
848 };
849 adminPassword = mkOption { type = str; description = "Admin password for mypads / admin"; };
850 session_key = mkOption { type = str; description = "Session key"; };
851 api_key = mkOption { type = str; description = "API key"; };
852 };
853 };
854 };
855 gitolite = mkOption {
856 description = "Gitolite configuration";
857 type = submodule {
858 options = {
859 ldap = mkLdapOptions "Gitolite" {};
860 ssh_key = mkOption {
861 description = "SSH key information";
862 type = submodule {
863 options = {
864 public = mkOption { type = str; description = "Public part of the key"; };
865 private = mkOption { type = lines; description = "Private part of the key"; };
866 };
867 };
868 };
869 };
870 };
871 };
872 landing = mkOption {
873 description = "Landing configuration";
874 type = submodule {
875 options = {
876 postgresql = mkPsqlOptions "Landing";
877 };
878 };
879 };
880 kanboard = mkOption {
881 description = "Kanboard configuration";
882 type = submodule {
883 options = {
884 postgresql = mkPsqlOptions "Kanboard";
885 ldap = mkLdapOptions "Kanboard" {
886 admin_dn = mkOption { type = str; description = "Admin DN"; };
887 };
888 };
889 };
890 };
891 mantisbt = mkOption {
892 description = "Mantisbt configuration";
893 type = submodule {
894 options = {
895 postgresql = mkPsqlOptions "Mantisbt";
896 ldap = mkLdapOptions "Mantisbt" {};
897 master_salt = mkOption { type = str; description = "Master salt for password hash"; };
898 };
899 };
900 };
901 mastodon = mkOption {
902 description = "Mastodon configuration";
903 type = submodule {
904 options = {
905 postgresql = mkPsqlOptions "Mastodon";
906 redis = mkRedisOptions "Mastodon";
907 ldap = mkLdapOptions "Mastodon" {};
908 paperclip_secret = mkOption { type = str; description = "Paperclip secret"; };
909 otp_secret = mkOption { type = str; description = "OTP secret"; };
910 secret_key_base = mkOption { type = str; description = "Secret key base"; };
911 vapid = mkOption {
912 description = "vapid key";
913 type = submodule {
914 options = {
915 private = mkOption { type = str; description = "Private key"; };
916 public = mkOption { type = str; description = "Public key"; };
917 };
918 };
919 };
920 };
921 };
922 };
923 mediagoblin = mkOption {
924 description = "Mediagoblin configuration";
925 type = submodule {
926 options = {
927 postgresql = mkPsqlOptions "Mediagoblin";
928 redis = mkRedisOptions "Mediagoblin";
929 ldap = mkLdapOptions "Mediagoblin" {};
930 };
931 };
932 };
933 nextcloud = mkOption {
934 description = "Nextcloud configuration";
935 type = submodule {
936 options = {
937 postgresql = mkPsqlOptions "Nextcloud";
938 redis = mkRedisOptions "Nextcloud";
939 password_salt = mkOption { type = str; description = "Password salt"; };
940 instance_id = mkOption { type = str; description = "Instance ID"; };
941 secret = mkOption { type = str; description = "App secret"; };
942 };
943 };
944 };
945 peertube = mkOption {
946 description = "Peertube configuration";
947 type = submodule {
948 options = {
949 listenPort = mkOption { type = port; description = "Port to listen to"; };
950 postgresql = mkPsqlOptions "Peertube";
951 redis = mkRedisOptions "Peertube";
952 ldap = mkLdapOptions "Peertube" {};
953 };
954 };
955 };
956 phpldapadmin = mkOption {
957 description = "phpLdapAdmin configuration";
958 type = submodule {
959 options = {
960 ldap = mkLdapOptions "phpldapadmin" {};
961 };
962 };
963 };
964 rompr = mkOption {
965 description = "Rompr configuration";
966 type = submodule {
967 options = {
968 mpd = mkOption {
969 description = "MPD configuration";
970 type = submodule {
971 options = {
972 host = mkOption { type = str; description = "Host for MPD"; };
973 port = mkOption { type = port; description = "Port to access MPD host"; };
974 };
975 };
976 };
977 };
978 };
979 };
980 roundcubemail = mkOption {
981 description = "Roundcubemail configuration";
982 type = submodule {
983 options = {
984 postgresql = mkPsqlOptions "TT-RSS";
985 secret = mkOption { type = str; description = "Secret"; };
986 };
987 };
988 };
989 shaarli = mkOption {
990 description = "Shaarli configuration";
991 type = submodule {
992 options = {
993 ldap = mkLdapOptions "Shaarli" {};
994 };
995 };
996 };
997 status_engine = mkOption {
998 description = "Status Engine configuration";
999 type = submodule {
1000 options = {
1001 mysql = mkMysqlOptions "StatusEngine" {};
1002 ldap = mkLdapOptions "StatusEngine" {};
1003 };
1004 };
1005 };
1006 task = mkOption {
1007 description = "Taskwarrior configuration";
1008 type = submodule {
1009 options = {
1010 ldap = mkLdapOptions "Taskwarrior" {};
1011 taskwarrior-web = mkOption {
1012 description = "taskwarrior-web profiles";
1013 default = {};
1014 type = attrsOf (submodule {
1015 options = {
1016 uid = mkOption {
1017 type = listOf str;
1018 description = "List of ldap uids having access to this profile";
1019 };
1020 org = mkOption { type = str; description = "Taskd organisation"; };
1021 key = mkOption { type = str; description = "Taskd key"; };
1022 date = mkOption { type = str; description = "Preferred date format"; };
1023 };
1024 });
1025 };
1026 };
1027 };
1028 };
1029 ttrss = mkOption {
1030 description = "TT-RSS configuration";
1031 type = submodule {
1032 options = {
1033 postgresql = mkPsqlOptions "TT-RSS";
1034 ldap = mkLdapOptions "TT-RSS" {};
1035 };
1036 };
1037 };
1038 wallabag = mkOption {
1039 description = "Wallabag configuration";
1040 type = submodule {
1041 options = {
1042 postgresql = mkPsqlOptions "Wallabag";
1043 ldap = mkLdapOptions "Wallabag" {
1044 admin_filter = mkOption { type = str; description = "Admin users filter"; };
1045 };
1046 redis = mkRedisOptions "Wallabag";
1047 secret = mkOption { type = str; description = "App secret"; };
1048 };
1049 };
1050 };
1051 webhooks = mkOption {
1052 type = attrsOf str;
1053 description = "Mapping 'name'.php => script for webhooks";
1054 };
1055 csp_reports = mkOption {
1056 description = "CSP report configuration";
1057 type = submodule {
1058 options = {
1059 report_uri = mkOption { type = str; description = "URI to report CSP violations to"; };
1060 policies = mkOption { type = attrsOf str; description = "CSP policies to apply"; };
1061 };
1062 };
1063 };
1064 commento = mkOption {
1065 description = "Commento configuration";
1066 type = submodule {
1067 options = {
1068 listenPort = mkOption { type = port; description = "Port to listen to"; };
1069 postgresql = mkPsqlOptions "Commento";
1070 smtp = mkSmtpOptions "Commento";
1071 };
1072 };
1073 };
1074 cryptpad = mkOption {
1075 description = "Cryptpad configuration";
1076 type = submodule {
1077 options = {
1078 email = mkOption { type = str; description = "Admin e-mail"; };
1079 admins = mkOption { type = listOf str; description = "Instance admin public keys"; };
1080 port = mkOption { type = port; description = "Port to listen to"; };
1081 };
1082 };
1083 };
1084 ympd = mkOption {
1085 description = "Ympd configuration";
1086 type = submodule {
1087 options = {
1088 listenPort = mkOption { type = port; description = "Port to listen to"; };
1089 mpd = mkOption {
1090 description = "MPD configuration";
1091 type = submodule {
1092 options = {
1093 password = mkOption { type = str; description = "Password to access MPD host"; };
1094 host = mkOption { type = str; description = "Host for MPD"; };
1095 port = mkOption { type = port; description = "Port to access MPD host"; };
1096 };
1097 };
1098 };
1099 };
1100 };
1101 };
1102 umami = mkOption {
1103 description = "Umami configuration";
1104 type = submodule {
1105 options = {
1106 listenPort = mkOption { type = port; description = "Port to listen to"; };
1107 postgresql = mkPsqlOptions "Umami";
1108 hashSalt = mkOption { type = str; description = "Hash salt"; };
1109 };
1110 };
1111 };
1112 yourls = mkOption {
1113 description = "Yourls configuration";
1114 type = submodule {
1115 options = {
1116 mysql = mkMysqlOptions "Yourls" {};
1117 ldap = mkLdapOptions "Yourls" {};
1118 cookieKey = mkOption { type = str; description = "Cookie key"; };
1119 };
1120 };
1121 };
1122 };
1123 };
1124 };
1125 serverSpecific = mkOption { type = attrsOf unspecified; description = "Server specific configuration"; };
1126 };
1127 options.hostEnv = mkOption {
1128 readOnly = true;
1129 type = hostEnv;
1130 default = config.myEnv.servers."${name}";
1131 description = "Host environment";
1132 };
1133 };
1134 };
1135 }
My infrastructure configuration