]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/environment.nix
projects / perso / Immae / Config / Nix.git / blob
? search:


0f6f3e2d50854f3f260c36afaca52a8b19d16db8
[perso/Immae/Config/Nix.git] / modules / private / environment.nix
1 { config, lib, name, ... }:
2 with lib;
3 with types;
4 with lists;
5 let
6 ldapOptions = {
7 base = mkOption { description = "Base of the LDAP tree"; type = str; };
8 host = mkOption { description = "Host to access LDAP"; type = str; };
9 root_dn = mkOption { description = "DN of the root user"; type = str; };
10 root_pw = mkOption { description = "Hashed password of the root user"; type = str; };
11 replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; };
12 replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; };
13 };
14 mkLdapOptions = name: more: mkOption {
15 description = "${name} LDAP configuration";
16 type = submodule {
17 options = ldapOptions // {
18 dn = mkOption { description = "DN of the ${name} user"; type = str; };
19 password = mkOption { description = "password of the ${name} user"; type = str; };
20 filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; };
21 } // more;
22 };
23 };
24 mysqlOptions = {
25 host = mkOption { description = "Host to access Mysql"; type = str; };
26 remoteHost = mkOption { description = "Host to access Mysql from outside"; type = str; };
27 port = mkOption { description = "Port to access Mysql"; type = str; };
28 socket = mkOption { description = "Socket to access Mysql"; type = path; };
29 systemUsers = mkOption {
30 description = "Attrs of user-passwords allowed to access mysql";
31 type = attrsOf str;
32 };
33 pam = mkOption {
34 description = "PAM configuration for mysql";
35 type = submodule {
36 options = {
37 dn = mkOption { description = "DN to connect as to check users"; type = str; };
38 password = mkOption { description = "DN password to connect as to check users"; type = str; };
39 filter = mkOption { description = "filter to match users"; type = str; };
40 };
41 };
42 };
43 };
44 mkMysqlOptions = name: more: mkOption {
45 description = "${name} mysql configuration";
46 type = submodule {
47 options = mysqlOptions // {
48 database = mkOption { description = "${name} database"; type = str; };
49 user = mkOption { description = "${name} user"; type = str; };
50 password = mkOption { description = "mysql password of the ${name} user"; type = str; };
51 } // more;
52 };
53 };
54 psqlOptions = {
55 host = mkOption { description = "Host to access Postgresql"; type = str; };
56 port = mkOption { description = "Port to access Postgresql"; type = str; };
57 socket = mkOption { description = "Socket to access Postgresql"; type = path; };
58 pam = mkOption {
59 description = "PAM configuration for psql";
60 type = submodule {
61 options = {
62 dn = mkOption { description = "DN to connect as to check users"; type = str; };
63 password = mkOption { description = "DN password to connect as to check users"; type = str; };
64 filter = mkOption { description = "filter to match users"; type = str; };
65 };
66 };
67 };
68 };
69 mkPsqlOptions = name: mkOption {
70 description = "${name} psql configuration";
71 type = submodule {
72 options = psqlOptions // {
73 database = mkOption { description = "${name} database"; type = str; };
74 schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; };
75 user = mkOption { description = "${name} user"; type = str; };
76 password = mkOption { description = "psql password of the ${name} user"; type = str; };
77 };
78 };
79 };
80 redisOptions = {
81 host = mkOption { description = "Host to access Redis"; type = str; };
82 port = mkOption { description = "Port to access Redis"; type = str; };
83 socket = mkOption { description = "Socket to access Redis"; type = path; };
84 dbs = mkOption {
85 description = "Attrs of db number. Each number should be unique to avoid collision!";
86 type = attrsOf str;
87 };
88 spiped_key = mkOption {
89 type = str;
90 description = ''
91 Key to use with spiped to make a secure channel to replication
92 '';
93 };
94 predixy = mkOption {
95 description = "Predixy configuration. Unused yet";
96 type = submodule {
97 options = {
98 read = mkOption { type = str; description = "Read password"; };
99 };
100 };
101 };
102 };
103 mkRedisOptions = name: mkOption {
104 description = "${name} redis configuration";
105 type = submodule {
106 options = redisOptions // {
107 db = mkOption { description = "${name} database"; type = str; };
108 };
109 };
110 };
111 smtpOptions = {
112 host = mkOption { description = "Host to access SMTP"; type = str; };
113 port = mkOption { description = "Port to access SMTP"; type = str; };
114 };
115 mkSmtpOptions = name: mkOption {
116 description = "${name} smtp configuration";
117 type = submodule {
118 options = smtpOptions // {
119 email = mkOption { description = "${name} email"; type = str; };
120 password = mkOption { description = "SMTP password of the ${name} user"; type = str; };
121 };
122 };
123 };
124 hostEnv = submodule {
125 options = {
126 fqdn = mkOption {
127 description = "Host FQDN";
128 type = str;
129 };
130 users = mkOption {
131 type = unspecified;
132 default = pkgs: [];
133 description = ''
134 Sublist of users from realUsers. Function that takes pkgs as
135 argument and gives an array as a result
136 '';
137 };
138 emails = mkOption {
139 default = [];
140 description = "List of e-mails that the server can be a sender of";
141 type = listOf str;
142 };
143 ldap = mkOption {
144 description = ''
145 LDAP credentials for the host
146 '';
147 type = submodule {
148 options = {
149 password = mkOption { type = str; description = "Password for the LDAP connection"; };
150 dn = mkOption { type = str; description = "DN for the LDAP connection"; };
151 };
152 };
153 };
154 mx = mkOption {
155 description = "subdomain and priority for MX server";
156 default = { enable = false; };
157 type = submodule {
158 options = {
159 enable = mkEnableOption "Enable MX";
160 subdomain = mkOption { type = nullOr str; description = "Subdomain name (mx-*)"; };
161 priority = mkOption { type = nullOr str; description = "Priority"; };
162 };
163 };
164 };
165 ips = mkOption {
166 description = ''
167 attrs of ip4/ip6 grouped by section
168 '';
169 type = attrsOf (submodule {
170 options = {
171 ip4 = mkOption {
172 type = str;
173 description = ''
174 ip4 address of the host
175 '';
176 };
177 ip6 = mkOption {
178 type = listOf str;
179 default = [];
180 description = ''
181 ip6 addresses of the host
182 '';
183 };
184 };
185 });
186 };
187 };
188 };
189 in
190 {
191 options.myEnv = {
192 servers = mkOption {
193 description = ''
194 Attrs of servers information in the cluster (not necessarily handled by nixops)
195 '';
196 default = {};
197 type = attrsOf hostEnv;
198 };
199 hetznerCloud = mkOption {
200 description = ''
201 Hetzner Cloud credential information
202 '';
203 type = submodule {
204 options = {
205 authToken = mkOption {
206 type = str;
207 description = ''
208 The API auth token.
209 '';
210 };
211 };
212 };
213 };
214 hetzner = mkOption {
215 description = ''
216 Hetzner credential information
217 '';
218 type = submodule {
219 options = {
220 user = mkOption { type = str; description = "User"; };
221 pass = mkOption { type = str; description = "Password"; };
222 };
223 };
224 };
225 sshd = mkOption {
226 description = ''
227 sshd service credential information
228 '';
229 type = submodule {
230 options = {
231 ldap = mkOption {
232 description = ''
233 LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn
234 '';
235 type = submodule {
236 options = {
237 password = mkOption { description = "Password"; type = str; };
238 };
239 };
240 };
241 };
242 };
243 };
244 ports = mkOption {
245 description = ''
246 non-standard reserved ports. Must be unique!
247 '';
248 type = attrsOf port;
249 default = {};
250 apply = let
251 noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x));
252 in
253 x: if isAttrs x && noDupl x then x else throw "Non unique values for ports";
254 };
255 httpd = mkOption {
256 description = ''
257 httpd service credential information
258 '';
259 type = submodule {
260 options = {
261 ldap = mkOption {
262 description = ''
263 LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn
264 '';
265 type = submodule {
266 options = {
267 password = mkOption { description = "Password"; type = str; };
268 };
269 };
270 };
271 };
272 };
273 };
274 smtp = mkOption {
275 type = submodule { options = smtpOptions; };
276 description = "SMTP configuration";
277 };
278 ldap = mkOption {
279 description = ''
280 LDAP server configuration
281 '';
282 type = submodule {
283 options = ldapOptions;
284 };
285 };
286 databases = mkOption {
287 description = "Databases configuration";
288 type = submodule {
289 options = {
290 mysql = mkOption {
291 type = submodule { options = mysqlOptions; };
292 description = "Mysql configuration";
293 };
294 redis = mkOption {
295 type = submodule { options = redisOptions; };
296 description = "Redis configuration";
297 };
298 postgresql = mkOption {
299 type = submodule { options = psqlOptions; };
300 description = "Postgresql configuration";
301 };
302 };
303 };
304 };
305 jabber = mkOption {
306 description = "Jabber configuration";
307 type = submodule {
308 options = {
309 postfix_user_filter = mkOption { type = str; description = "Postfix filter to get xmpp users"; };
310 ldap = mkLdapOptions "Jabber" {};
311 postgresql = mkPsqlOptions "Jabber";
312 };
313 };
314 };
315 realUsers = mkOption {
316 description = ''
317 Attrset of function taking pkgs as argument.
318 Real users settings, should provide a subattr of users.users.<name>
319 with at least: name, (hashed)Password, shell
320 '';
321 type = attrsOf unspecified;
322 };
323 users = mkOption {
324 description = "System and regular users uid/gid";
325 type = attrsOf (submodule {
326 options = {
327 uid = mkOption {
328 description = "user uid";
329 type = int;
330 };
331 gid = mkOption {
332 description = "user gid";
333 type = int;
334 };
335 };
336 });
337 };
338 dns = mkOption {
339 description = "DNS configuration";
340 type = submodule {
341 options = {
342 soa = mkOption {
343 description = "SOA information";
344 type = submodule {
345 options = {
346 serial = mkOption {
347 description = "Serial number. Should be incremented at each change and unique";
348 type = str;
349 };
350 refresh = mkOption {
351 description = "Refresh time";
352 type = str;
353 };
354 retry = mkOption {
355 description = "Retry time";
356 type = str;
357 };
358 expire = mkOption {
359 description = "Expire time";
360 type = str;
361 };
362 ttl = mkOption {
363 description = "Default TTL time";
364 type = str;
365 };
366 email = mkOption {
367 description = "hostmaster e-mail";
368 type = str;
369 };
370 primary = mkOption {
371 description = "Primary NS";
372 type = str;
373 };
374 };
375 };
376 };
377 ns = mkOption {
378 description = "Attrs of NS servers group";
379 example = {
380 foo = {
381 "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ];
382 "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ];
383 };
384 };
385 type = attrsOf (attrsOf (listOf str));
386 };
387 slaveZones = mkOption {
388 description = "List of slave zones";
389 type = listOf (submodule {
390 options = {
391 name = mkOption { type = str; description = "zone name"; };
392 masters = mkOption {
393 description = "NS master groups of this zone";
394 type = listOf str;
395 };
396 };
397 });
398 };
399 masterZones = mkOption {
400 description = "List of master zones";
401 type = listOf (submodule {
402 options = {
403 name = mkOption { type = str; description = "zone name"; };
404 slaves = mkOption {
405 description = "NS slave groups of this zone";
406 type = listOf str;
407 };
408 ns = mkOption {
409 description = "groups names that should have their NS entries listed here";
410 type = listOf str;
411 };
412 extra = mkOption {
413 description = "Extra zone configuration for bind";
414 example = ''
415 notify yes;
416 '';
417 type = lines;
418 };
419 entries = mkOption { type = lines; description = "Regular entries of the NS zone"; };
420 withEmail = mkOption {
421 description = "List of domains that should have mail entries (MX, dkim, SPF, ...)";
422 default = [];
423 type = listOf (submodule {
424 options = {
425 domain = mkOption { type = str; description = "Which subdomain is concerned"; };
426 send = mkOption { type = bool; description = "Whether there can be e-mails originating from the subdomain"; };
427 receive = mkOption { type = bool; description = "Whether there can be e-mails arriving to the subdomain"; };
428 };
429 });
430 };
431 };
432 });
433 };
434 };
435 };
436 };
437 backup = mkOption {
438 description = ''
439 Remote backup with duplicity
440 '';
441 type = submodule {
442 options = {
443 password = mkOption { type = str; description = "Password for encrypting files"; };
444 remotes = mkOption {
445 type = attrsOf (submodule {
446 options = {
447 remote = mkOption {
448 type = unspecified;
449 example = literalExample ''
450 bucket: "s3://some_host/${bucket}";
451 '';
452 description = ''
453 Function.
454 Takes a bucket name as argument and returns a url
455 '';
456 };
457 accessKeyId = mkOption { type = str; description = "Remote access-key"; };
458 secretAccessKey = mkOption { type = str; description = "Remote access secret"; };
459 };
460 });
461 };
462 };
463 };
464 };
465 zrepl_backup = mkOption {
466 type = submodule {
467 options = {
468 ssh_key = mkOption {
469 description = "SSH key information";
470 type = submodule {
471 options = {
472 public = mkOption { type = str; description = "Public part of the key"; };
473 private = mkOption { type = lines; description = "Private part of the key"; };
474 };
475 };
476 };
477 mysql = mkMysqlOptions "Zrepl" {};
478 };
479 };
480 };
481 rsync_backup = mkOption {
482 description =''
483 Rsync backup configuration from controlled host
484 '';
485 type = submodule {
486 options = {
487 ssh_key = mkOption {
488 description = "SSH key information";
489 type = submodule {
490 options = {
491 public = mkOption { type = str; description = "Public part of the key"; };
492 private = mkOption { type = lines; description = "Private part of the key"; };
493 };
494 };
495 };
496 profiles = mkOption {
497 description = "Attrs of profiles to backup";
498 type = attrsOf (submodule {
499 options = {
500 keep = mkOption { type = int; description = "Number of backups to keep"; };
501 check_command = mkOption { type = str; description = "command to check if backup needs to be done"; default = "backup"; };
502 login = mkOption { type = str; description = "Login to connect to host"; };
503 port = mkOption { type = str; default = "22"; description = "Port to connect to host"; };
504 host = mkOption { type = str; description = "Host to connect to"; };
505 host_key = mkOption { type = str; description = "Host key"; };
506 host_key_type = mkOption { type = str; description = "Host key type"; };
507 parts = mkOption {
508 description = "Parts to backup for this host";
509 type = attrsOf (submodule {
510 options = {
511 remote_folder = mkOption { type = path; description = "Remote folder to backup";};
512 exclude_from = mkOption {
513 type = listOf path;
514 default = [];
515 description = "List of folders/files to exclude from the backup";
516 };
517 files_from = mkOption {
518 type = listOf path;
519 default = [];
520 description = "List of folders/files to backup in the base folder";
521 };
522 args = mkOption {
523 type = nullOr str;
524 default = null;
525 description = "Extra arguments to pass to rsync";
526 };
527 };
528 });
529 };
530 };
531 });
532 };
533 };
534 };
535 };
536 monitoring = mkOption {
537 description = "Monitoring configuration";
538 type = submodule {
539 options = {
540 status_url = mkOption { type = str; description = "URL to push status to"; };
541 status_token = mkOption { type = str; description = "Token for the status url"; };
542 http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; };
543 email = mkOption { type = str; description = "Admin E-mail"; };
544 ssh_public_key = mkOption { type = str; description = "SSH public key"; };
545 ssh_secret_key = mkOption { type = str; description = "SSH secret key"; };
546 imap_login = mkOption { type = str; description = "IMAP login"; };
547 imap_password = mkOption { type = str; description = "IMAP password"; };
548 eriomem_keys = mkOption { type = listOf (listOf str); description = "Eriomem keys"; default = []; };
549 ovh_sms = mkOption {
550 description = "OVH credentials for sms script";
551 type = submodule {
552 options = {
553 endpoint = mkOption { type = str; default = "ovh-eu"; description = "OVH endpoint"; };
554 application_key = mkOption { type = str; description = "Application key"; };
555 application_secret = mkOption { type = str; description = "Application secret"; };
556 consumer_key = mkOption { type = str; description = "Consumer key"; };
557 account = mkOption { type = str; description = "Account"; };
558 };
559 };
560 };
561 nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; };
562 slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; };
563 slack_channel = mkOption { type = str; description = "Slack channel to push status update"; };
564 contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; };
565 email_check = mkOption {
566 description = "Emails services to check";
567 type = attrsOf (submodule {
568 options = {
569 local = mkOption { type = bool; default = false; description = "Use local configuration"; };
570 port = mkOption { type = nullOr str; default = null; description = "Port to connect to ssh"; };
571 login = mkOption { type = nullOr str; default = null; description = "Login to connect to ssh"; };
572 targets = mkOption { type = listOf str; description = "Hosts to send E-mails to"; };
573 mail_address = mkOption { type = nullOr str; default = null; description = "E-mail recipient part to send e-mail to"; };
574 mail_domain = mkOption { type = nullOr str; default = null; description = "E-mail domain part to send e-mail to"; };
575 };
576 });
577 };
578 };
579 };
580 };
581 mpd = mkOption {
582 description = "MPD configuration";
583 type = submodule {
584 options = {
585 folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; };
586 password = mkOption { type = str; description = "Password to connect to the MPD instance"; };
587 host = mkOption { type = str; description = "Host to connect to the MPD instance"; };
588 port = mkOption { type = str; description = "Port to connect to the MPD instance"; };
589 };
590 };
591 };
592 ftp = mkOption {
593 description = "FTP configuration";
594 type = submodule {
595 options = {
596 ldap = mkLdapOptions "FTP" {};
597 };
598 };
599 };
600 vpn = mkOption {
601 description = "VPN configuration";
602 type = attrsOf (submodule {
603 options = {
604 prefix = mkOption { type = str; description = "ipv6 prefix for the vpn subnet"; };
605 privateKey = mkOption { type = str; description = "Private key for the host"; };
606 publicKey = mkOption { type = str; description = "Public key for the host"; };
607 };
608 });
609 };
610 mail = mkOption {
611 description = "Mail configuration";
612 type = submodule {
613 options = {
614 dmarc = mkOption {
615 description = "DMARC configuration";
616 type = submodule {
617 options = {
618 ignore_hosts = mkOption {
619 type = lines;
620 description = ''
621 Hosts to ignore when checking for dmarc
622 '';
623 };
624 };
625 };
626 };
627 dkim = mkOption {
628 description = "DKIM configuration";
629 type = attrsOf (submodule {
630 options = {
631 public = mkOption {
632 type = str;
633 example = ''
634 ( "v=DKIM1; k=rsa; "
635 "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB" )
636 '';
637 description = "Public entry to put in DNS TXT field";
638 };
639 private = mkOption { type = str; description = "Private key"; };
640 };
641 });
642 };
643 postfix = mkOption {
644 description = "Postfix configuration";
645 type = submodule {
646 options = {
647 additional_mailbox_domains = mkOption {
648 description = ''
649 List of domains that are used as mailbox final destination, in addition to those defined in the DNS records
650 '';
651 type = listOf str;
652 };
653 mysql = mkMysqlOptions "Postfix" {
654 password_encrypt = mkOption { type = str; description = "Key to encrypt relay password in database"; };
655 };
656 backup_domains = mkOption {
657 description = ''
658 Domains that are accepted for relay as backup domain
659 '';
660 type = attrsOf (submodule {
661 options = {
662 domains = mkOption { type = listOf str; description = "Domains list"; };
663 relay_restrictions = mkOption {
664 type = lines;
665 description = ''
666 Restrictions for relaying the e-mails from the domains
667 '';
668 };
669 recipient_maps = mkOption {
670 description = ''
671 Recipient map to accept relay for.
672 Must be specified for domain, the rules apply to everyone!
673 '';
674 type = listOf (submodule {
675 options = {
676 type = mkOption {
677 type = enum [ "hash" ];
678 description = "Map type";
679 };
680 content = mkOption {
681 type = str;
682 description = "Map content";
683 };
684 };
685 });
686 };
687 };
688 });
689 };
690 };
691 };
692 };
693 dovecot = mkOption {
694 description = "Dovecot configuration";
695 type = submodule {
696 options = {
697 ldap = mkLdapOptions "Dovecot" {
698 pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; };
699 user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; };
700 iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; };
701 iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; };
702 postfix_mailbox_filter = mkOption { type = str; description = "Postfix filter to get mailboxes"; };
703 };
704 };
705 };
706 };
707 rspamd = mkOption {
708 description = "rspamd configuration";
709 type = submodule {
710 options = {
711 redis = mkRedisOptions "Redis";
712 read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; };
713 write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; };
714 read_password = mkOption {
715 type = str;
716 description = "Read password for rspamd. Unused";
717 apply = x: "";
718 };
719 write_password = mkOption {
720 type = str;
721 description = "Write password for rspamd. Unused";
722 apply = x: "";
723 };
724 };
725 };
726 };
727 scripts = mkOption {
728 description = "Mail script recipients";
729 type = attrsOf (submodule {
730 options = {
731 external = mkEnableOption "Create a script_<name>@mail.immae.eu external address";
732 src = mkOption {
733 description = ''
734 git source to fetch the script from.
735 It must have a default.nix file as its root accepting a scriptEnv parameter
736 '';
737 type = submodule {
738 options = {
739 url = mkOption { type = str; description = "git url to fetch"; };
740 rev = mkOption { type = str; description = "git reference to fetch"; };
741 };
742 };
743 };
744 env = mkOption {
745 description = "Variables to pass to the script";
746 type = unspecified;
747 };
748 };
749 });
750 };
751 sympa = mkOption {
752 description = "Sympa configuration";
753 type = submodule {
754 options = {
755 listmasters = mkOption {
756 type = listOf str;
757 description = "Listmasters";
758 };
759 postgresql = mkPsqlOptions "Sympa";
760 data_sources = mkOption {
761 type = attrsOf str;
762 default = {};
763 description = "Data sources to make available to sympa";
764 };
765 scenari = mkOption {
766 type = attrsOf str;
767 default = {};
768 description = "Scenari to make available to sympa";
769 };
770 };
771 };
772 };
773 };
774 };
775 };
776 buildbot = mkOption {
777 description = "Buildbot configuration";
778 type = submodule {
779 options = {
780 user = mkOption {
781 description = "Buildbot user";
782 type = submodule {
783 options = {
784 uid = mkOption {
785 description = "user uid";
786 type = int;
787 };
788 gid = mkOption {
789 description = "user gid";
790 type = int;
791 };
792 };
793 };
794 };
795 ldap = mkOption {
796 description = "Ldap configuration for buildbot";
797 type = submodule {
798 options = {
799 password = mkOption { type = str; description = "Buildbot password"; };
800 };
801 };
802 };
803 projects = mkOption {
804 description = "Projects to make a buildbot for";
805 type = attrsOf (submodule {
806 options = {
807 name = mkOption { type = str; description = "Project name"; };
808 packages = mkOption {
809 type = unspecified;
810 example = literalExample ''
811 pkgs: [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ];
812 '';
813 description = ''
814 Function.
815 Builds packages list to make available to buildbot project.
816 Takes pkgs as argument.
817 '';
818 };
819 pythonPackages = mkOption {
820 type = unspecified;
821 example = literalExample ''
822 p: pkgs: [ pkgs.python3Packages.pip ];
823 '';
824 description = ''
825 Function.
826 Builds python packages list to make available to buildbot project.
827 Takes buildbot python module as first argument and pkgs as second argument in order to augment the python modules list.
828 '';
829 };
830 pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; };
831 secrets = mkOption {
832 type = attrsOf str;
833 description = "Secrets for the project to dump as files";
834 };
835 environment = mkOption {
836 type = attrsOf str;
837 description = ''
838 Environment variables for the project.
839 BUILDBOT_ is prefixed to the variable names
840 '';
841 };
842 activationScript = mkOption {
843 type = lines;
844 description = ''
845 Activation script to run during deployment
846 '';
847 };
848 builderPaths = mkOption {
849 type = attrsOf unspecified;
850 default = {};
851 description = ''
852 Attrs of functions to make accessible specifically per builder.
853 Takes pkgs as argument and should return a single path containing binaries.
854 This path will be accessible as BUILDBOT_PATH_<attrskey>
855 '';
856 };
857 webhookTokens = mkOption {
858 type = nullOr (listOf str);
859 default = null;
860 description = ''
861 List of tokens allowed to push to project’s change_hook/base endpoint
862 '';
863 };
864 };
865 });
866 };
867 };
868 };
869 };
870 tools = mkOption {
871 description = "Tools configurations";
872 type = submodule {
873 options = {
874 contact = mkOption { type = str; description = "Contact e-mail address"; };
875 assets = mkOption {
876 default = {};
877 type = attrsOf (submodule {
878 options = {
879 url = mkOption { type = str; description = "URL to fetch"; };
880 sha256 = mkOption { type = str; description = "Hash of the url"; };
881 };
882 });
883 description = "Assets to provide on assets.immae.eu";
884 };
885 davical = mkOption {
886 description = "Davical configuration";
887 type = submodule {
888 options = {
889 postgresql = mkPsqlOptions "Davical";
890 ldap = mkLdapOptions "Davical" {};
891 };
892 };
893 };
894 diaspora = mkOption {
895 description = "Diaspora configuration";
896 type = submodule {
897 options = {
898 postgresql = mkPsqlOptions "Diaspora";
899 redis = mkRedisOptions "Diaspora";
900 ldap = mkLdapOptions "Diaspora" {};
901 secret_token = mkOption { type = str; description = "Secret token"; };
902 };
903 };
904 };
905 dmarc_reports = mkOption {
906 description = "DMARC reports configuration";
907 type = submodule {
908 options = {
909 mysql = mkMysqlOptions "DMARC" {};
910 anonymous_key = mkOption { type = str; description = "Anonymous hashing key"; };
911 };
912 };
913 };
914 etherpad-lite = mkOption {
915 description = "Etherpad configuration";
916 type = submodule {
917 options = {
918 postgresql = mkPsqlOptions "Etherpad";
919 ldap = mkLdapOptions "Etherpad" {
920 group_filter = mkOption { type = str; description = "Filter for groups"; };
921 };
922 adminPassword = mkOption { type = str; description = "Admin password for mypads / admin"; };
923 session_key = mkOption { type = str; description = "Session key"; };
924 api_key = mkOption { type = str; description = "API key"; };
925 redirects = mkOption { type = str; description = "Redirects for apache"; };
926 };
927 };
928 };
929 gitolite = mkOption {
930 description = "Gitolite configuration";
931 type = submodule {
932 options = {
933 ldap = mkLdapOptions "Gitolite" {};
934 };
935 };
936 };
937 kanboard = mkOption {
938 description = "Kanboard configuration";
939 type = submodule {
940 options = {
941 postgresql = mkPsqlOptions "Kanboard";
942 ldap = mkLdapOptions "Kanboard" {
943 admin_dn = mkOption { type = str; description = "Admin DN"; };
944 };
945 };
946 };
947 };
948 mantisbt = mkOption {
949 description = "Mantisbt configuration";
950 type = submodule {
951 options = {
952 postgresql = mkPsqlOptions "Mantisbt";
953 ldap = mkLdapOptions "Mantisbt" {};
954 master_salt = mkOption { type = str; description = "Master salt for password hash"; };
955 };
956 };
957 };
958 mastodon = mkOption {
959 description = "Mastodon configuration";
960 type = submodule {
961 options = {
962 postgresql = mkPsqlOptions "Mastodon";
963 redis = mkRedisOptions "Mastodon";
964 ldap = mkLdapOptions "Mastodon" {};
965 paperclip_secret = mkOption { type = str; description = "Paperclip secret"; };
966 otp_secret = mkOption { type = str; description = "OTP secret"; };
967 secret_key_base = mkOption { type = str; description = "Secret key base"; };
968 vapid = mkOption {
969 description = "vapid key";
970 type = submodule {
971 options = {
972 private = mkOption { type = str; description = "Private key"; };
973 public = mkOption { type = str; description = "Public key"; };
974 };
975 };
976 };
977 };
978 };
979 };
980 mediagoblin = mkOption {
981 description = "Mediagoblin configuration";
982 type = submodule {
983 options = {
984 postgresql = mkPsqlOptions "Mediagoblin";
985 redis = mkRedisOptions "Mediagoblin";
986 ldap = mkLdapOptions "Mediagoblin" {};
987 };
988 };
989 };
990 nextcloud = mkOption {
991 description = "Nextcloud configuration";
992 type = submodule {
993 options = {
994 postgresql = mkPsqlOptions "Peertube";
995 redis = mkRedisOptions "Peertube";
996 password_salt = mkOption { type = str; description = "Password salt"; };
997 instance_id = mkOption { type = str; description = "Instance ID"; };
998 secret = mkOption { type = str; description = "App secret"; };
999 };
1000 };
1001 };
1002 peertube = mkOption {
1003 description = "Peertube configuration";
1004 type = submodule {
1005 options = {
1006 listenPort = mkOption { type = port; description = "Port to listen to"; };
1007 postgresql = mkPsqlOptions "Peertube";
1008 redis = mkRedisOptions "Peertube";
1009 ldap = mkLdapOptions "Peertube" {};
1010 };
1011 };
1012 };
1013 syden_peertube = mkOption {
1014 description = "Peertube Syden configuration";
1015 type = submodule {
1016 options = {
1017 listenPort = mkOption { type = port; description = "Port to listen to"; };
1018 postgresql = mkPsqlOptions "Peertube";
1019 redis = mkRedisOptions "Peertube";
1020 };
1021 };
1022 };
1023 phpldapadmin = mkOption {
1024 description = "phpLdapAdmin configuration";
1025 type = submodule {
1026 options = {
1027 ldap = mkLdapOptions "phpldapadmin" {};
1028 };
1029 };
1030 };
1031 rompr = mkOption {
1032 description = "Rompr configuration";
1033 type = submodule {
1034 options = {
1035 mpd = mkOption {
1036 description = "MPD configuration";
1037 type = submodule {
1038 options = {
1039 host = mkOption { type = str; description = "Host for MPD"; };
1040 port = mkOption { type = port; description = "Port to access MPD host"; };
1041 };
1042 };
1043 };
1044 };
1045 };
1046 };
1047 roundcubemail = mkOption {
1048 description = "Roundcubemail configuration";
1049 type = submodule {
1050 options = {
1051 postgresql = mkPsqlOptions "TT-RSS";
1052 secret = mkOption { type = str; description = "Secret"; };
1053 };
1054 };
1055 };
1056 shaarli = mkOption {
1057 description = "Shaarli configuration";
1058 type = submodule {
1059 options = {
1060 ldap = mkLdapOptions "Shaarli" {};
1061 };
1062 };
1063 };
1064 status_engine = mkOption {
1065 description = "Status Engine configuration";
1066 type = submodule {
1067 options = {
1068 mysql = mkMysqlOptions "StatusEngine" {};
1069 ldap = mkLdapOptions "StatusEngine" {};
1070 };
1071 };
1072 };
1073 task = mkOption {
1074 description = "Taskwarrior configuration";
1075 type = submodule {
1076 options = {
1077 ldap = mkLdapOptions "Taskwarrior" {};
1078 taskwarrior-web = mkOption {
1079 description = "taskwarrior-web profiles";
1080 type = attrsOf (submodule {
1081 options = {
1082 uid = mkOption {
1083 type = listOf str;
1084 description = "List of ldap uids having access to this profile";
1085 };
1086 org = mkOption { type = str; description = "Taskd organisation"; };
1087 key = mkOption { type = str; description = "Taskd key"; };
1088 date = mkOption { type = str; description = "Preferred date format"; };
1089 };
1090 });
1091 };
1092 };
1093 };
1094 };
1095 ttrss = mkOption {
1096 description = "TT-RSS configuration";
1097 type = submodule {
1098 options = {
1099 postgresql = mkPsqlOptions "TT-RSS";
1100 ldap = mkLdapOptions "TT-RSS" {};
1101 };
1102 };
1103 };
1104 wallabag = mkOption {
1105 description = "Wallabag configuration";
1106 type = submodule {
1107 options = {
1108 postgresql = mkPsqlOptions "Wallabag";
1109 ldap = mkLdapOptions "Wallabag" {
1110 admin_filter = mkOption { type = str; description = "Admin users filter"; };
1111 };
1112 redis = mkRedisOptions "Wallabag";
1113 secret = mkOption { type = str; description = "App secret"; };
1114 };
1115 };
1116 };
1117 webhooks = mkOption {
1118 type = attrsOf str;
1119 description = "Mapping 'name'.php => script for webhooks";
1120 };
1121 csp_reports = mkOption {
1122 description = "CSP report configuration";
1123 type = submodule {
1124 options = {
1125 report_uri = mkOption { type = str; description = "URI to report CSP violations to"; };
1126 policies = mkOption { type = attrsOf str; description = "CSP policies to apply"; };
1127 postgresql = mkPsqlOptions "CSP reports";
1128 };
1129 };
1130 };
1131 commento = mkOption {
1132 description = "Commento configuration";
1133 type = submodule {
1134 options = {
1135 listenPort = mkOption { type = port; description = "Port to listen to"; };
1136 postgresql = mkPsqlOptions "Commento";
1137 smtp = mkSmtpOptions "Commento";
1138 };
1139 };
1140 };
1141 ympd = mkOption {
1142 description = "Ympd configuration";
1143 type = submodule {
1144 options = {
1145 listenPort = mkOption { type = port; description = "Port to listen to"; };
1146 mpd = mkOption {
1147 description = "MPD configuration";
1148 type = submodule {
1149 options = {
1150 password = mkOption { type = str; description = "Password to access MPD host"; };
1151 host = mkOption { type = str; description = "Host for MPD"; };
1152 port = mkOption { type = port; description = "Port to access MPD host"; };
1153 };
1154 };
1155 };
1156 };
1157 };
1158 };
1159 yourls = mkOption {
1160 description = "Yourls configuration";
1161 type = submodule {
1162 options = {
1163 mysql = mkMysqlOptions "Yourls" {};
1164 ldap = mkLdapOptions "Yourls" {};
1165 cookieKey = mkOption { type = str; description = "Cookie key"; };
1166 };
1167 };
1168 };
1169 };
1170 };
1171 };
1172 websites = mkOption {
1173 description = "Websites configurations";
1174 type = submodule {
1175 options = {
1176 immae = mkOption {
1177 description = "Immae configuration by environment";
1178 type = submodule {
1179 options = {
1180 temp = mkOption {
1181 description = "Temp configuration";
1182 type = submodule {
1183 options = {
1184 ldap = mkLdapOptions "Immae temp" {
1185 filter = mkOption { type = str; description = "Filter for user access"; };
1186 };
1187 };
1188 };
1189 };
1190 };
1191 };
1192 };
1193 isabelle = mkOption {
1194 description = "Isabelle configurations by environment";
1195 type =
1196 let
1197 atenSubmodule = mkOption {
1198 description = "environment configuration";
1199 type = submodule {
1200 options = {
1201 environment = mkOption { type = str; description = "Symfony environment"; };
1202 secret = mkOption { type = str; description = "Symfony App secret"; };
1203 postgresql = mkPsqlOptions "Aten";
1204 };
1205 };
1206 };
1207 in
1208 submodule {
1209 options = {
1210 aten_production = atenSubmodule;
1211 aten_integration = atenSubmodule;
1212 iridologie = mkOption {
1213 description = "environment configuration";
1214 type = submodule {
1215 options = {
1216 environment = mkOption { type = str; description = "SPIP environment"; };
1217 mysql = mkMysqlOptions "Iridologie" {};
1218 ldap = mkLdapOptions "Iridologie" {};
1219 };
1220 };
1221 };
1222 };
1223 };
1224 };
1225 chloe = mkOption {
1226 description = "Chloe configurations by environment";
1227 type =
1228 let
1229 chloeSubmodule = mkOption {
1230 description = "environment configuration";
1231 type = submodule {
1232 options = {
1233 environment = mkOption { type = str; description = "SPIP environment"; };
1234 mysql = mkMysqlOptions "Chloe" {};
1235 ldap = mkLdapOptions "Chloe" {};
1236 };
1237 };
1238 };
1239 in
1240 submodule {
1241 options = {
1242 production = chloeSubmodule;
1243 integration = chloeSubmodule;
1244 };
1245 };
1246 };
1247 connexionswing = mkOption {
1248 description = "Connexionswing configurations by environment";
1249 type =
1250 let
1251 csSubmodule = mkOption {
1252 description = "environment configuration";
1253 type = submodule {
1254 options = {
1255 environment = mkOption { type = str; description = "Symfony environment"; };
1256 mysql = mkMysqlOptions "Connexionswing" {};
1257 secret = mkOption { type = str; description = "Symfony App secret"; };
1258 email = mkOption { type = str; description = "Symfony email notification"; };
1259 };
1260 };
1261 };
1262 in
1263 submodule {
1264 options = {
1265 production = csSubmodule;
1266 integration = csSubmodule;
1267 };
1268 };
1269 };
1270 jerome = mkOption {
1271 description = "Naturaloutil configuration";
1272 type = submodule {
1273 options = {
1274 mysql = mkMysqlOptions "Naturaloutil" {};
1275 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1276 };
1277 };
1278 };
1279 telio_tortay = mkOption {
1280 description = "Telio Tortay configuration";
1281 type = submodule {
1282 options = {
1283 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1284 };
1285 };
1286 };
1287 ludivine = mkOption {
1288 description = "Ludivinecassal configurations by environment";
1289 type =
1290 let
1291 lcSubmodule = mkOption {
1292 description = "environment configuration";
1293 type = submodule {
1294 options = {
1295 environment = mkOption { type = str; description = "Symfony environment"; };
1296 mysql = mkMysqlOptions "LudivineCassal" {};
1297 ldap = mkLdapOptions "LudivineCassal" {};
1298 secret = mkOption { type = str; description = "Symfony App secret"; };
1299 };
1300 };
1301 };
1302 in
1303 submodule {
1304 options = {
1305 production = lcSubmodule;
1306 integration = lcSubmodule;
1307 };
1308 };
1309 };
1310 emilia = mkOption {
1311 description = "Emilia configuration";
1312 type = submodule {
1313 options = {
1314 postgresql = mkPsqlOptions "Emilia";
1315 };
1316 };
1317 };
1318 florian = mkOption {
1319 description = "Florian configuration";
1320 type = submodule {
1321 options = {
1322 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1323 };
1324 };
1325 };
1326 nassime = mkOption {
1327 description = "Nassime configuration";
1328 type = submodule {
1329 options = {
1330 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1331 };
1332 };
1333 };
1334 piedsjaloux = mkOption {
1335 description = "Piedsjaloux configurations by environment";
1336 type =
1337 let
1338 pjSubmodule = mkOption {
1339 description = "environment configuration";
1340 type = submodule {
1341 options = {
1342 environment = mkOption { type = str; description = "Symfony environment"; };
1343 mysql = mkMysqlOptions "Piedsjaloux" {};
1344 secret = mkOption { type = str; description = "Symfony App secret"; };
1345 };
1346 };
1347 };
1348 in
1349 submodule {
1350 options = {
1351 production = pjSubmodule;
1352 integration = pjSubmodule;
1353 };
1354 };
1355 };
1356 richie = mkOption {
1357 description = "Europe Richie configurations by environment";
1358 type = submodule {
1359 options = {
1360 mysql = mkMysqlOptions "Richie" {};
1361 smtp_mailer = mkOption {
1362 description = "SMTP mailer configuration";
1363 type = submodule {
1364 options = {
1365 user = mkOption { type = str; description = "Username"; };
1366 password = mkOption { type = str; description = "Password"; };
1367 };
1368 };
1369 };
1370 };
1371 };
1372 };
1373 caldance = mkOption {
1374 description = "Caldance configurations by environment";
1375 type = submodule {
1376 options = {
1377 integration = mkOption {
1378 description = "environment configuration";
1379 type = submodule {
1380 options = {
1381 password = mkOption { type = str; description = "Password file content for basic auth"; };
1382 };
1383 };
1384 };
1385 };
1386 };
1387 };
1388 tellesflorian = mkOption {
1389 description = "Tellesflorian configurations by environment";
1390 type =
1391 let
1392 tfSubmodule = mkOption {
1393 description = "environment configuration";
1394 type = submodule {
1395 options = {
1396 environment = mkOption { type = str; description = "Symfony environment"; };
1397 mysql = mkMysqlOptions "Tellesflorian" {};
1398 secret = mkOption { type = str; description = "Symfony App secret"; };
1399 invite_passwords = mkOption { type = str; description = "Password basic auth"; };
1400 };
1401 };
1402 };
1403 in
1404 submodule {
1405 options = {
1406 integration = tfSubmodule;
1407 };
1408 };
1409 };
1410 };
1411 };
1412 };
1413
1414 privateFiles = mkOption {
1415 type = path;
1416 description = ''
1417 Path to secret files to make available during build
1418 '';
1419 };
1420 };
1421 options.hostEnv = mkOption {
1422 readOnly = true;
1423 type = hostEnv;
1424 default = config.myEnv.servers."${name}";
1425 description = "Host environment";
1426 };
1427 }
My infrastructure configuration