]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/environment.nix
projects / perso / Immae / Config / Nix.git / blob
? search:


15e8f5489f56729d4f00d471cb49c04ed8746f32
[perso/Immae/Config/Nix.git] / modules / private / environment.nix
1 { lib, ... }:
2 with lib;
3 with types;
4 with lists;
5 let
6 ldapOptions = {
7 base = mkOption { description = "Base of the LDAP tree"; type = str; };
8 host = mkOption { description = "Host to access LDAP"; type = str; };
9 root_dn = mkOption { description = "DN of the root user"; type = str; };
10 root_pw = mkOption { description = "Hashed password of the root user"; type = str; };
11 replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; };
12 replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; };
13 };
14 mkLdapOptions = name: more: mkOption {
15 description = "${name} LDAP configuration";
16 type = submodule {
17 options = ldapOptions // {
18 dn = mkOption { description = "DN of the ${name} user"; type = str; };
19 password = mkOption { description = "password of the ${name} user"; type = str; };
20 filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; };
21 } // more;
22 };
23 };
24 mysqlOptions = {
25 host = mkOption { description = "Host to access Mysql"; type = str; };
26 port = mkOption { description = "Port to access Mysql"; type = str; };
27 socket = mkOption { description = "Socket to access Mysql"; type = path; };
28 systemUsers = mkOption {
29 description = "Attrs of user-passwords allowed to access mysql";
30 type = attrsOf str;
31 };
32 pam = mkOption {
33 description = "PAM configuration for mysql";
34 type = submodule {
35 options = {
36 dn = mkOption { description = "DN to connect as to check users"; type = str; };
37 password = mkOption { description = "DN password to connect as to check users"; type = str; };
38 filter = mkOption { description = "filter to match users"; type = str; };
39 };
40 };
41 };
42 };
43 mkMysqlOptions = name: mkOption {
44 description = "${name} mysql configuration";
45 type = submodule {
46 options = mysqlOptions // {
47 database = mkOption { description = "${name} database"; type = str; };
48 user = mkOption { description = "${name} user"; type = str; };
49 password = mkOption { description = "mysql password of the ${name} user"; type = str; };
50 };
51 };
52 };
53 psqlOptions = {
54 host = mkOption { description = "Host to access Postgresql"; type = str; };
55 port = mkOption { description = "Port to access Postgresql"; type = str; };
56 socket = mkOption { description = "Socket to access Postgresql"; type = path; };
57 pam = mkOption {
58 description = "PAM configuration for psql";
59 type = submodule {
60 options = {
61 dn = mkOption { description = "DN to connect as to check users"; type = str; };
62 password = mkOption { description = "DN password to connect as to check users"; type = str; };
63 filter = mkOption { description = "filter to match users"; type = str; };
64 };
65 };
66 };
67 };
68 mkPsqlOptions = name: mkOption {
69 description = "${name} psql configuration";
70 type = submodule {
71 options = psqlOptions // {
72 database = mkOption { description = "${name} database"; type = str; };
73 schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; };
74 user = mkOption { description = "${name} user"; type = str; };
75 password = mkOption { description = "psql password of the ${name} user"; type = str; };
76 };
77 };
78 };
79 redisOptions = {
80 host = mkOption { description = "Host to access Redis"; type = str; };
81 port = mkOption { description = "Port to access Redis"; type = str; };
82 socket = mkOption { description = "Socket to access Redis"; type = path; };
83 dbs = mkOption {
84 description = "Attrs of db number. Each number should be unique to avoid collision!";
85 type = attrsOf str;
86 };
87 spiped_key = mkOption {
88 type = str;
89 description = ''
90 Key to use with spiped to make a secure channel to replication
91 '';
92 };
93 predixy = mkOption {
94 description = "Predixy configuration. Unused yet";
95 type = submodule {
96 options = {
97 read = mkOption { type = str; description = "Read password"; };
98 };
99 };
100 };
101 };
102 mkRedisOptions = name: mkOption {
103 description = "${name} redis configuration";
104 type = submodule {
105 options = redisOptions // {
106 db = mkOption { description = "${name} database"; type = str; };
107 };
108 };
109 };
110 in
111 {
112 options.myEnv = {
113 servers = mkOption {
114 description = ''
115 Attrs of servers information in the cluster (not necessarily handled by nixops)
116 '';
117 default = {};
118 type = attrsOf (submodule {
119 options = {
120 ldap = mkOption {
121 description = ''
122 LDAP credentials for the host
123 '';
124 type = submodule {
125 options = {
126 password = mkOption { type = string; description = "Password for the LDAP connection"; };
127 dn = mkOption { type = string; description = "DN for the LDAP connection"; };
128 };
129 };
130 };
131 ips = mkOption {
132 description = ''
133 attrs of ip4/ip6 grouped by section
134 '';
135 type = attrsOf (submodule {
136 options = {
137 ip4 = mkOption {
138 type = string;
139 description = ''
140 ip4 address of the host
141 '';
142 };
143 ip6 = mkOption {
144 type = listOf string;
145 default = [];
146 description = ''
147 ip6 addresses of the host
148 '';
149 };
150 };
151 });
152 };
153 };
154 });
155 };
156 hetznerCloud = mkOption {
157 description = ''
158 Hetzner Cloud credential information
159 '';
160 type = submodule {
161 options = {
162 authToken = mkOption {
163 type = str;
164 description = ''
165 The API auth token.
166 '';
167 };
168 };
169 };
170 };
171 hetzner = mkOption {
172 description = ''
173 Hetzner credential information
174 '';
175 type = submodule {
176 options = {
177 user = mkOption { type = str; description = "User"; };
178 pass = mkOption { type = str; description = "Password"; };
179 };
180 };
181 };
182 sshd = mkOption {
183 description = ''
184 sshd service credential information
185 '';
186 type = submodule {
187 options = {
188 ldap = mkOption {
189 description = ''
190 LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn
191 '';
192 type = submodule {
193 options = {
194 password = mkOption { description = "Password"; type = str; };
195 };
196 };
197 };
198 };
199 };
200 };
201 ports = mkOption {
202 description = ''
203 non-standard reserved ports. Must be unique!
204 '';
205 type = attrsOf port;
206 default = {};
207 apply = let
208 noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x));
209 in
210 x: if isAttrs x && noDupl x then x else throw "Non unique values for ports";
211 };
212 httpd = mkOption {
213 description = ''
214 httpd service credential information
215 '';
216 type = submodule {
217 options = {
218 ldap = mkOption {
219 description = ''
220 LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn
221 '';
222 type = submodule {
223 options = {
224 password = mkOption { description = "Password"; type = str; };
225 };
226 };
227 };
228 };
229 };
230 };
231 ldap = mkOption {
232 description = ''
233 LDAP server configuration
234 '';
235 type = submodule {
236 options = ldapOptions;
237 };
238 };
239 databases = mkOption {
240 description = "Databases configuration";
241 type = submodule {
242 options = {
243 mysql = mkOption {
244 type = submodule { options = mysqlOptions; };
245 description = "Mysql configuration";
246 };
247 redis = mkOption {
248 type = submodule { options = redisOptions; };
249 description = "Redis configuration";
250 };
251 postgresql = mkOption {
252 type = submodule { options = psqlOptions; };
253 description = "Postgresql configuration";
254 };
255 };
256 };
257 };
258 jabber = mkOption {
259 description = "Jabber configuration";
260 type = submodule {
261 options = {
262 ldap = mkLdapOptions "Jabber" {};
263 postgresql = mkPsqlOptions "Jabber";
264 };
265 };
266 };
267 users = mkOption {
268 description = "System and regular users uid/gid";
269 type = attrsOf (submodule {
270 options = {
271 uid = mkOption {
272 description = "user uid";
273 type = int;
274 };
275 gid = mkOption {
276 description = "user gid";
277 type = int;
278 };
279 };
280 });
281 };
282 dns = mkOption {
283 description = "DNS configuration";
284 type = submodule {
285 options = {
286 soa = mkOption {
287 description = "SOA information";
288 type = submodule {
289 options = {
290 serial = mkOption {
291 description = "Serial number. Should be incremented at each change and unique";
292 type = str;
293 };
294 refresh = mkOption {
295 description = "Refresh time";
296 type = str;
297 };
298 retry = mkOption {
299 description = "Retry time";
300 type = str;
301 };
302 expire = mkOption {
303 description = "Expire time";
304 type = str;
305 };
306 ttl = mkOption {
307 description = "Default TTL time";
308 type = str;
309 };
310 email = mkOption {
311 description = "hostmaster e-mail";
312 type = str;
313 };
314 primary = mkOption {
315 description = "Primary NS";
316 type = str;
317 };
318 };
319 };
320 };
321 ns = mkOption {
322 description = "Attrs of NS servers group";
323 example = {
324 foo = {
325 "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ];
326 "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ];
327 };
328 };
329 type = attrsOf (attrsOf (listOf str));
330 };
331 slaveZones = mkOption {
332 description = "List of slave zones";
333 type = listOf (submodule {
334 options = {
335 name = mkOption { type = str; description = "zone name"; };
336 masters = mkOption {
337 description = "NS master groups of this zone";
338 type = listOf str;
339 };
340 };
341 });
342 };
343 masterZones = mkOption {
344 description = "List of master zones";
345 type = listOf (submodule {
346 options = {
347 name = mkOption { type = str; description = "zone name"; };
348 slaves = mkOption {
349 description = "NS slave groups of this zone";
350 type = listOf str;
351 };
352 ns = mkOption {
353 description = "groups names that should have their NS entries listed here";
354 type = listOf str;
355 };
356 extra = mkOption {
357 description = "Extra zone configuration for bind";
358 example = ''
359 notify yes;
360 '';
361 type = lines;
362 };
363 entries = mkOption { type = lines; description = "Regular entries of the NS zone"; };
364 withEmail = mkOption {
365 description = "List of domains that should have mail entries (MX, dkim, SPF, ...)";
366 default = [];
367 type = listOf (submodule {
368 options = {
369 domain = mkOption { type = str; description = "Which subdomain is concerned"; };
370 send = mkOption { type = bool; description = "Whether there can be e-mails originating from the subdomain"; };
371 receive = mkOption { type = bool; description = "Whether there can be e-mails arriving to the subdomain"; };
372 };
373 });
374 };
375 };
376 });
377 };
378 };
379 };
380 };
381 backup = mkOption {
382 description = ''
383 Remote backup with duplicity
384 '';
385 type = submodule {
386 options = {
387 password = mkOption { type = str; description = "Password for encrypting files"; };
388 remote = mkOption { type = str; description = "Remote url access"; };
389 accessKeyId = mkOption { type = str; description = "Remote access-key"; };
390 secretAccessKey = mkOption { type = str; description = "Remote access secret"; };
391 };
392 };
393 };
394 rsync_backup = mkOption {
395 description =''
396 Rsync backup configuration from controlled host
397 '';
398 type = submodule {
399 options = {
400 mailto = mkOption { type = str; description = "Where to e-mail on error"; };
401 ssh_key = mkOption {
402 description = "SSH key information";
403 type = submodule {
404 options = {
405 public = mkOption { type = str; description = "Public part of the key"; };
406 private = mkOption { type = lines; description = "Private part of the key"; };
407 };
408 };
409 };
410 profiles = mkOption {
411 description = "Attrs of profiles to backup";
412 type = attrsOf (submodule {
413 options = {
414 keep = mkOption { type = int; description = "Number of backups to keep"; };
415 login = mkOption { type = str; description = "Login to connect to host"; };
416 port = mkOption { type = str; default = "22"; description = "Port to connect to host"; };
417 host = mkOption { type = str; description = "Host to connect to"; };
418 host_key = mkOption { type = str; description = "Host key"; };
419 host_key_type = mkOption { type = str; description = "Host key type"; };
420 parts = mkOption {
421 description = "Parts to backup for this host";
422 type = attrsOf (submodule {
423 options = {
424 remote_folder = mkOption { type = path; description = "Remote folder to backup";};
425 exclude_from = mkOption {
426 type = listOf path;
427 default = [];
428 description = "List of folders/files to exclude from the backup";
429 };
430 files_from = mkOption {
431 type = listOf path;
432 default = [];
433 description = "List of folders/files to backup in the base folder";
434 };
435 args = mkOption {
436 type = nullOr str;
437 default = null;
438 description = "Extra arguments to pass to rsync";
439 };
440 };
441 });
442 };
443 };
444 });
445 };
446 };
447 };
448 };
449 monitoring = mkOption {
450 description = "Monitoring configuration";
451 type = submodule {
452 options = {
453 status_url = mkOption { type = str; description = "URL to push status to"; };
454 status_token = mkOption { type = str; description = "Token for the status url"; };
455 email = mkOption { type = str; description = "Admin E-mail"; };
456 };
457 };
458 };
459 mpd = mkOption {
460 description = "MPD configuration";
461 type = submodule {
462 options = {
463 folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; };
464 password = mkOption { type = str; description = "Password to connect to the MPD instance"; };
465 host = mkOption { type = str; description = "Host to connect to the MPD instance"; };
466 port = mkOption { type = str; description = "Port to connect to the MPD instance"; };
467 };
468 };
469 };
470 ftp = mkOption {
471 description = "FTP configuration";
472 type = submodule {
473 options = {
474 ldap = mkLdapOptions "FTP" {};
475 };
476 };
477 };
478 mail = mkOption {
479 description = "Mail configuration";
480 type = submodule {
481 options = {
482 dmarc = mkOption {
483 description = "DMARC configuration";
484 type = submodule {
485 options = {
486 ignore_hosts = mkOption {
487 type = lines;
488 description = ''
489 Hosts to ignore when checking for dmarc
490 '';
491 };
492 };
493 };
494 };
495 dkim = mkOption {
496 description = "DKIM configuration";
497 type = attrsOf (submodule {
498 options = {
499 public = mkOption {
500 type = str;
501 example = ''
502 ( "v=DKIM1; k=rsa; "
503 "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB" )
504 '';
505 description = "Public entry to put in DNS TXT field";
506 };
507 private = mkOption { type = str; description = "Private key"; };
508 };
509 });
510 };
511 postfix = mkOption {
512 description = "Postfix configuration";
513 type = submodule {
514 options = {
515 additional_mailbox_domains = mkOption {
516 description = ''
517 List of domains that are used as mailbox final destination, in addition to those defined in the DNS records
518 '';
519 type = listOf str;
520 };
521 mysql = mkMysqlOptions "Postfix";
522 backup_domains = mkOption {
523 description = ''
524 Domains that are accepted for relay as backup domain
525 '';
526 type = attrsOf (submodule {
527 options = {
528 domains = mkOption { type = listOf str; description = "Domains list"; };
529 relay_restrictions = mkOption {
530 type = lines;
531 description = ''
532 Restrictions for relaying the e-mails from the domains
533 '';
534 };
535 recipient_maps = mkOption {
536 description = ''
537 Recipient map to accept relay for.
538 Must be specified for domain, the rules apply to everyone!
539 '';
540 type = listOf (submodule {
541 options = {
542 type = mkOption {
543 type = enum [ "hash" ];
544 description = "Map type";
545 };
546 content = mkOption {
547 type = str;
548 description = "Map content";
549 };
550 };
551 });
552 };
553 };
554 });
555 };
556 };
557 };
558 };
559 dovecot = mkOption {
560 description = "Dovecot configuration";
561 type = submodule {
562 options = {
563 ldap = mkLdapOptions "Dovecot" {
564 pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; };
565 user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; };
566 iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; };
567 iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; };
568 };
569 };
570 };
571 };
572 rspamd = mkOption {
573 description = "rspamd configuration";
574 type = submodule {
575 options = {
576 redis = mkRedisOptions "Redis";
577 read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; };
578 write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; };
579 read_password = mkOption {
580 type = str;
581 description = "Read password for rspamd. Unused";
582 apply = x: "";
583 };
584 write_password = mkOption {
585 type = str;
586 description = "Write password for rspamd. Unused";
587 apply = x: "";
588 };
589 };
590 };
591 };
592 scripts = mkOption {
593 description = "Mail script recipients";
594 type = attrsOf (submodule {
595 options = {
596 src = mkOption {
597 description = ''
598 git source to fetch the script from.
599 It must have a default.nix file as its root accepting a scriptEnv parameter
600 '';
601 type = submodule {
602 options = {
603 url = mkOption { type = str; description = "git url to fetch"; };
604 rev = mkOption { type = str; description = "git reference to fetch"; };
605 };
606 };
607 };
608 env = mkOption {
609 description = "Variables to pass to the script";
610 type = unspecified;
611 };
612 };
613 });
614 };
615 };
616 };
617 };
618 buildbot = mkOption {
619 description = "Buildbot configuration";
620 type = submodule {
621 options = {
622 user = mkOption {
623 description = "Buildbot user";
624 type = submodule {
625 options = {
626 uid = mkOption {
627 description = "user uid";
628 type = int;
629 };
630 gid = mkOption {
631 description = "user gid";
632 type = int;
633 };
634 };
635 };
636 };
637 ldap = mkOption {
638 description = "Ldap configuration for buildbot";
639 type = submodule {
640 options = {
641 password = mkOption { type = str; description = "Buildbot password"; };
642 };
643 };
644 };
645 projects = mkOption {
646 description = "Projects to make a buildbot for";
647 type = attrsOf (submodule {
648 options = {
649 name = mkOption { type = str; description = "Project name"; };
650 packages = mkOption {
651 type = unspecified;
652 example = literalExample ''
653 pkgs: [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ];
654 '';
655 description = ''
656 Function.
657 Builds packages list to make available to buildbot project.
658 Takes pkgs as argument.
659 '';
660 };
661 pythonPackages = mkOption {
662 type = unspecified;
663 example = literalExample ''
664 p: pkgs: [ pkgs.python3Packages.pip ];
665 '';
666 description = ''
667 Function.
668 Builds python packages list to make available to buildbot project.
669 Takes buildbot python module as first argument and pkgs as second argument in order to augment the python modules list.
670 '';
671 };
672 pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; };
673 secrets = mkOption {
674 type = attrsOf str;
675 description = "Secrets for the project to dump as files";
676 };
677 environment = mkOption {
678 type = attrsOf str;
679 description = ''
680 Environment variables for the project.
681 BUILDBOT_ is prefixed to the variable names
682 '';
683 };
684 activationScript = mkOption {
685 type = lines;
686 description = ''
687 Activation script to run during deployment
688 '';
689 };
690 builderPaths = mkOption {
691 type = attrsOf unspecified;
692 default = {};
693 description = ''
694 Attrs of functions to make accessible specifically per builder.
695 Takes pkgs as argument and should return a single path containing binaries.
696 This path will be accessible as BUILDBOT_PATH_<attrskey>
697 '';
698 };
699 webhookTokens = mkOption {
700 type = nullOr (listOf str);
701 default = null;
702 description = ''
703 List of tokens allowed to push to project’s change_hook/base endpoint
704 '';
705 };
706 };
707 });
708 };
709 };
710 };
711 };
712 tools = mkOption {
713 description = "Tools configurations";
714 type = submodule {
715 options = {
716 davical = mkOption {
717 description = "Davical configuration";
718 type = submodule {
719 options = {
720 postgresql = mkPsqlOptions "Davical";
721 ldap = mkLdapOptions "Davical" {};
722 };
723 };
724 };
725 diaspora = mkOption {
726 description = "Diaspora configuration";
727 type = submodule {
728 options = {
729 postgresql = mkPsqlOptions "Diaspora";
730 redis = mkRedisOptions "Diaspora";
731 ldap = mkLdapOptions "Diaspora" {};
732 secret_token = mkOption { type = str; description = "Secret token"; };
733 };
734 };
735 };
736 etherpad-lite = mkOption {
737 description = "Etherpad configuration";
738 type = submodule {
739 options = {
740 postgresql = mkPsqlOptions "Etherpad";
741 ldap = mkLdapOptions "Etherpad" {
742 group_filter = mkOption { type = str; description = "Filter for groups"; };
743 };
744 session_key = mkOption { type = str; description = "Session key"; };
745 api_key = mkOption { type = str; description = "API key"; };
746 redirects = mkOption { type = str; description = "Redirects for apache"; };
747 };
748 };
749 };
750 gitolite = mkOption {
751 description = "Gitolite configuration";
752 type = submodule {
753 options = {
754 ldap = mkLdapOptions "Gitolite" {};
755 };
756 };
757 };
758 kanboard = mkOption {
759 description = "Kanboard configuration";
760 type = submodule {
761 options = {
762 postgresql = mkPsqlOptions "Kanboard";
763 ldap = mkLdapOptions "Kanboard" {
764 admin_dn = mkOption { type = str; description = "Admin DN"; };
765 };
766 };
767 };
768 };
769 mantisbt = mkOption {
770 description = "Mantisbt configuration";
771 type = submodule {
772 options = {
773 postgresql = mkPsqlOptions "Mantisbt";
774 ldap = mkLdapOptions "Mantisbt" {};
775 master_salt = mkOption { type = str; description = "Master salt for password hash"; };
776 };
777 };
778 };
779 mastodon = mkOption {
780 description = "Mastodon configuration";
781 type = submodule {
782 options = {
783 postgresql = mkPsqlOptions "Mastodon";
784 redis = mkRedisOptions "Mastodon";
785 ldap = mkLdapOptions "Mastodon" {};
786 paperclip_secret = mkOption { type = str; description = "Paperclip secret"; };
787 otp_secret = mkOption { type = str; description = "OTP secret"; };
788 secret_key_base = mkOption { type = str; description = "Secret key base"; };
789 vapid = mkOption {
790 description = "vapid key";
791 type = submodule {
792 options = {
793 private = mkOption { type = str; description = "Private key"; };
794 public = mkOption { type = str; description = "Public key"; };
795 };
796 };
797 };
798 };
799 };
800 };
801 mediagoblin = mkOption {
802 description = "Mediagoblin configuration";
803 type = submodule {
804 options = {
805 postgresql = mkPsqlOptions "Mediagoblin";
806 redis = mkRedisOptions "Mediagoblin";
807 ldap = mkLdapOptions "Mediagoblin" {};
808 };
809 };
810 };
811 nextcloud = mkOption {
812 description = "Nextcloud configuration";
813 type = submodule {
814 options = {
815 postgresql = mkPsqlOptions "Peertube";
816 redis = mkRedisOptions "Peertube";
817 password_salt = mkOption { type = str; description = "Password salt"; };
818 instance_id = mkOption { type = str; description = "Instance ID"; };
819 secret = mkOption { type = str; description = "App secret"; };
820 };
821 };
822 };
823 peertube = mkOption {
824 description = "Peertube configuration";
825 type = submodule {
826 options = {
827 listenPort = mkOption { type = port; description = "Port to listen to"; };
828 postgresql = mkPsqlOptions "Peertube";
829 redis = mkRedisOptions "Peertube";
830 ldap = mkLdapOptions "Peertube" {};
831 };
832 };
833 };
834 phpldapadmin = mkOption {
835 description = "phpLdapAdmin configuration";
836 type = submodule {
837 options = {
838 ldap = mkLdapOptions "phpldapadmin" {};
839 };
840 };
841 };
842 rompr = mkOption {
843 description = "Rompr configuration";
844 type = submodule {
845 options = {
846 mpd = mkOption {
847 description = "MPD configuration";
848 type = submodule {
849 options = {
850 host = mkOption { type = str; description = "Host for MPD"; };
851 port = mkOption { type = port; description = "Port to access MPD host"; };
852 };
853 };
854 };
855 };
856 };
857 };
858 roundcubemail = mkOption {
859 description = "Roundcubemail configuration";
860 type = submodule {
861 options = {
862 postgresql = mkPsqlOptions "TT-RSS";
863 secret = mkOption { type = str; description = "Secret"; };
864 };
865 };
866 };
867 shaarli = mkOption {
868 description = "Shaarli configuration";
869 type = submodule {
870 options = {
871 ldap = mkLdapOptions "Shaarli" {};
872 };
873 };
874 };
875 task = mkOption {
876 description = "Taskwarrior configuration";
877 type = submodule {
878 options = {
879 ldap = mkLdapOptions "Taskwarrior" {};
880 taskwarrior-web = mkOption {
881 description = "taskwarrior-web profiles";
882 type = attrsOf (submodule {
883 options = {
884 uid = mkOption {
885 type = listOf str;
886 description = "List of ldap uids having access to this profile";
887 };
888 org = mkOption { type = str; description = "Taskd organisation"; };
889 key = mkOption { type = str; description = "Taskd key"; };
890 date = mkOption { type = str; description = "Preferred date format"; };
891 };
892 });
893 };
894 };
895 };
896 };
897 ttrss = mkOption {
898 description = "TT-RSS configuration";
899 type = submodule {
900 options = {
901 postgresql = mkPsqlOptions "TT-RSS";
902 ldap = mkLdapOptions "TT-RSS" {};
903 };
904 };
905 };
906 wallabag = mkOption {
907 description = "Wallabag configuration";
908 type = submodule {
909 options = {
910 postgresql = mkPsqlOptions "Wallabag";
911 ldap = mkLdapOptions "Wallabag" {
912 admin_filter = mkOption { type = str; description = "Admin users filter"; };
913 };
914 redis = mkRedisOptions "Wallabag";
915 secret = mkOption { type = str; description = "App secret"; };
916 };
917 };
918 };
919 ympd = mkOption {
920 description = "Ympd configuration";
921 type = submodule {
922 options = {
923 listenPort = mkOption { type = port; description = "Port to listen to"; };
924 mpd = mkOption {
925 description = "MPD configuration";
926 type = submodule {
927 options = {
928 password = mkOption { type = str; description = "Password to access MPD host"; };
929 host = mkOption { type = str; description = "Host for MPD"; };
930 port = mkOption { type = port; description = "Port to access MPD host"; };
931 };
932 };
933 };
934 };
935 };
936 };
937 yourls = mkOption {
938 description = "Yourls configuration";
939 type = submodule {
940 options = {
941 mysql = mkMysqlOptions "Yourls";
942 ldap = mkLdapOptions "Yourls" {};
943 cookieKey = mkOption { type = str; description = "Cookie key"; };
944 };
945 };
946 };
947 };
948 };
949 };
950 websites = mkOption {
951 description = "Websites configurations";
952 type = submodule {
953 options = {
954 isabelle = mkOption {
955 description = "Isabelle configurations by environment";
956 type =
957 let
958 atenSubmodule = mkOption {
959 description = "environment configuration";
960 type = submodule {
961 options = {
962 environment = mkOption { type = str; description = "Symfony environment"; };
963 secret = mkOption { type = str; description = "Symfony App secret"; };
964 postgresql = mkPsqlOptions "Aten";
965 };
966 };
967 };
968 in
969 submodule {
970 options = {
971 aten_production = atenSubmodule;
972 aten_integration = atenSubmodule;
973 };
974 };
975 };
976 chloe = mkOption {
977 description = "Chloe configurations by environment";
978 type =
979 let
980 chloeSubmodule = mkOption {
981 description = "environment configuration";
982 type = submodule {
983 options = {
984 environment = mkOption { type = str; description = "Symfony environment"; };
985 mysql = mkMysqlOptions "Chloe";
986 ldap = mkLdapOptions "Chloe" {};
987 };
988 };
989 };
990 in
991 submodule {
992 options = {
993 production = chloeSubmodule;
994 integration = chloeSubmodule;
995 };
996 };
997 };
998 connexionswing = mkOption {
999 description = "Connexionswing configurations by environment";
1000 type =
1001 let
1002 csSubmodule = mkOption {
1003 description = "environment configuration";
1004 type = submodule {
1005 options = {
1006 environment = mkOption { type = str; description = "Symfony environment"; };
1007 mysql = mkMysqlOptions "Connexionswing";
1008 secret = mkOption { type = str; description = "Symfony App secret"; };
1009 email = mkOption { type = str; description = "Symfony email notification"; };
1010 };
1011 };
1012 };
1013 in
1014 submodule {
1015 options = {
1016 production = csSubmodule;
1017 integration = csSubmodule;
1018 };
1019 };
1020 };
1021 jerome = mkOption {
1022 description = "Naturaloutil configuration";
1023 type = submodule {
1024 options = {
1025 mysql = mkMysqlOptions "Naturaloutil";
1026 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1027 };
1028 };
1029 };
1030 telioTortay = mkOption {
1031 description = "Telio Tortay configuration";
1032 type = submodule {
1033 options = {
1034 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1035 };
1036 };
1037 };
1038 ludivinecassal = mkOption {
1039 description = "Ludivinecassal configurations by environment";
1040 type =
1041 let
1042 lcSubmodule = mkOption {
1043 description = "environment configuration";
1044 type = submodule {
1045 options = {
1046 environment = mkOption { type = str; description = "Symfony environment"; };
1047 mysql = mkMysqlOptions "LudivineCassal";
1048 ldap = mkLdapOptions "LudivineCassal" {};
1049 secret = mkOption { type = str; description = "Symfony App secret"; };
1050 };
1051 };
1052 };
1053 in
1054 submodule {
1055 options = {
1056 production = lcSubmodule;
1057 integration = lcSubmodule;
1058 };
1059 };
1060 };
1061 emilia = mkOption {
1062 description = "Emilia configuration";
1063 type = submodule {
1064 options = {
1065 postgresql = mkPsqlOptions "Emilia";
1066 };
1067 };
1068 };
1069 florian = mkOption {
1070 description = "Florian configuration";
1071 type = submodule {
1072 options = {
1073 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1074 };
1075 };
1076 };
1077 nassime = mkOption {
1078 description = "Nassime configuration";
1079 type = submodule {
1080 options = {
1081 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1082 };
1083 };
1084 };
1085 piedsjaloux = mkOption {
1086 description = "Piedsjaloux configurations by environment";
1087 type =
1088 let
1089 pjSubmodule = mkOption {
1090 description = "environment configuration";
1091 type = submodule {
1092 options = {
1093 environment = mkOption { type = str; description = "Symfony environment"; };
1094 mysql = mkMysqlOptions "Piedsjaloux";
1095 secret = mkOption { type = str; description = "Symfony App secret"; };
1096 };
1097 };
1098 };
1099 in
1100 submodule {
1101 options = {
1102 production = pjSubmodule;
1103 integration = pjSubmodule;
1104 };
1105 };
1106 };
1107 richie = mkOption {
1108 description = "Europe Richie configurations by environment";
1109 type = submodule {
1110 options = {
1111 mysql = mkMysqlOptions "Richie";
1112 smtp_mailer = mkOption {
1113 description = "SMTP mailer configuration";
1114 type = submodule {
1115 options = {
1116 user = mkOption { type = str; description = "Username"; };
1117 password = mkOption { type = str; description = "Password"; };
1118 };
1119 };
1120 };
1121 };
1122 };
1123 };
1124 tellesflorian = mkOption {
1125 description = "Tellesflorian configurations by environment";
1126 type =
1127 let
1128 tfSubmodule = mkOption {
1129 description = "environment configuration";
1130 type = submodule {
1131 options = {
1132 environment = mkOption { type = str; description = "Symfony environment"; };
1133 mysql = mkMysqlOptions "Tellesflorian";
1134 secret = mkOption { type = str; description = "Symfony App secret"; };
1135 invite_passwords = mkOption { type = str; description = "Password basic auth"; };
1136 };
1137 };
1138 };
1139 in
1140 submodule {
1141 options = {
1142 integration = tfSubmodule;
1143 };
1144 };
1145 };
1146 };
1147 };
1148 };
1149
1150 privateFiles = mkOption {
1151 type = path;
1152 description = ''
1153 Path to secret files to make available during build
1154 '';
1155 };
1156 };
1157 options.hostEnv = {
1158 FQDN = mkOption {
1159 type = string;
1160 description = ''
1161 FQDN of the current host.
1162 '';
1163 };
1164 };
1165 }
My infrastructure configuration