]> git.immae.eu Git - perso/Immae/Config/Nix.git/blob - modules/private/environment.nix
projects / perso / Immae / Config / Nix.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Remove mail command in backup script
[perso/Immae/Config/Nix.git] / modules / private / environment.nix
1 { config, lib, name, ... }:
2 with lib;
3 with types;
4 with lists;
5 let
6 ldapOptions = {
7 base = mkOption { description = "Base of the LDAP tree"; type = str; };
8 host = mkOption { description = "Host to access LDAP"; type = str; };
9 root_dn = mkOption { description = "DN of the root user"; type = str; };
10 root_pw = mkOption { description = "Hashed password of the root user"; type = str; };
11 replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; };
12 replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; };
13 };
14 mkLdapOptions = name: more: mkOption {
15 description = "${name} LDAP configuration";
16 type = submodule {
17 options = ldapOptions // {
18 dn = mkOption { description = "DN of the ${name} user"; type = str; };
19 password = mkOption { description = "password of the ${name} user"; type = str; };
20 filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; };
21 } // more;
22 };
23 };
24 mysqlOptions = {
25 host = mkOption { description = "Host to access Mysql"; type = str; };
26 remoteHost = mkOption { description = "Host to access Mysql from outside"; type = str; };
27 port = mkOption { description = "Port to access Mysql"; type = str; };
28 socket = mkOption { description = "Socket to access Mysql"; type = path; };
29 systemUsers = mkOption {
30 description = "Attrs of user-passwords allowed to access mysql";
31 type = attrsOf str;
32 };
33 pam = mkOption {
34 description = "PAM configuration for mysql";
35 type = submodule {
36 options = {
37 dn = mkOption { description = "DN to connect as to check users"; type = str; };
38 password = mkOption { description = "DN password to connect as to check users"; type = str; };
39 filter = mkOption { description = "filter to match users"; type = str; };
40 };
41 };
42 };
43 };
44 mkMysqlOptions = name: more: mkOption {
45 description = "${name} mysql configuration";
46 type = submodule {
47 options = mysqlOptions // {
48 database = mkOption { description = "${name} database"; type = str; };
49 user = mkOption { description = "${name} user"; type = str; };
50 password = mkOption { description = "mysql password of the ${name} user"; type = str; };
51 } // more;
52 };
53 };
54 psqlOptions = {
55 host = mkOption { description = "Host to access Postgresql"; type = str; };
56 port = mkOption { description = "Port to access Postgresql"; type = str; };
57 socket = mkOption { description = "Socket to access Postgresql"; type = path; };
58 pam = mkOption {
59 description = "PAM configuration for psql";
60 type = submodule {
61 options = {
62 dn = mkOption { description = "DN to connect as to check users"; type = str; };
63 password = mkOption { description = "DN password to connect as to check users"; type = str; };
64 filter = mkOption { description = "filter to match users"; type = str; };
65 };
66 };
67 };
68 };
69 mkPsqlOptions = name: mkOption {
70 description = "${name} psql configuration";
71 type = submodule {
72 options = psqlOptions // {
73 database = mkOption { description = "${name} database"; type = str; };
74 schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; };
75 user = mkOption { description = "${name} user"; type = str; };
76 password = mkOption { description = "psql password of the ${name} user"; type = str; };
77 };
78 };
79 };
80 redisOptions = {
81 host = mkOption { description = "Host to access Redis"; type = str; };
82 port = mkOption { description = "Port to access Redis"; type = str; };
83 socket = mkOption { description = "Socket to access Redis"; type = path; };
84 dbs = mkOption {
85 description = "Attrs of db number. Each number should be unique to avoid collision!";
86 type = attrsOf str;
87 };
88 spiped_key = mkOption {
89 type = str;
90 description = ''
91 Key to use with spiped to make a secure channel to replication
92 '';
93 };
94 predixy = mkOption {
95 description = "Predixy configuration. Unused yet";
96 type = submodule {
97 options = {
98 read = mkOption { type = str; description = "Read password"; };
99 };
100 };
101 };
102 };
103 mkRedisOptions = name: mkOption {
104 description = "${name} redis configuration";
105 type = submodule {
106 options = redisOptions // {
107 db = mkOption { description = "${name} database"; type = str; };
108 };
109 };
110 };
111 hostEnv = submodule {
112 options = {
113 fqdn = mkOption {
114 description = "Host FQDN";
115 type = str;
116 };
117 emails = mkOption {
118 default = [];
119 description = "List of e-mails that the server can be a sender of";
120 type = listOf str;
121 };
122 ldap = mkOption {
123 description = ''
124 LDAP credentials for the host
125 '';
126 type = submodule {
127 options = {
128 password = mkOption { type = string; description = "Password for the LDAP connection"; };
129 dn = mkOption { type = string; description = "DN for the LDAP connection"; };
130 };
131 };
132 };
133 mx = mkOption {
134 description = "subdomain and priority for MX server";
135 default = { enable = false; };
136 type = submodule {
137 options = {
138 enable = mkEnableOption "Enable MX";
139 subdomain = mkOption { type = nullOr str; description = "Subdomain name (mx-*)"; };
140 priority = mkOption { type = nullOr str; description = "Priority"; };
141 };
142 };
143 };
144 ips = mkOption {
145 description = ''
146 attrs of ip4/ip6 grouped by section
147 '';
148 type = attrsOf (submodule {
149 options = {
150 ip4 = mkOption {
151 type = string;
152 description = ''
153 ip4 address of the host
154 '';
155 };
156 ip6 = mkOption {
157 type = listOf string;
158 default = [];
159 description = ''
160 ip6 addresses of the host
161 '';
162 };
163 };
164 });
165 };
166 };
167 };
168 in
169 {
170 options.myEnv = {
171 servers = mkOption {
172 description = ''
173 Attrs of servers information in the cluster (not necessarily handled by nixops)
174 '';
175 default = {};
176 type = attrsOf hostEnv;
177 };
178 hetznerCloud = mkOption {
179 description = ''
180 Hetzner Cloud credential information
181 '';
182 type = submodule {
183 options = {
184 authToken = mkOption {
185 type = str;
186 description = ''
187 The API auth token.
188 '';
189 };
190 };
191 };
192 };
193 hetzner = mkOption {
194 description = ''
195 Hetzner credential information
196 '';
197 type = submodule {
198 options = {
199 user = mkOption { type = str; description = "User"; };
200 pass = mkOption { type = str; description = "Password"; };
201 };
202 };
203 };
204 sshd = mkOption {
205 description = ''
206 sshd service credential information
207 '';
208 type = submodule {
209 options = {
210 ldap = mkOption {
211 description = ''
212 LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn
213 '';
214 type = submodule {
215 options = {
216 password = mkOption { description = "Password"; type = str; };
217 };
218 };
219 };
220 };
221 };
222 };
223 ports = mkOption {
224 description = ''
225 non-standard reserved ports. Must be unique!
226 '';
227 type = attrsOf port;
228 default = {};
229 apply = let
230 noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x));
231 in
232 x: if isAttrs x && noDupl x then x else throw "Non unique values for ports";
233 };
234 httpd = mkOption {
235 description = ''
236 httpd service credential information
237 '';
238 type = submodule {
239 options = {
240 ldap = mkOption {
241 description = ''
242 LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn
243 '';
244 type = submodule {
245 options = {
246 password = mkOption { description = "Password"; type = str; };
247 };
248 };
249 };
250 };
251 };
252 };
253 ldap = mkOption {
254 description = ''
255 LDAP server configuration
256 '';
257 type = submodule {
258 options = ldapOptions;
259 };
260 };
261 databases = mkOption {
262 description = "Databases configuration";
263 type = submodule {
264 options = {
265 mysql = mkOption {
266 type = submodule { options = mysqlOptions; };
267 description = "Mysql configuration";
268 };
269 redis = mkOption {
270 type = submodule { options = redisOptions; };
271 description = "Redis configuration";
272 };
273 postgresql = mkOption {
274 type = submodule { options = psqlOptions; };
275 description = "Postgresql configuration";
276 };
277 };
278 };
279 };
280 jabber = mkOption {
281 description = "Jabber configuration";
282 type = submodule {
283 options = {
284 postfix_user_filter = mkOption { type = str; description = "Postfix filter to get xmpp users"; };
285 ldap = mkLdapOptions "Jabber" {};
286 postgresql = mkPsqlOptions "Jabber";
287 };
288 };
289 };
290 users = mkOption {
291 description = "System and regular users uid/gid";
292 type = attrsOf (submodule {
293 options = {
294 uid = mkOption {
295 description = "user uid";
296 type = int;
297 };
298 gid = mkOption {
299 description = "user gid";
300 type = int;
301 };
302 };
303 });
304 };
305 dns = mkOption {
306 description = "DNS configuration";
307 type = submodule {
308 options = {
309 soa = mkOption {
310 description = "SOA information";
311 type = submodule {
312 options = {
313 serial = mkOption {
314 description = "Serial number. Should be incremented at each change and unique";
315 type = str;
316 };
317 refresh = mkOption {
318 description = "Refresh time";
319 type = str;
320 };
321 retry = mkOption {
322 description = "Retry time";
323 type = str;
324 };
325 expire = mkOption {
326 description = "Expire time";
327 type = str;
328 };
329 ttl = mkOption {
330 description = "Default TTL time";
331 type = str;
332 };
333 email = mkOption {
334 description = "hostmaster e-mail";
335 type = str;
336 };
337 primary = mkOption {
338 description = "Primary NS";
339 type = str;
340 };
341 };
342 };
343 };
344 ns = mkOption {
345 description = "Attrs of NS servers group";
346 example = {
347 foo = {
348 "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ];
349 "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ];
350 };
351 };
352 type = attrsOf (attrsOf (listOf str));
353 };
354 slaveZones = mkOption {
355 description = "List of slave zones";
356 type = listOf (submodule {
357 options = {
358 name = mkOption { type = str; description = "zone name"; };
359 masters = mkOption {
360 description = "NS master groups of this zone";
361 type = listOf str;
362 };
363 };
364 });
365 };
366 masterZones = mkOption {
367 description = "List of master zones";
368 type = listOf (submodule {
369 options = {
370 name = mkOption { type = str; description = "zone name"; };
371 slaves = mkOption {
372 description = "NS slave groups of this zone";
373 type = listOf str;
374 };
375 ns = mkOption {
376 description = "groups names that should have their NS entries listed here";
377 type = listOf str;
378 };
379 extra = mkOption {
380 description = "Extra zone configuration for bind";
381 example = ''
382 notify yes;
383 '';
384 type = lines;
385 };
386 entries = mkOption { type = lines; description = "Regular entries of the NS zone"; };
387 withEmail = mkOption {
388 description = "List of domains that should have mail entries (MX, dkim, SPF, ...)";
389 default = [];
390 type = listOf (submodule {
391 options = {
392 domain = mkOption { type = str; description = "Which subdomain is concerned"; };
393 send = mkOption { type = bool; description = "Whether there can be e-mails originating from the subdomain"; };
394 receive = mkOption { type = bool; description = "Whether there can be e-mails arriving to the subdomain"; };
395 };
396 });
397 };
398 };
399 });
400 };
401 };
402 };
403 };
404 backup = mkOption {
405 description = ''
406 Remote backup with duplicity
407 '';
408 type = submodule {
409 options = {
410 password = mkOption { type = str; description = "Password for encrypting files"; };
411 remote = mkOption { type = str; description = "Remote url access"; };
412 accessKeyId = mkOption { type = str; description = "Remote access-key"; };
413 secretAccessKey = mkOption { type = str; description = "Remote access secret"; };
414 };
415 };
416 };
417 rsync_backup = mkOption {
418 description =''
419 Rsync backup configuration from controlled host
420 '';
421 type = submodule {
422 options = {
423 ssh_key = mkOption {
424 description = "SSH key information";
425 type = submodule {
426 options = {
427 public = mkOption { type = str; description = "Public part of the key"; };
428 private = mkOption { type = lines; description = "Private part of the key"; };
429 };
430 };
431 };
432 profiles = mkOption {
433 description = "Attrs of profiles to backup";
434 type = attrsOf (submodule {
435 options = {
436 keep = mkOption { type = int; description = "Number of backups to keep"; };
437 login = mkOption { type = str; description = "Login to connect to host"; };
438 port = mkOption { type = str; default = "22"; description = "Port to connect to host"; };
439 host = mkOption { type = str; description = "Host to connect to"; };
440 host_key = mkOption { type = str; description = "Host key"; };
441 host_key_type = mkOption { type = str; description = "Host key type"; };
442 parts = mkOption {
443 description = "Parts to backup for this host";
444 type = attrsOf (submodule {
445 options = {
446 remote_folder = mkOption { type = path; description = "Remote folder to backup";};
447 exclude_from = mkOption {
448 type = listOf path;
449 default = [];
450 description = "List of folders/files to exclude from the backup";
451 };
452 files_from = mkOption {
453 type = listOf path;
454 default = [];
455 description = "List of folders/files to backup in the base folder";
456 };
457 args = mkOption {
458 type = nullOr str;
459 default = null;
460 description = "Extra arguments to pass to rsync";
461 };
462 };
463 });
464 };
465 };
466 });
467 };
468 };
469 };
470 };
471 monitoring = mkOption {
472 description = "Monitoring configuration";
473 type = submodule {
474 options = {
475 status_url = mkOption { type = str; description = "URL to push status to"; };
476 status_token = mkOption { type = str; description = "Token for the status url"; };
477 http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; };
478 email = mkOption { type = str; description = "Admin E-mail"; };
479 ssh_public_key = mkOption { type = str; description = "SSH public key"; };
480 ssh_secret_key = mkOption { type = str; description = "SSH secret key"; };
481 imap_login = mkOption { type = str; description = "IMAP login"; };
482 imap_password = mkOption { type = str; description = "IMAP password"; };
483 eriomem_keys = mkOption { type = listOf (listOf str); description = "Eriomem keys"; default = []; };
484 nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; };
485 slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; };
486 slack_channel = mkOption { type = str; description = "Slack channel to push status update"; };
487 contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; };
488 email_check = mkOption {
489 description = "Emails services to check";
490 type = attrsOf (submodule {
491 options = {
492 local = mkOption { type = bool; default = false; description = "Use local configuration"; };
493 port = mkOption { type = nullOr str; default = null; description = "Port to connect to ssh"; };
494 login = mkOption { type = nullOr str; default = null; description = "Login to connect to ssh"; };
495 targets = mkOption { type = listOf str; description = "Hosts to send E-mails to"; };
496 mail_address = mkOption { type = str; description = "E-mail recipient part to send e-mail to"; };
497 mail_domain = mkOption { type = str; description = "E-mail domain part to send e-mail to"; };
498 };
499 });
500 };
501 };
502 };
503 };
504 mpd = mkOption {
505 description = "MPD configuration";
506 type = submodule {
507 options = {
508 folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; };
509 password = mkOption { type = str; description = "Password to connect to the MPD instance"; };
510 host = mkOption { type = str; description = "Host to connect to the MPD instance"; };
511 port = mkOption { type = str; description = "Port to connect to the MPD instance"; };
512 };
513 };
514 };
515 ftp = mkOption {
516 description = "FTP configuration";
517 type = submodule {
518 options = {
519 ldap = mkLdapOptions "FTP" {};
520 };
521 };
522 };
523 mail = mkOption {
524 description = "Mail configuration";
525 type = submodule {
526 options = {
527 dmarc = mkOption {
528 description = "DMARC configuration";
529 type = submodule {
530 options = {
531 ignore_hosts = mkOption {
532 type = lines;
533 description = ''
534 Hosts to ignore when checking for dmarc
535 '';
536 };
537 };
538 };
539 };
540 dkim = mkOption {
541 description = "DKIM configuration";
542 type = attrsOf (submodule {
543 options = {
544 public = mkOption {
545 type = str;
546 example = ''
547 ( "v=DKIM1; k=rsa; "
548 "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB" )
549 '';
550 description = "Public entry to put in DNS TXT field";
551 };
552 private = mkOption { type = str; description = "Private key"; };
553 };
554 });
555 };
556 postfix = mkOption {
557 description = "Postfix configuration";
558 type = submodule {
559 options = {
560 additional_mailbox_domains = mkOption {
561 description = ''
562 List of domains that are used as mailbox final destination, in addition to those defined in the DNS records
563 '';
564 type = listOf str;
565 };
566 mysql = mkMysqlOptions "Postfix" {
567 password_encrypt = mkOption { type = str; description = "Key to encrypt relay password in database"; };
568 };
569 backup_domains = mkOption {
570 description = ''
571 Domains that are accepted for relay as backup domain
572 '';
573 type = attrsOf (submodule {
574 options = {
575 domains = mkOption { type = listOf str; description = "Domains list"; };
576 relay_restrictions = mkOption {
577 type = lines;
578 description = ''
579 Restrictions for relaying the e-mails from the domains
580 '';
581 };
582 recipient_maps = mkOption {
583 description = ''
584 Recipient map to accept relay for.
585 Must be specified for domain, the rules apply to everyone!
586 '';
587 type = listOf (submodule {
588 options = {
589 type = mkOption {
590 type = enum [ "hash" ];
591 description = "Map type";
592 };
593 content = mkOption {
594 type = str;
595 description = "Map content";
596 };
597 };
598 });
599 };
600 };
601 });
602 };
603 };
604 };
605 };
606 dovecot = mkOption {
607 description = "Dovecot configuration";
608 type = submodule {
609 options = {
610 ldap = mkLdapOptions "Dovecot" {
611 pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; };
612 user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; };
613 iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; };
614 iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; };
615 };
616 };
617 };
618 };
619 rspamd = mkOption {
620 description = "rspamd configuration";
621 type = submodule {
622 options = {
623 redis = mkRedisOptions "Redis";
624 read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; };
625 write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; };
626 read_password = mkOption {
627 type = str;
628 description = "Read password for rspamd. Unused";
629 apply = x: "";
630 };
631 write_password = mkOption {
632 type = str;
633 description = "Write password for rspamd. Unused";
634 apply = x: "";
635 };
636 };
637 };
638 };
639 scripts = mkOption {
640 description = "Mail script recipients";
641 type = attrsOf (submodule {
642 options = {
643 external = mkEnableOption "Create a script_<name>@mail.immae.eu external address";
644 src = mkOption {
645 description = ''
646 git source to fetch the script from.
647 It must have a default.nix file as its root accepting a scriptEnv parameter
648 '';
649 type = submodule {
650 options = {
651 url = mkOption { type = str; description = "git url to fetch"; };
652 rev = mkOption { type = str; description = "git reference to fetch"; };
653 };
654 };
655 };
656 env = mkOption {
657 description = "Variables to pass to the script";
658 type = unspecified;
659 };
660 };
661 });
662 };
663 };
664 };
665 };
666 buildbot = mkOption {
667 description = "Buildbot configuration";
668 type = submodule {
669 options = {
670 user = mkOption {
671 description = "Buildbot user";
672 type = submodule {
673 options = {
674 uid = mkOption {
675 description = "user uid";
676 type = int;
677 };
678 gid = mkOption {
679 description = "user gid";
680 type = int;
681 };
682 };
683 };
684 };
685 ldap = mkOption {
686 description = "Ldap configuration for buildbot";
687 type = submodule {
688 options = {
689 password = mkOption { type = str; description = "Buildbot password"; };
690 };
691 };
692 };
693 projects = mkOption {
694 description = "Projects to make a buildbot for";
695 type = attrsOf (submodule {
696 options = {
697 name = mkOption { type = str; description = "Project name"; };
698 packages = mkOption {
699 type = unspecified;
700 example = literalExample ''
701 pkgs: [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ];
702 '';
703 description = ''
704 Function.
705 Builds packages list to make available to buildbot project.
706 Takes pkgs as argument.
707 '';
708 };
709 pythonPackages = mkOption {
710 type = unspecified;
711 example = literalExample ''
712 p: pkgs: [ pkgs.python3Packages.pip ];
713 '';
714 description = ''
715 Function.
716 Builds python packages list to make available to buildbot project.
717 Takes buildbot python module as first argument and pkgs as second argument in order to augment the python modules list.
718 '';
719 };
720 pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; };
721 secrets = mkOption {
722 type = attrsOf str;
723 description = "Secrets for the project to dump as files";
724 };
725 environment = mkOption {
726 type = attrsOf str;
727 description = ''
728 Environment variables for the project.
729 BUILDBOT_ is prefixed to the variable names
730 '';
731 };
732 activationScript = mkOption {
733 type = lines;
734 description = ''
735 Activation script to run during deployment
736 '';
737 };
738 builderPaths = mkOption {
739 type = attrsOf unspecified;
740 default = {};
741 description = ''
742 Attrs of functions to make accessible specifically per builder.
743 Takes pkgs as argument and should return a single path containing binaries.
744 This path will be accessible as BUILDBOT_PATH_<attrskey>
745 '';
746 };
747 webhookTokens = mkOption {
748 type = nullOr (listOf str);
749 default = null;
750 description = ''
751 List of tokens allowed to push to project’s change_hook/base endpoint
752 '';
753 };
754 };
755 });
756 };
757 };
758 };
759 };
760 tools = mkOption {
761 description = "Tools configurations";
762 type = submodule {
763 options = {
764 davical = mkOption {
765 description = "Davical configuration";
766 type = submodule {
767 options = {
768 postgresql = mkPsqlOptions "Davical";
769 ldap = mkLdapOptions "Davical" {};
770 };
771 };
772 };
773 diaspora = mkOption {
774 description = "Diaspora configuration";
775 type = submodule {
776 options = {
777 postgresql = mkPsqlOptions "Diaspora";
778 redis = mkRedisOptions "Diaspora";
779 ldap = mkLdapOptions "Diaspora" {};
780 secret_token = mkOption { type = str; description = "Secret token"; };
781 };
782 };
783 };
784 etherpad-lite = mkOption {
785 description = "Etherpad configuration";
786 type = submodule {
787 options = {
788 postgresql = mkPsqlOptions "Etherpad";
789 ldap = mkLdapOptions "Etherpad" {
790 group_filter = mkOption { type = str; description = "Filter for groups"; };
791 };
792 session_key = mkOption { type = str; description = "Session key"; };
793 api_key = mkOption { type = str; description = "API key"; };
794 redirects = mkOption { type = str; description = "Redirects for apache"; };
795 };
796 };
797 };
798 gitolite = mkOption {
799 description = "Gitolite configuration";
800 type = submodule {
801 options = {
802 ldap = mkLdapOptions "Gitolite" {};
803 };
804 };
805 };
806 kanboard = mkOption {
807 description = "Kanboard configuration";
808 type = submodule {
809 options = {
810 postgresql = mkPsqlOptions "Kanboard";
811 ldap = mkLdapOptions "Kanboard" {
812 admin_dn = mkOption { type = str; description = "Admin DN"; };
813 };
814 };
815 };
816 };
817 mantisbt = mkOption {
818 description = "Mantisbt configuration";
819 type = submodule {
820 options = {
821 postgresql = mkPsqlOptions "Mantisbt";
822 ldap = mkLdapOptions "Mantisbt" {};
823 master_salt = mkOption { type = str; description = "Master salt for password hash"; };
824 };
825 };
826 };
827 mastodon = mkOption {
828 description = "Mastodon configuration";
829 type = submodule {
830 options = {
831 postgresql = mkPsqlOptions "Mastodon";
832 redis = mkRedisOptions "Mastodon";
833 ldap = mkLdapOptions "Mastodon" {};
834 paperclip_secret = mkOption { type = str; description = "Paperclip secret"; };
835 otp_secret = mkOption { type = str; description = "OTP secret"; };
836 secret_key_base = mkOption { type = str; description = "Secret key base"; };
837 vapid = mkOption {
838 description = "vapid key";
839 type = submodule {
840 options = {
841 private = mkOption { type = str; description = "Private key"; };
842 public = mkOption { type = str; description = "Public key"; };
843 };
844 };
845 };
846 };
847 };
848 };
849 mediagoblin = mkOption {
850 description = "Mediagoblin configuration";
851 type = submodule {
852 options = {
853 postgresql = mkPsqlOptions "Mediagoblin";
854 redis = mkRedisOptions "Mediagoblin";
855 ldap = mkLdapOptions "Mediagoblin" {};
856 };
857 };
858 };
859 nextcloud = mkOption {
860 description = "Nextcloud configuration";
861 type = submodule {
862 options = {
863 postgresql = mkPsqlOptions "Peertube";
864 redis = mkRedisOptions "Peertube";
865 password_salt = mkOption { type = str; description = "Password salt"; };
866 instance_id = mkOption { type = str; description = "Instance ID"; };
867 secret = mkOption { type = str; description = "App secret"; };
868 };
869 };
870 };
871 peertube = mkOption {
872 description = "Peertube configuration";
873 type = submodule {
874 options = {
875 listenPort = mkOption { type = port; description = "Port to listen to"; };
876 postgresql = mkPsqlOptions "Peertube";
877 redis = mkRedisOptions "Peertube";
878 ldap = mkLdapOptions "Peertube" {};
879 };
880 };
881 };
882 phpldapadmin = mkOption {
883 description = "phpLdapAdmin configuration";
884 type = submodule {
885 options = {
886 ldap = mkLdapOptions "phpldapadmin" {};
887 };
888 };
889 };
890 rompr = mkOption {
891 description = "Rompr configuration";
892 type = submodule {
893 options = {
894 mpd = mkOption {
895 description = "MPD configuration";
896 type = submodule {
897 options = {
898 host = mkOption { type = str; description = "Host for MPD"; };
899 port = mkOption { type = port; description = "Port to access MPD host"; };
900 };
901 };
902 };
903 };
904 };
905 };
906 roundcubemail = mkOption {
907 description = "Roundcubemail configuration";
908 type = submodule {
909 options = {
910 postgresql = mkPsqlOptions "TT-RSS";
911 secret = mkOption { type = str; description = "Secret"; };
912 };
913 };
914 };
915 shaarli = mkOption {
916 description = "Shaarli configuration";
917 type = submodule {
918 options = {
919 ldap = mkLdapOptions "Shaarli" {};
920 };
921 };
922 };
923 task = mkOption {
924 description = "Taskwarrior configuration";
925 type = submodule {
926 options = {
927 ldap = mkLdapOptions "Taskwarrior" {};
928 taskwarrior-web = mkOption {
929 description = "taskwarrior-web profiles";
930 type = attrsOf (submodule {
931 options = {
932 uid = mkOption {
933 type = listOf str;
934 description = "List of ldap uids having access to this profile";
935 };
936 org = mkOption { type = str; description = "Taskd organisation"; };
937 key = mkOption { type = str; description = "Taskd key"; };
938 date = mkOption { type = str; description = "Preferred date format"; };
939 };
940 });
941 };
942 };
943 };
944 };
945 ttrss = mkOption {
946 description = "TT-RSS configuration";
947 type = submodule {
948 options = {
949 postgresql = mkPsqlOptions "TT-RSS";
950 ldap = mkLdapOptions "TT-RSS" {};
951 };
952 };
953 };
954 wallabag = mkOption {
955 description = "Wallabag configuration";
956 type = submodule {
957 options = {
958 postgresql = mkPsqlOptions "Wallabag";
959 ldap = mkLdapOptions "Wallabag" {
960 admin_filter = mkOption { type = str; description = "Admin users filter"; };
961 };
962 redis = mkRedisOptions "Wallabag";
963 secret = mkOption { type = str; description = "App secret"; };
964 };
965 };
966 };
967 ympd = mkOption {
968 description = "Ympd configuration";
969 type = submodule {
970 options = {
971 listenPort = mkOption { type = port; description = "Port to listen to"; };
972 mpd = mkOption {
973 description = "MPD configuration";
974 type = submodule {
975 options = {
976 password = mkOption { type = str; description = "Password to access MPD host"; };
977 host = mkOption { type = str; description = "Host for MPD"; };
978 port = mkOption { type = port; description = "Port to access MPD host"; };
979 };
980 };
981 };
982 };
983 };
984 };
985 yourls = mkOption {
986 description = "Yourls configuration";
987 type = submodule {
988 options = {
989 mysql = mkMysqlOptions "Yourls" {};
990 ldap = mkLdapOptions "Yourls" {};
991 cookieKey = mkOption { type = str; description = "Cookie key"; };
992 };
993 };
994 };
995 };
996 };
997 };
998 websites = mkOption {
999 description = "Websites configurations";
1000 type = submodule {
1001 options = {
1002 isabelle = mkOption {
1003 description = "Isabelle configurations by environment";
1004 type =
1005 let
1006 atenSubmodule = mkOption {
1007 description = "environment configuration";
1008 type = submodule {
1009 options = {
1010 environment = mkOption { type = str; description = "Symfony environment"; };
1011 secret = mkOption { type = str; description = "Symfony App secret"; };
1012 postgresql = mkPsqlOptions "Aten";
1013 };
1014 };
1015 };
1016 in
1017 submodule {
1018 options = {
1019 aten_production = atenSubmodule;
1020 aten_integration = atenSubmodule;
1021 iridologie = mkOption {
1022 description = "environment configuration";
1023 type = submodule {
1024 options = {
1025 environment = mkOption { type = str; description = "SPIP environment"; };
1026 mysql = mkMysqlOptions "Iridologie" {};
1027 ldap = mkLdapOptions "Iridologie" {};
1028 };
1029 };
1030 };
1031 };
1032 };
1033 };
1034 chloe = mkOption {
1035 description = "Chloe configurations by environment";
1036 type =
1037 let
1038 chloeSubmodule = mkOption {
1039 description = "environment configuration";
1040 type = submodule {
1041 options = {
1042 environment = mkOption { type = str; description = "SPIP environment"; };
1043 mysql = mkMysqlOptions "Chloe" {};
1044 ldap = mkLdapOptions "Chloe" {};
1045 };
1046 };
1047 };
1048 in
1049 submodule {
1050 options = {
1051 production = chloeSubmodule;
1052 integration = chloeSubmodule;
1053 };
1054 };
1055 };
1056 connexionswing = mkOption {
1057 description = "Connexionswing configurations by environment";
1058 type =
1059 let
1060 csSubmodule = mkOption {
1061 description = "environment configuration";
1062 type = submodule {
1063 options = {
1064 environment = mkOption { type = str; description = "Symfony environment"; };
1065 mysql = mkMysqlOptions "Connexionswing" {};
1066 secret = mkOption { type = str; description = "Symfony App secret"; };
1067 email = mkOption { type = str; description = "Symfony email notification"; };
1068 };
1069 };
1070 };
1071 in
1072 submodule {
1073 options = {
1074 production = csSubmodule;
1075 integration = csSubmodule;
1076 };
1077 };
1078 };
1079 jerome = mkOption {
1080 description = "Naturaloutil configuration";
1081 type = submodule {
1082 options = {
1083 mysql = mkMysqlOptions "Naturaloutil" {};
1084 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1085 };
1086 };
1087 };
1088 telioTortay = mkOption {
1089 description = "Telio Tortay configuration";
1090 type = submodule {
1091 options = {
1092 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1093 };
1094 };
1095 };
1096 ludivinecassal = mkOption {
1097 description = "Ludivinecassal configurations by environment";
1098 type =
1099 let
1100 lcSubmodule = mkOption {
1101 description = "environment configuration";
1102 type = submodule {
1103 options = {
1104 environment = mkOption { type = str; description = "Symfony environment"; };
1105 mysql = mkMysqlOptions "LudivineCassal" {};
1106 ldap = mkLdapOptions "LudivineCassal" {};
1107 secret = mkOption { type = str; description = "Symfony App secret"; };
1108 };
1109 };
1110 };
1111 in
1112 submodule {
1113 options = {
1114 production = lcSubmodule;
1115 integration = lcSubmodule;
1116 };
1117 };
1118 };
1119 emilia = mkOption {
1120 description = "Emilia configuration";
1121 type = submodule {
1122 options = {
1123 postgresql = mkPsqlOptions "Emilia";
1124 };
1125 };
1126 };
1127 florian = mkOption {
1128 description = "Florian configuration";
1129 type = submodule {
1130 options = {
1131 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1132 };
1133 };
1134 };
1135 nassime = mkOption {
1136 description = "Nassime configuration";
1137 type = submodule {
1138 options = {
1139 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1140 };
1141 };
1142 };
1143 piedsjaloux = mkOption {
1144 description = "Piedsjaloux configurations by environment";
1145 type =
1146 let
1147 pjSubmodule = mkOption {
1148 description = "environment configuration";
1149 type = submodule {
1150 options = {
1151 environment = mkOption { type = str; description = "Symfony environment"; };
1152 mysql = mkMysqlOptions "Piedsjaloux" {};
1153 secret = mkOption { type = str; description = "Symfony App secret"; };
1154 };
1155 };
1156 };
1157 in
1158 submodule {
1159 options = {
1160 production = pjSubmodule;
1161 integration = pjSubmodule;
1162 };
1163 };
1164 };
1165 richie = mkOption {
1166 description = "Europe Richie configurations by environment";
1167 type = submodule {
1168 options = {
1169 mysql = mkMysqlOptions "Richie" {};
1170 smtp_mailer = mkOption {
1171 description = "SMTP mailer configuration";
1172 type = submodule {
1173 options = {
1174 user = mkOption { type = str; description = "Username"; };
1175 password = mkOption { type = str; description = "Password"; };
1176 };
1177 };
1178 };
1179 };
1180 };
1181 };
1182 tellesflorian = mkOption {
1183 description = "Tellesflorian configurations by environment";
1184 type =
1185 let
1186 tfSubmodule = mkOption {
1187 description = "environment configuration";
1188 type = submodule {
1189 options = {
1190 environment = mkOption { type = str; description = "Symfony environment"; };
1191 mysql = mkMysqlOptions "Tellesflorian" {};
1192 secret = mkOption { type = str; description = "Symfony App secret"; };
1193 invite_passwords = mkOption { type = str; description = "Password basic auth"; };
1194 };
1195 };
1196 };
1197 in
1198 submodule {
1199 options = {
1200 integration = tfSubmodule;
1201 };
1202 };
1203 };
1204 };
1205 };
1206 };
1207
1208 privateFiles = mkOption {
1209 type = path;
1210 description = ''
1211 Path to secret files to make available during build
1212 '';
1213 };
1214 };
1215 options.hostEnv = mkOption {
1216 readOnly = true;
1217 type = hostEnv;
1218 default = config.myEnv.servers."${name}";
1219 description = "Host environment";
1220 };
1221 }
My infrastructure configuration