{ lib, ... }: with lib; with types; with lists; let ldapOptions = { base = mkOption { description = "Base of the LDAP tree"; type = str; }; host = mkOption { description = "Host to access LDAP"; type = str; }; root_dn = mkOption { description = "DN of the root user"; type = str; }; root_pw = mkOption { description = "Hashed password of the root user"; type = str; }; replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; }; replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; }; }; mkLdapOptions = name: more: mkOption { description = "${name} LDAP configuration"; type = submodule { options = ldapOptions // { dn = mkOption { description = "DN of the ${name} user"; type = str; }; password = mkOption { description = "password of the ${name} user"; type = str; }; filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; }; } // more; }; }; mysqlOptions = { host = mkOption { description = "Host to access Mysql"; type = str; }; port = mkOption { description = "Port to access Mysql"; type = str; }; socket = mkOption { description = "Socket to access Mysql"; type = path; }; systemUsers = mkOption { description = "Attrs of user-passwords allowed to access mysql"; type = attrsOf str; }; pam = mkOption { description = "PAM configuration for mysql"; type = submodule { options = { dn = mkOption { description = "DN to connect as to check users"; type = str; }; password = mkOption { description = "DN password to connect as to check users"; type = str; }; filter = mkOption { description = "filter to match users"; type = str; }; }; }; }; }; mkMysqlOptions = name: mkOption { description = "${name} mysql configuration"; type = submodule { options = mysqlOptions // { database = mkOption { description = "${name} database"; type = str; }; user = mkOption { description = "${name} user"; type = str; }; password = mkOption { description = "mysql password of the ${name} user"; type = str; }; }; }; }; psqlOptions = { host = mkOption { description = "Host to access Postgresql"; type = str; }; port = mkOption { description = "Port to access Postgresql"; type = str; }; socket = mkOption { description = "Socket to access Postgresql"; type = path; }; pam = mkOption { description = "PAM configuration for psql"; type = submodule { options = { dn = mkOption { description = "DN to connect as to check users"; type = str; }; password = mkOption { description = "DN password to connect as to check users"; type = str; }; filter = mkOption { description = "filter to match users"; type = str; }; }; }; }; }; mkPsqlOptions = name: mkOption { description = "${name} psql configuration"; type = submodule { options = psqlOptions // { database = mkOption { description = "${name} database"; type = str; }; schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; }; user = mkOption { description = "${name} user"; type = str; }; password = mkOption { description = "psql password of the ${name} user"; type = str; }; }; }; }; redisOptions = { host = mkOption { description = "Host to access Redis"; type = str; }; port = mkOption { description = "Port to access Redis"; type = str; }; socket = mkOption { description = "Socket to access Redis"; type = path; }; dbs = mkOption { description = "Attrs of db number. Each number should be unique to avoid collision!"; type = attrsOf str; }; spiped_key = mkOption { type = str; description = '' Key to use with spiped to make a secure channel to replication ''; }; predixy = mkOption { description = "Predixy configuration. Unused yet"; type = submodule { options = { read = mkOption { type = str; description = "Read password"; }; }; }; }; }; mkRedisOptions = name: mkOption { description = "${name} redis configuration"; type = submodule { options = redisOptions // { db = mkOption { description = "${name} database"; type = str; }; }; }; }; in { options.myEnv = { servers = mkOption { description = '' Attrs of servers information in the cluster (not necessarily handled by nixops) ''; default = {}; type = attrsOf (submodule { options = { ldap = mkOption { description = '' LDAP credentials for the host ''; type = submodule { options = { password = mkOption { type = string; description = "Password for the LDAP connection"; }; dn = mkOption { type = string; description = "DN for the LDAP connection"; }; }; }; }; ips = mkOption { description = '' attrs of ip4/ip6 grouped by section ''; type = attrsOf (submodule { options = { ip4 = mkOption { type = string; description = '' ip4 address of the host ''; }; ip6 = mkOption { type = listOf string; default = []; description = '' ip6 addresses of the host ''; }; }; }); }; }; }); }; hetznerCloud = mkOption { description = '' Hetzner Cloud credential information ''; type = submodule { options = { authToken = mkOption { type = str; description = '' The API auth token. ''; }; }; }; }; hetzner = mkOption { description = '' Hetzner credential information ''; type = submodule { options = { user = mkOption { type = str; description = "User"; }; pass = mkOption { type = str; description = "Password"; }; }; }; }; sshd = mkOption { description = '' sshd service credential information ''; type = submodule { options = { ldap = mkOption { description = '' LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn ''; type = submodule { options = { password = mkOption { description = "Password"; type = str; }; }; }; }; }; }; }; ports = mkOption { description = '' non-standard reserved ports. Must be unique! ''; type = attrsOf port; default = {}; apply = let noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x)); in x: if isAttrs x && noDupl x then x else throw "Non unique values for ports"; }; httpd = mkOption { description = '' httpd service credential information ''; type = submodule { options = { ldap = mkOption { description = '' LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn ''; type = submodule { options = { password = mkOption { description = "Password"; type = str; }; }; }; }; }; }; }; ldap = mkOption { description = '' LDAP server configuration ''; type = submodule { options = ldapOptions; }; }; databases = mkOption { description = "Databases configuration"; type = submodule { options = { mysql = mkOption { type = submodule { options = mysqlOptions; }; description = "Mysql configuration"; }; redis = mkOption { type = submodule { options = redisOptions; }; description = "Redis configuration"; }; postgresql = mkOption { type = submodule { options = psqlOptions; }; description = "Postgresql configuration"; }; }; }; }; jabber = mkOption { description = "Jabber configuration"; type = submodule { options = { ldap = mkLdapOptions "Jabber" {}; postgresql = mkPsqlOptions "Jabber"; }; }; }; users = mkOption { description = "System and regular users uid/gid"; type = attrsOf (submodule { options = { uid = mkOption { description = "user uid"; type = int; }; gid = mkOption { description = "user gid"; type = int; }; }; }); }; dns = mkOption { description = "DNS configuration"; type = submodule { options = { soa = mkOption { description = "SOA information"; type = submodule { options = { serial = mkOption { description = "Serial number. Should be incremented at each change and unique"; type = str; }; refresh = mkOption { description = "Refresh time"; type = str; }; retry = mkOption { description = "Retry time"; type = str; }; expire = mkOption { description = "Expire time"; type = str; }; ttl = mkOption { description = "Default TTL time"; type = str; }; email = mkOption { description = "hostmaster e-mail"; type = str; }; primary = mkOption { description = "Primary NS"; type = str; }; }; }; }; ns = mkOption { description = "Attrs of NS servers group"; example = { foo = { "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ]; "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ]; }; }; type = attrsOf (attrsOf (listOf str)); }; slaveZones = mkOption { description = "List of slave zones"; type = listOf (submodule { options = { name = mkOption { type = str; description = "zone name"; }; masters = mkOption { description = "NS master groups of this zone"; type = listOf str; }; }; }); }; masterZones = mkOption { description = "List of master zones"; type = listOf (submodule { options = { name = mkOption { type = str; description = "zone name"; }; slaves = mkOption { description = "NS slave groups of this zone"; type = listOf str; }; ns = mkOption { description = "groups names that should have their NS entries listed here"; type = listOf str; }; extra = mkOption { description = "Extra zone configuration for bind"; example = '' notify yes; ''; type = lines; }; entries = mkOption { type = lines; description = "Regular entries of the NS zone"; }; withEmail = mkOption { description = "List of domains that should have mail entries (MX, dkim, SPF, ...)"; default = []; type = listOf (submodule { options = { domain = mkOption { type = str; description = "Which subdomain is concerned"; }; send = mkOption { type = bool; description = "Whether there can be e-mails originating from the subdomain"; }; receive = mkOption { type = bool; description = "Whether there can be e-mails arriving to the subdomain"; }; }; }); }; }; }); }; }; }; }; backup = mkOption { description = '' Remote backup with duplicity ''; type = submodule { options = { password = mkOption { type = str; description = "Password for encrypting files"; }; remote = mkOption { type = str; description = "Remote url access"; }; accessKeyId = mkOption { type = str; description = "Remote access-key"; }; secretAccessKey = mkOption { type = str; description = "Remote access secret"; }; }; }; }; rsync_backup = mkOption { description ='' Rsync backup configuration from controlled host ''; type = submodule { options = { mailto = mkOption { type = str; description = "Where to e-mail on error"; }; ssh_key = mkOption { description = "SSH key information"; type = submodule { options = { public = mkOption { type = str; description = "Public part of the key"; }; private = mkOption { type = lines; description = "Private part of the key"; }; }; }; }; profiles = mkOption { description = "Attrs of profiles to backup"; type = attrsOf (submodule { options = { keep = mkOption { type = int; description = "Number of backups to keep"; }; login = mkOption { type = str; description = "Login to connect to host"; }; port = mkOption { type = str; default = "22"; description = "Port to connect to host"; }; host = mkOption { type = str; description = "Host to connect to"; }; host_key = mkOption { type = str; description = "Host key"; }; host_key_type = mkOption { type = str; description = "Host key type"; }; parts = mkOption { description = "Parts to backup for this host"; type = attrsOf (submodule { options = { remote_folder = mkOption { type = path; description = "Remote folder to backup";}; exclude_from = mkOption { type = listOf path; default = []; description = "List of folders/files to exclude from the backup"; }; files_from = mkOption { type = listOf path; default = []; description = "List of folders/files to backup in the base folder"; }; args = mkOption { type = nullOr str; default = null; description = "Extra arguments to pass to rsync"; }; }; }); }; }; }); }; }; }; }; monitoring = mkOption { description = "Monitoring configuration"; type = submodule { options = { status_url = mkOption { type = str; description = "URL to push status to"; }; status_token = mkOption { type = str; description = "Token for the status url"; }; email = mkOption { type = str; description = "Admin E-mail"; }; }; }; }; mpd = mkOption { description = "MPD configuration"; type = submodule { options = { folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; }; password = mkOption { type = str; description = "Password to connect to the MPD instance"; }; host = mkOption { type = str; description = "Host to connect to the MPD instance"; }; port = mkOption { type = str; description = "Port to connect to the MPD instance"; }; }; }; }; ftp = mkOption { description = "FTP configuration"; type = submodule { options = { ldap = mkLdapOptions "FTP" {}; }; }; }; mail = mkOption { description = "Mail configuration"; type = submodule { options = { dmarc = mkOption { description = "DMARC configuration"; type = submodule { options = { ignore_hosts = mkOption { type = lines; description = '' Hosts to ignore when checking for dmarc ''; }; }; }; }; dkim = mkOption { description = "DKIM configuration"; type = attrsOf (submodule { options = { public = mkOption { type = str; example = '' ( "v=DKIM1; k=rsa; " "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB" ) ''; description = "Public entry to put in DNS TXT field"; }; private = mkOption { type = str; description = "Private key"; }; }; }); }; postfix = mkOption { description = "Postfix configuration"; type = submodule { options = { additional_mailbox_domains = mkOption { description = '' List of domains that are used as mailbox final destination, in addition to those defined in the DNS records ''; type = listOf str; }; mysql = mkMysqlOptions "Postfix"; backup_domains = mkOption { description = '' Domains that are accepted for relay as backup domain ''; type = attrsOf (submodule { options = { domains = mkOption { type = listOf str; description = "Domains list"; }; relay_restrictions = mkOption { type = lines; description = '' Restrictions for relaying the e-mails from the domains ''; }; recipient_maps = mkOption { description = '' Recipient map to accept relay for. Must be specified for domain, the rules apply to everyone! ''; type = listOf (submodule { options = { type = mkOption { type = enum [ "hash" ]; description = "Map type"; }; content = mkOption { type = str; description = "Map content"; }; }; }); }; }; }); }; }; }; }; dovecot = mkOption { description = "Dovecot configuration"; type = submodule { options = { ldap = mkLdapOptions "Dovecot" { pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; }; user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; }; iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; }; iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; }; }; }; }; }; rspamd = mkOption { description = "rspamd configuration"; type = submodule { options = { redis = mkRedisOptions "Redis"; read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; }; write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; }; read_password = mkOption { type = str; description = "Read password for rspamd. Unused"; apply = x: ""; }; write_password = mkOption { type = str; description = "Write password for rspamd. Unused"; apply = x: ""; }; }; }; }; scripts = mkOption { description = "Mail script recipients"; type = attrsOf (submodule { options = { src = mkOption { description = '' git source to fetch the script from. It must have a default.nix file as its root accepting a scriptEnv parameter ''; type = submodule { options = { url = mkOption { type = str; description = "git url to fetch"; }; rev = mkOption { type = str; description = "git reference to fetch"; }; }; }; }; env = mkOption { description = "Variables to pass to the script"; type = unspecified; }; }; }); }; }; }; }; buildbot = mkOption { description = "Buildbot configuration"; type = submodule { options = { user = mkOption { description = "Buildbot user"; type = submodule { options = { uid = mkOption { description = "user uid"; type = int; }; gid = mkOption { description = "user gid"; type = int; }; }; }; }; ldap = mkOption { description = "Ldap configuration for buildbot"; type = submodule { options = { password = mkOption { type = str; description = "Buildbot password"; }; }; }; }; projects = mkOption { description = "Projects to make a buildbot for"; type = attrsOf (submodule { options = { name = mkOption { type = str; description = "Project name"; }; packages = mkOption { type = unspecified; example = literalExample '' pkgs: [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ]; ''; description = '' Function. Builds packages list to make available to buildbot project. Takes pkgs as argument. ''; }; pythonPackages = mkOption { type = unspecified; example = literalExample '' p: pkgs: [ pkgs.python3Packages.pip ]; ''; description = '' Function. Builds python packages list to make available to buildbot project. Takes buildbot python module as first argument and pkgs as second argument in order to augment the python modules list. ''; }; pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; }; secrets = mkOption { type = attrsOf str; description = "Secrets for the project to dump as files"; }; environment = mkOption { type = attrsOf str; description = '' Environment variables for the project. BUILDBOT_ is prefixed to the variable names ''; }; activationScript = mkOption { type = lines; description = '' Activation script to run during deployment ''; }; builderPaths = mkOption { type = attrsOf unspecified; default = {}; description = '' Attrs of functions to make accessible specifically per builder. Takes pkgs as argument and should return a single path containing binaries. This path will be accessible as BUILDBOT_PATH_ ''; }; webhookTokens = mkOption { type = nullOr (listOf str); default = null; description = '' List of tokens allowed to push to project’s change_hook/base endpoint ''; }; }; }); }; }; }; }; tools = mkOption { description = "Tools configurations"; type = submodule { options = { davical = mkOption { description = "Davical configuration"; type = submodule { options = { postgresql = mkPsqlOptions "Davical"; ldap = mkLdapOptions "Davical" {}; }; }; }; diaspora = mkOption { description = "Diaspora configuration"; type = submodule { options = { postgresql = mkPsqlOptions "Diaspora"; redis = mkRedisOptions "Diaspora"; ldap = mkLdapOptions "Diaspora" {}; secret_token = mkOption { type = str; description = "Secret token"; }; }; }; }; etherpad-lite = mkOption { description = "Etherpad configuration"; type = submodule { options = { postgresql = mkPsqlOptions "Etherpad"; ldap = mkLdapOptions "Etherpad" { group_filter = mkOption { type = str; description = "Filter for groups"; }; }; session_key = mkOption { type = str; description = "Session key"; }; api_key = mkOption { type = str; description = "API key"; }; redirects = mkOption { type = str; description = "Redirects for apache"; }; }; }; }; gitolite = mkOption { description = "Gitolite configuration"; type = submodule { options = { ldap = mkLdapOptions "Gitolite" {}; }; }; }; kanboard = mkOption { description = "Kanboard configuration"; type = submodule { options = { postgresql = mkPsqlOptions "Kanboard"; ldap = mkLdapOptions "Kanboard" { admin_dn = mkOption { type = str; description = "Admin DN"; }; }; }; }; }; mantisbt = mkOption { description = "Mantisbt configuration"; type = submodule { options = { postgresql = mkPsqlOptions "Mantisbt"; ldap = mkLdapOptions "Mantisbt" {}; master_salt = mkOption { type = str; description = "Master salt for password hash"; }; }; }; }; mastodon = mkOption { description = "Mastodon configuration"; type = submodule { options = { postgresql = mkPsqlOptions "Mastodon"; redis = mkRedisOptions "Mastodon"; ldap = mkLdapOptions "Mastodon" {}; paperclip_secret = mkOption { type = str; description = "Paperclip secret"; }; otp_secret = mkOption { type = str; description = "OTP secret"; }; secret_key_base = mkOption { type = str; description = "Secret key base"; }; vapid = mkOption { description = "vapid key"; type = submodule { options = { private = mkOption { type = str; description = "Private key"; }; public = mkOption { type = str; description = "Public key"; }; }; }; }; }; }; }; mediagoblin = mkOption { description = "Mediagoblin configuration"; type = submodule { options = { postgresql = mkPsqlOptions "Mediagoblin"; redis = mkRedisOptions "Mediagoblin"; ldap = mkLdapOptions "Mediagoblin" {}; }; }; }; nextcloud = mkOption { description = "Nextcloud configuration"; type = submodule { options = { postgresql = mkPsqlOptions "Peertube"; redis = mkRedisOptions "Peertube"; password_salt = mkOption { type = str; description = "Password salt"; }; instance_id = mkOption { type = str; description = "Instance ID"; }; secret = mkOption { type = str; description = "App secret"; }; }; }; }; peertube = mkOption { description = "Peertube configuration"; type = submodule { options = { listenPort = mkOption { type = port; description = "Port to listen to"; }; postgresql = mkPsqlOptions "Peertube"; redis = mkRedisOptions "Peertube"; ldap = mkLdapOptions "Peertube" {}; }; }; }; phpldapadmin = mkOption { description = "phpLdapAdmin configuration"; type = submodule { options = { ldap = mkLdapOptions "phpldapadmin" {}; }; }; }; rompr = mkOption { description = "Rompr configuration"; type = submodule { options = { mpd = mkOption { description = "MPD configuration"; type = submodule { options = { host = mkOption { type = str; description = "Host for MPD"; }; port = mkOption { type = port; description = "Port to access MPD host"; }; }; }; }; }; }; }; roundcubemail = mkOption { description = "Roundcubemail configuration"; type = submodule { options = { postgresql = mkPsqlOptions "TT-RSS"; secret = mkOption { type = str; description = "Secret"; }; }; }; }; shaarli = mkOption { description = "Shaarli configuration"; type = submodule { options = { ldap = mkLdapOptions "Shaarli" {}; }; }; }; task = mkOption { description = "Taskwarrior configuration"; type = submodule { options = { ldap = mkLdapOptions "Taskwarrior" {}; taskwarrior-web = mkOption { description = "taskwarrior-web profiles"; type = attrsOf (submodule { options = { uid = mkOption { type = listOf str; description = "List of ldap uids having access to this profile"; }; org = mkOption { type = str; description = "Taskd organisation"; }; key = mkOption { type = str; description = "Taskd key"; }; date = mkOption { type = str; description = "Preferred date format"; }; }; }); }; }; }; }; ttrss = mkOption { description = "TT-RSS configuration"; type = submodule { options = { postgresql = mkPsqlOptions "TT-RSS"; ldap = mkLdapOptions "TT-RSS" {}; }; }; }; wallabag = mkOption { description = "Wallabag configuration"; type = submodule { options = { postgresql = mkPsqlOptions "Wallabag"; ldap = mkLdapOptions "Wallabag" { admin_filter = mkOption { type = str; description = "Admin users filter"; }; }; redis = mkRedisOptions "Wallabag"; secret = mkOption { type = str; description = "App secret"; }; }; }; }; ympd = mkOption { description = "Ympd configuration"; type = submodule { options = { listenPort = mkOption { type = port; description = "Port to listen to"; }; mpd = mkOption { description = "MPD configuration"; type = submodule { options = { password = mkOption { type = str; description = "Password to access MPD host"; }; host = mkOption { type = str; description = "Host for MPD"; }; port = mkOption { type = port; description = "Port to access MPD host"; }; }; }; }; }; }; }; yourls = mkOption { description = "Yourls configuration"; type = submodule { options = { mysql = mkMysqlOptions "Yourls"; ldap = mkLdapOptions "Yourls" {}; cookieKey = mkOption { type = str; description = "Cookie key"; }; }; }; }; }; }; }; websites = mkOption { description = "Websites configurations"; type = submodule { options = { isabelle = mkOption { description = "Isabelle configurations by environment"; type = let atenSubmodule = mkOption { description = "environment configuration"; type = submodule { options = { environment = mkOption { type = str; description = "Symfony environment"; }; secret = mkOption { type = str; description = "Symfony App secret"; }; postgresql = mkPsqlOptions "Aten"; }; }; }; in submodule { options = { aten_production = atenSubmodule; aten_integration = atenSubmodule; }; }; }; chloe = mkOption { description = "Chloe configurations by environment"; type = let chloeSubmodule = mkOption { description = "environment configuration"; type = submodule { options = { environment = mkOption { type = str; description = "Symfony environment"; }; mysql = mkMysqlOptions "Chloe"; ldap = mkLdapOptions "Chloe" {}; }; }; }; in submodule { options = { production = chloeSubmodule; integration = chloeSubmodule; }; }; }; connexionswing = mkOption { description = "Connexionswing configurations by environment"; type = let csSubmodule = mkOption { description = "environment configuration"; type = submodule { options = { environment = mkOption { type = str; description = "Symfony environment"; }; mysql = mkMysqlOptions "Connexionswing"; secret = mkOption { type = str; description = "Symfony App secret"; }; email = mkOption { type = str; description = "Symfony email notification"; }; }; }; }; in submodule { options = { production = csSubmodule; integration = csSubmodule; }; }; }; jerome = mkOption { description = "Naturaloutil configuration"; type = submodule { options = { mysql = mkMysqlOptions "Naturaloutil"; server_admin = mkOption { type = str; description = "Server admin e-mail"; }; }; }; }; telioTortay = mkOption { description = "Telio Tortay configuration"; type = submodule { options = { server_admin = mkOption { type = str; description = "Server admin e-mail"; }; }; }; }; ludivinecassal = mkOption { description = "Ludivinecassal configurations by environment"; type = let lcSubmodule = mkOption { description = "environment configuration"; type = submodule { options = { environment = mkOption { type = str; description = "Symfony environment"; }; mysql = mkMysqlOptions "LudivineCassal"; ldap = mkLdapOptions "LudivineCassal" {}; secret = mkOption { type = str; description = "Symfony App secret"; }; }; }; }; in submodule { options = { production = lcSubmodule; integration = lcSubmodule; }; }; }; emilia = mkOption { description = "Emilia configuration"; type = submodule { options = { postgresql = mkPsqlOptions "Emilia"; }; }; }; florian = mkOption { description = "Florian configuration"; type = submodule { options = { server_admin = mkOption { type = str; description = "Server admin e-mail"; }; }; }; }; nassime = mkOption { description = "Nassime configuration"; type = submodule { options = { server_admin = mkOption { type = str; description = "Server admin e-mail"; }; }; }; }; piedsjaloux = mkOption { description = "Piedsjaloux configurations by environment"; type = let pjSubmodule = mkOption { description = "environment configuration"; type = submodule { options = { environment = mkOption { type = str; description = "Symfony environment"; }; mysql = mkMysqlOptions "Piedsjaloux"; secret = mkOption { type = str; description = "Symfony App secret"; }; }; }; }; in submodule { options = { production = pjSubmodule; integration = pjSubmodule; }; }; }; richie = mkOption { description = "Europe Richie configurations by environment"; type = submodule { options = { mysql = mkMysqlOptions "Richie"; smtp_mailer = mkOption { description = "SMTP mailer configuration"; type = submodule { options = { user = mkOption { type = str; description = "Username"; }; password = mkOption { type = str; description = "Password"; }; }; }; }; }; }; }; tellesflorian = mkOption { description = "Tellesflorian configurations by environment"; type = let tfSubmodule = mkOption { description = "environment configuration"; type = submodule { options = { environment = mkOption { type = str; description = "Symfony environment"; }; mysql = mkMysqlOptions "Tellesflorian"; secret = mkOption { type = str; description = "Symfony App secret"; }; invite_passwords = mkOption { type = str; description = "Password basic auth"; }; }; }; }; in submodule { options = { integration = tfSubmodule; }; }; }; }; }; }; privateFiles = mkOption { type = path; description = '' Path to secret files to make available during build ''; }; }; options.hostEnv = { FQDN = mkOption { type = string; description = '' FQDN of the current host. ''; }; }; }