+++ /dev/null
-{ config, lib, name, ... }:
-with lib;
-with types;
-with lists;
-let
- ldapOptions = {
- base = mkOption { description = "Base of the LDAP tree"; type = str; };
- host = mkOption { description = "Host to access LDAP"; type = str; };
- root_dn = mkOption { description = "DN of the root user"; type = str; };
- root_pw = mkOption { description = "Hashed password of the root user"; type = str; };
- replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; };
- replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; };
- };
- mkLdapOptions = name: more: mkOption {
- description = "${name} LDAP configuration";
- type = submodule {
- options = ldapOptions // {
- dn = mkOption { description = "DN of the ${name} user"; type = str; };
- password = mkOption { description = "password of the ${name} user"; type = str; };
- filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; };
- } // more;
- };
- };
- mysqlOptions = {
- host = mkOption { description = "Host to access Mysql"; type = str; };
- remoteHost = mkOption { description = "Host to access Mysql from outside"; type = str; };
- port = mkOption { description = "Port to access Mysql"; type = str; };
- socket = mkOption { description = "Socket to access Mysql"; type = path; };
- systemUsers = mkOption {
- description = "Attrs of user-passwords allowed to access mysql";
- type = attrsOf str;
- };
- pam = mkOption {
- description = "PAM configuration for mysql";
- type = submodule {
- options = {
- dn = mkOption { description = "DN to connect as to check users"; type = str; };
- password = mkOption { description = "DN password to connect as to check users"; type = str; };
- filter = mkOption { description = "filter to match users"; type = str; };
- };
- };
- };
- };
- mkMysqlOptions = name: more: mkOption {
- description = "${name} mysql configuration";
- type = submodule {
- options = mysqlOptions // {
- database = mkOption { description = "${name} database"; type = str; };
- user = mkOption { description = "${name} user"; type = str; };
- password = mkOption { description = "mysql password of the ${name} user"; type = str; };
- } // more;
- };
- };
- psqlOptions = {
- host = mkOption { description = "Host to access Postgresql"; type = str; };
- port = mkOption { description = "Port to access Postgresql"; type = str; };
- socket = mkOption { description = "Socket to access Postgresql"; type = path; };
- pam = mkOption {
- description = "PAM configuration for psql";
- type = submodule {
- options = {
- dn = mkOption { description = "DN to connect as to check users"; type = str; };
- password = mkOption { description = "DN password to connect as to check users"; type = str; };
- filter = mkOption { description = "filter to match users"; type = str; };
- };
- };
- };
- };
- mkPsqlOptions = name: mkOption {
- description = "${name} psql configuration";
- type = submodule {
- options = psqlOptions // {
- database = mkOption { description = "${name} database"; type = str; };
- schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; };
- user = mkOption { description = "${name} user"; type = str; };
- password = mkOption { description = "psql password of the ${name} user"; type = str; };
- };
- };
- };
- redisOptions = {
- host = mkOption { description = "Host to access Redis"; type = str; };
- port = mkOption { description = "Port to access Redis"; type = str; };
- socket = mkOption { description = "Socket to access Redis"; type = path; };
- dbs = mkOption {
- description = "Attrs of db number. Each number should be unique to avoid collision!";
- type = attrsOf str;
- };
- spiped_key = mkOption {
- type = str;
- description = ''
- Key to use with spiped to make a secure channel to replication
- '';
- };
- predixy = mkOption {
- description = "Predixy configuration. Unused yet";
- type = submodule {
- options = {
- read = mkOption { type = str; description = "Read password"; };
- };
- };
- };
- };
- mkRedisOptions = name: mkOption {
- description = "${name} redis configuration";
- type = submodule {
- options = redisOptions // {
- db = mkOption { description = "${name} database"; type = str; };
- };
- };
- };
- smtpOptions = {
- host = mkOption { description = "Host to access SMTP"; type = str; };
- port = mkOption { description = "Port to access SMTP"; type = str; };
- };
- mkSmtpOptions = name: mkOption {
- description = "${name} smtp configuration";
- type = submodule {
- options = smtpOptions // {
- email = mkOption { description = "${name} email"; type = str; };
- password = mkOption { description = "SMTP password of the ${name} user"; type = str; };
- };
- };
- };
- hostEnv = submodule {
- options = {
- fqdn = mkOption {
- description = "Host FQDN";
- type = str;
- };
- users = mkOption {
- type = unspecified;
- default = pkgs: [];
- description = ''
- Sublist of users from realUsers. Function that takes pkgs as
- argument and gives an array as a result
- '';
- };
- emails = mkOption {
- default = [];
- description = "List of e-mails that the server can be a sender of";
- type = listOf str;
- };
- ldap = mkOption {
- description = ''
- LDAP credentials for the host
- '';
- type = submodule {
- options = {
- password = mkOption { type = str; description = "Password for the LDAP connection"; };
- dn = mkOption { type = str; description = "DN for the LDAP connection"; };
- };
- };
- };
- mx = mkOption {
- description = "subdomain and priority for MX server";
- default = { enable = false; };
- type = submodule {
- options = {
- enable = mkEnableOption "Enable MX";
- subdomain = mkOption { type = nullOr str; description = "Subdomain name (mx-*)"; };
- priority = mkOption { type = nullOr str; description = "Priority"; };
- };
- };
- };
- ips = mkOption {
- description = ''
- attrs of ip4/ip6 grouped by section
- '';
- type = attrsOf (submodule {
- options = {
- ip4 = mkOption {
- type = str;
- description = ''
- ip4 address of the host
- '';
- };
- ip6 = mkOption {
- type = listOf str;
- default = [];
- description = ''
- ip6 addresses of the host
- '';
- };
- };
- });
- };
- };
- };
-in
-{
- options.myEnv = {
- servers = mkOption {
- description = ''
- Attrs of servers information in the cluster (not necessarily handled by nixops)
- '';
- default = {};
- type = attrsOf hostEnv;
- };
- hetznerCloud = mkOption {
- description = ''
- Hetzner Cloud credential information
- '';
- type = submodule {
- options = {
- authToken = mkOption {
- type = str;
- description = ''
- The API auth token.
- '';
- };
- };
- };
- };
- hetzner = mkOption {
- description = ''
- Hetzner credential information
- '';
- type = submodule {
- options = {
- user = mkOption { type = str; description = "User"; };
- pass = mkOption { type = str; description = "Password"; };
- };
- };
- };
- sshd = mkOption {
- description = ''
- sshd service credential information
- '';
- type = submodule {
- options = {
- rootKeys = mkOption { type = attrsOf str; description = "Keys of root users"; };
- ldap = mkOption {
- description = ''
- LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn
- '';
- type = submodule {
- options = {
- password = mkOption { description = "Password"; type = str; };
- };
- };
- };
- };
- };
- };
- ports = mkOption {
- description = ''
- non-standard reserved ports. Must be unique!
- '';
- type = attrsOf port;
- default = {};
- apply = let
- noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x));
- in
- x: if isAttrs x && noDupl x then x else throw "Non unique values for ports";
- };
- httpd = mkOption {
- description = ''
- httpd service credential information
- '';
- type = submodule {
- options = {
- ldap = mkOption {
- description = ''
- LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn
- '';
- type = submodule {
- options = {
- password = mkOption { description = "Password"; type = str; };
- };
- };
- };
- };
- };
- };
- smtp = mkOption {
- type = submodule { options = smtpOptions; };
- description = "SMTP configuration";
- };
- ldap = mkOption {
- description = ''
- LDAP server configuration
- '';
- type = submodule {
- options = ldapOptions;
- };
- };
- databases = mkOption {
- description = "Databases configuration";
- type = submodule {
- options = {
- mysql = mkOption {
- type = submodule { options = mysqlOptions; };
- description = "Mysql configuration";
- };
- redis = mkOption {
- type = submodule { options = redisOptions; };
- description = "Redis configuration";
- };
- postgresql = mkOption {
- type = submodule { options = psqlOptions; };
- description = "Postgresql configuration";
- };
- };
- };
- };
- jabber = mkOption {
- description = "Jabber configuration";
- type = submodule {
- options = {
- postfix_user_filter = mkOption { type = str; description = "Postfix filter to get xmpp users"; };
- ldap = mkLdapOptions "Jabber" {};
- postgresql = mkPsqlOptions "Jabber";
- };
- };
- };
- realUsers = mkOption {
- description = ''
- Attrset of function taking pkgs as argument.
- Real users settings, should provide a subattr of users.users.<name>
- with at least: name, (hashed)Password, shell
- '';
- type = attrsOf unspecified;
- };
- users = mkOption {
- description = "System and regular users uid/gid";
- type = attrsOf (submodule {
- options = {
- uid = mkOption {
- description = "user uid";
- type = int;
- };
- gid = mkOption {
- description = "user gid";
- type = int;
- };
- };
- });
- };
- dns = mkOption {
- description = "DNS configuration";
- type = submodule {
- options = {
- soa = mkOption {
- description = "SOA information";
- type = submodule {
- options = {
- serial = mkOption {
- description = "Serial number. Should be incremented at each change and unique";
- type = str;
- };
- refresh = mkOption {
- description = "Refresh time";
- type = str;
- };
- retry = mkOption {
- description = "Retry time";
- type = str;
- };
- expire = mkOption {
- description = "Expire time";
- type = str;
- };
- ttl = mkOption {
- description = "Default TTL time";
- type = str;
- };
- email = mkOption {
- description = "hostmaster e-mail";
- type = str;
- };
- primary = mkOption {
- description = "Primary NS";
- type = str;
- };
- };
- };
- };
- ns = mkOption {
- description = "Attrs of NS servers group";
- example = {
- foo = {
- "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ];
- "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ];
- };
- };
- type = attrsOf (attrsOf (listOf str));
- };
- keys = mkOption {
- default = {};
- description = "DNS keys";
- type = attrsOf (submodule {
- options = {
- algorithm = mkOption { type = str; description = "Algorithm"; };
- secret = mkOption { type = str; description = "Secret"; };
- };
- });
- };
- slaveZones = mkOption {
- description = "List of slave zones";
- type = listOf (submodule {
- options = {
- name = mkOption { type = str; description = "zone name"; };
- masters = mkOption {
- description = "NS master groups of this zone";
- type = listOf str;
- };
- keys = mkOption {
- default = [];
- description = "Keys associated to the server";
- type = listOf str;
- };
- };
- });
- };
- masterZones = mkOption {
- description = "List of master zones";
- type = listOf (submodule {
- options = {
- name = mkOption { type = str; description = "zone name"; };
- withCAA = mkOption { type = nullOr str; description = "CAA entry"; default = null; };
- slaves = mkOption {
- description = "NS slave groups of this zone";
- type = listOf str;
- };
- ns = mkOption {
- description = "groups names that should have their NS entries listed here";
- type = listOf str;
- };
- extra = mkOption {
- description = "Extra zone configuration for bind";
- example = ''
- notify yes;
- '';
- type = lines;
- };
- entries = mkOption { type = lines; description = "Regular entries of the NS zone"; };
- withEmail = mkOption {
- description = "List of domains that should have mail entries (MX, dkim, SPF, ...)";
- default = [];
- type = listOf (submodule {
- options = {
- domain = mkOption { type = str; description = "Which subdomain is concerned"; };
- send = mkOption { type = bool; description = "Whether there can be e-mails originating from the subdomain"; };
- receive = mkOption { type = bool; description = "Whether there can be e-mails arriving to the subdomain"; };
- };
- });
- };
- };
- });
- };
- };
- };
- };
- backup = mkOption {
- description = ''
- Remote backup with duplicity
- '';
- type = submodule {
- options = {
- password = mkOption { type = str; description = "Password for encrypting files"; };
- remotes = mkOption {
- type = attrsOf (submodule {
- options = {
- remote = mkOption {
- type = unspecified;
- example = literalExample ''
- bucket: "s3://some_host/${bucket}";
- '';
- description = ''
- Function.
- Takes a bucket name as argument and returns a url
- '';
- };
- accessKeyId = mkOption { type = str; description = "Remote access-key"; };
- secretAccessKey = mkOption { type = str; description = "Remote access secret"; };
- };
- });
- };
- };
- };
- };
- zrepl_backup = mkOption {
- type = submodule {
- options = {
- ssh_key = mkOption {
- description = "SSH key information";
- type = submodule {
- options = {
- public = mkOption { type = str; description = "Public part of the key"; };
- private = mkOption { type = lines; description = "Private part of the key"; };
- };
- };
- };
- mysql = mkMysqlOptions "Zrepl" {};
- };
- };
- };
- rsync_backup = mkOption {
- description =''
- Rsync backup configuration from controlled host
- '';
- type = submodule {
- options = {
- ssh_key = mkOption {
- description = "SSH key information";
- type = submodule {
- options = {
- public = mkOption { type = str; description = "Public part of the key"; };
- private = mkOption { type = lines; description = "Private part of the key"; };
- };
- };
- };
- profiles = mkOption {
- description = "Attrs of profiles to backup";
- type = attrsOf (submodule {
- options = {
- keep = mkOption { type = int; description = "Number of backups to keep"; };
- check_command = mkOption { type = str; description = "command to check if backup needs to be done"; default = "backup"; };
- login = mkOption { type = str; description = "Login to connect to host"; };
- port = mkOption { type = str; default = "22"; description = "Port to connect to host"; };
- host = mkOption { type = str; description = "Host to connect to"; };
- host_key = mkOption { type = str; description = "Host key"; };
- host_key_type = mkOption { type = str; description = "Host key type"; };
- parts = mkOption {
- description = "Parts to backup for this host";
- type = attrsOf (submodule {
- options = {
- remote_folder = mkOption { type = path; description = "Remote folder to backup";};
- exclude_from = mkOption {
- type = listOf path;
- default = [];
- description = "List of folders/files to exclude from the backup";
- };
- files_from = mkOption {
- type = listOf path;
- default = [];
- description = "List of folders/files to backup in the base folder";
- };
- args = mkOption {
- type = nullOr str;
- default = null;
- description = "Extra arguments to pass to rsync";
- };
- };
- });
- };
- };
- });
- };
- };
- };
- };
- monitoring = mkOption {
- description = "Monitoring configuration";
- type = submodule {
- options = {
- status_url = mkOption { type = str; description = "URL to push status to"; };
- status_token = mkOption { type = str; description = "Token for the status url"; };
- http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; };
- email = mkOption { type = str; description = "Admin E-mail"; };
- ssh_public_key = mkOption { type = str; description = "SSH public key"; };
- ssh_secret_key = mkOption { type = str; description = "SSH secret key"; };
- imap_login = mkOption { type = str; description = "IMAP login"; };
- imap_password = mkOption { type = str; description = "IMAP password"; };
- eriomem_keys = mkOption { type = listOf (listOf str); description = "Eriomem keys"; default = []; };
- ovh_sms = mkOption {
- description = "OVH credentials for sms script";
- type = submodule {
- options = {
- endpoint = mkOption { type = str; default = "ovh-eu"; description = "OVH endpoint"; };
- application_key = mkOption { type = str; description = "Application key"; };
- application_secret = mkOption { type = str; description = "Application secret"; };
- consumer_key = mkOption { type = str; description = "Consumer key"; };
- account = mkOption { type = str; description = "Account"; };
- };
- };
- };
- eban = mkOption {
- description = "Eban credentials for webhook";
- type = submodule {
- options = {
- user = mkOption { type = str; description = "User"; };
- password = mkOption { type = str; description = "Password"; };
- };
- };
- };
- nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; };
- slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; };
- slack_channel = mkOption { type = str; description = "Slack channel to push status update"; };
- netdata_aggregator = mkOption { type = str; description = "Url where netdata information should be sent"; };
- netdata_keys = mkOption { type = attrsOf str; description = "netdata host keys"; };
- contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; };
- email_check = mkOption {
- description = "Emails services to check";
- type = attrsOf (submodule {
- options = {
- local = mkOption { type = bool; default = false; description = "Use local configuration"; };
- port = mkOption { type = nullOr str; default = null; description = "Port to connect to ssh"; };
- login = mkOption { type = nullOr str; default = null; description = "Login to connect to ssh"; };
- targets = mkOption { type = listOf str; description = "Hosts to send E-mails to"; };
- mail_address = mkOption { type = nullOr str; default = null; description = "E-mail recipient part to send e-mail to"; };
- mail_domain = mkOption { type = nullOr str; default = null; description = "E-mail domain part to send e-mail to"; };
- };
- });
- };
- };
- };
- };
- mpd = mkOption {
- description = "MPD configuration";
- type = submodule {
- options = {
- folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; };
- password = mkOption { type = str; description = "Password to connect to the MPD instance"; };
- host = mkOption { type = str; description = "Host to connect to the MPD instance"; };
- port = mkOption { type = str; description = "Port to connect to the MPD instance"; };
- };
- };
- };
- ftp = mkOption {
- description = "FTP configuration";
- type = submodule {
- options = {
- ldap = mkLdapOptions "FTP" {
- proftpd_filter = mkOption { type = str; description = "Filter for proftpd listing in LDAP"; };
- pure-ftpd_filter = mkOption { type = str; description = "Filter for pure-ftpd listing in LDAP"; };
- };
- };
- };
- };
- vpn = mkOption {
- description = "VPN configuration";
- type = attrsOf (submodule {
- options = {
- prefix = mkOption { type = str; description = "ipv6 prefix for the vpn subnet"; };
- privateKey = mkOption { type = str; description = "Private key for the host"; };
- publicKey = mkOption { type = str; description = "Public key for the host"; };
- };
- });
- };
- mail = mkOption {
- description = "Mail configuration";
- type = submodule {
- options = {
- dmarc = mkOption {
- description = "DMARC configuration";
- type = submodule {
- options = {
- ignore_hosts = mkOption {
- type = lines;
- description = ''
- Hosts to ignore when checking for dmarc
- '';
- };
- };
- };
- };
- dkim = mkOption {
- description = "DKIM configuration";
- type = attrsOf (submodule {
- options = {
- public = mkOption {
- type = str;
- example = ''
- ( "v=DKIM1; k=rsa; "
- "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB" )
- '';
- description = "Public entry to put in DNS TXT field";
- };
- private = mkOption { type = str; description = "Private key"; };
- };
- });
- };
- postfix = mkOption {
- description = "Postfix configuration";
- type = submodule {
- options = {
- additional_mailbox_domains = mkOption {
- description = ''
- List of domains that are used as mailbox final destination, in addition to those defined in the DNS records
- '';
- type = listOf str;
- };
- mysql = mkMysqlOptions "Postfix" {
- password_encrypt = mkOption { type = str; description = "Key to encrypt relay password in database"; };
- };
- backup_domains = mkOption {
- description = ''
- Domains that are accepted for relay as backup domain
- '';
- type = attrsOf (submodule {
- options = {
- domains = mkOption { type = listOf str; description = "Domains list"; };
- relay_restrictions = mkOption {
- type = lines;
- description = ''
- Restrictions for relaying the e-mails from the domains
- '';
- };
- recipient_maps = mkOption {
- description = ''
- Recipient map to accept relay for.
- Must be specified for domain, the rules apply to everyone!
- '';
- type = listOf (submodule {
- options = {
- type = mkOption {
- type = enum [ "hash" ];
- description = "Map type";
- };
- content = mkOption {
- type = str;
- description = "Map content";
- };
- };
- });
- };
- };
- });
- };
- };
- };
- };
- dovecot = mkOption {
- description = "Dovecot configuration";
- type = submodule {
- options = {
- ldap = mkLdapOptions "Dovecot" {
- pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; };
- user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; };
- iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; };
- iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; };
- postfix_mailbox_filter = mkOption { type = str; description = "Postfix filter to get mailboxes"; };
- };
- };
- };
- };
- rspamd = mkOption {
- description = "rspamd configuration";
- type = submodule {
- options = {
- redis = mkRedisOptions "Redis";
- read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; };
- write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; };
- read_password = mkOption {
- type = str;
- description = "Read password for rspamd. Unused";
- apply = x: "";
- };
- write_password = mkOption {
- type = str;
- description = "Write password for rspamd. Unused";
- apply = x: "";
- };
- };
- };
- };
- scripts = mkOption {
- description = "Mail script recipients";
- type = attrsOf (submodule {
- options = {
- external = mkEnableOption "Create a script_<name>@mail.immae.eu external address";
- src = mkOption {
- description = ''
- git source to fetch the script from.
- It must have a default.nix file as its root accepting a scriptEnv parameter
- '';
- type = submodule {
- options = {
- url = mkOption { type = str; description = "git url to fetch"; };
- rev = mkOption { type = str; description = "git reference to fetch"; };
- };
- };
- };
- env = mkOption {
- description = "Variables to pass to the script";
- type = unspecified;
- };
- };
- });
- };
- sympa = mkOption {
- description = "Sympa configuration";
- type = submodule {
- options = {
- listmasters = mkOption {
- type = listOf str;
- description = "Listmasters";
- };
- postgresql = mkPsqlOptions "Sympa";
- data_sources = mkOption {
- type = attrsOf str;
- default = {};
- description = "Data sources to make available to sympa";
- };
- scenari = mkOption {
- type = attrsOf str;
- default = {};
- description = "Scenari to make available to sympa";
- };
- };
- };
- };
- };
- };
- };
- buildbot = mkOption {
- description = "Buildbot configuration";
- type = submodule {
- options = {
- ssh_key = mkOption {
- description = "SSH key information";
- type = submodule {
- options = {
- public = mkOption { type = str; description = "Public part of the key"; };
- private = mkOption { type = lines; description = "Private part of the key"; };
- };
- };
- };
- workerPassword = mkOption { description = "Buildbot worker password"; type = str; };
- user = mkOption {
- description = "Buildbot user";
- type = submodule {
- options = {
- uid = mkOption {
- description = "user uid";
- type = int;
- };
- gid = mkOption {
- description = "user gid";
- type = int;
- };
- };
- };
- };
- ldap = mkOption {
- description = "Ldap configuration for buildbot";
- type = submodule {
- options = {
- password = mkOption { type = str; description = "Buildbot password"; };
- };
- };
- };
- projects = mkOption {
- description = "Projects to make a buildbot for";
- type = attrsOf (submodule {
- options = {
- name = mkOption { type = str; description = "Project name"; };
- packages = mkOption {
- type = unspecified;
- example = literalExample ''
- pkgs: [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ];
- '';
- description = ''
- Function.
- Builds packages list to make available to buildbot project.
- Takes pkgs as argument.
- '';
- };
- pythonPackages = mkOption {
- type = unspecified;
- example = literalExample ''
- p: pkgs: [ pkgs.python3Packages.pip ];
- '';
- description = ''
- Function.
- Builds python packages list to make available to buildbot project.
- Takes buildbot python module as first argument and pkgs as second argument in order to augment the python modules list.
- '';
- };
- pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; };
- workerPort = mkOption { type = port; description = "Port for the worker"; };
- secrets = mkOption {
- type = attrsOf str;
- description = "Secrets for the project to dump as files";
- };
- environment = mkOption {
- type = attrsOf str;
- description = ''
- Environment variables for the project.
- BUILDBOT_ is prefixed to the variable names
- '';
- };
- activationScript = mkOption {
- type = lines;
- description = ''
- Activation script to run during deployment
- '';
- };
- builderPaths = mkOption {
- type = attrsOf unspecified;
- default = {};
- description = ''
- Attrs of functions to make accessible specifically per builder.
- Takes pkgs as argument and should return a single path containing binaries.
- This path will be accessible as BUILDBOT_PATH_<attrskey>
- '';
- };
- webhookTokens = mkOption {
- type = nullOr (listOf str);
- default = null;
- description = ''
- List of tokens allowed to push to project’s change_hook/base endpoint
- '';
- };
- };
- });
- };
- };
- };
- };
- tools = mkOption {
- description = "Tools configurations";
- type = submodule {
- options = {
- contact = mkOption { type = str; description = "Contact e-mail address"; };
- assets = mkOption {
- default = {};
- type = attrsOf (submodule {
- options = {
- url = mkOption { type = str; description = "URL to fetch"; };
- sha256 = mkOption { type = str; description = "Hash of the url"; };
- };
- });
- description = "Assets to provide on assets.immae.eu";
- };
- davical = mkOption {
- description = "Davical configuration";
- type = submodule {
- options = {
- postgresql = mkPsqlOptions "Davical";
- ldap = mkLdapOptions "Davical" {};
- };
- };
- };
- diaspora = mkOption {
- description = "Diaspora configuration";
- type = submodule {
- options = {
- postgresql = mkPsqlOptions "Diaspora";
- redis = mkRedisOptions "Diaspora";
- ldap = mkLdapOptions "Diaspora" {};
- secret_token = mkOption { type = str; description = "Secret token"; };
- };
- };
- };
- dmarc_reports = mkOption {
- description = "DMARC reports configuration";
- type = submodule {
- options = {
- mysql = mkMysqlOptions "DMARC" {};
- anonymous_key = mkOption { type = str; description = "Anonymous hashing key"; };
- };
- };
- };
- etherpad-lite = mkOption {
- description = "Etherpad configuration";
- type = submodule {
- options = {
- postgresql = mkPsqlOptions "Etherpad";
- ldap = mkLdapOptions "Etherpad" {
- group_filter = mkOption { type = str; description = "Filter for groups"; };
- };
- adminPassword = mkOption { type = str; description = "Admin password for mypads / admin"; };
- session_key = mkOption { type = str; description = "Session key"; };
- api_key = mkOption { type = str; description = "API key"; };
- redirects = mkOption { type = str; description = "Redirects for apache"; };
- };
- };
- };
- gitolite = mkOption {
- description = "Gitolite configuration";
- type = submodule {
- options = {
- ldap = mkLdapOptions "Gitolite" {};
- ssh_key = mkOption {
- description = "SSH key information";
- type = submodule {
- options = {
- public = mkOption { type = str; description = "Public part of the key"; };
- private = mkOption { type = lines; description = "Private part of the key"; };
- };
- };
- };
- };
- };
- };
- kanboard = mkOption {
- description = "Kanboard configuration";
- type = submodule {
- options = {
- postgresql = mkPsqlOptions "Kanboard";
- ldap = mkLdapOptions "Kanboard" {
- admin_dn = mkOption { type = str; description = "Admin DN"; };
- };
- };
- };
- };
- mantisbt = mkOption {
- description = "Mantisbt configuration";
- type = submodule {
- options = {
- postgresql = mkPsqlOptions "Mantisbt";
- ldap = mkLdapOptions "Mantisbt" {};
- master_salt = mkOption { type = str; description = "Master salt for password hash"; };
- };
- };
- };
- mastodon = mkOption {
- description = "Mastodon configuration";
- type = submodule {
- options = {
- postgresql = mkPsqlOptions "Mastodon";
- redis = mkRedisOptions "Mastodon";
- ldap = mkLdapOptions "Mastodon" {};
- paperclip_secret = mkOption { type = str; description = "Paperclip secret"; };
- otp_secret = mkOption { type = str; description = "OTP secret"; };
- secret_key_base = mkOption { type = str; description = "Secret key base"; };
- vapid = mkOption {
- description = "vapid key";
- type = submodule {
- options = {
- private = mkOption { type = str; description = "Private key"; };
- public = mkOption { type = str; description = "Public key"; };
- };
- };
- };
- };
- };
- };
- mediagoblin = mkOption {
- description = "Mediagoblin configuration";
- type = submodule {
- options = {
- postgresql = mkPsqlOptions "Mediagoblin";
- redis = mkRedisOptions "Mediagoblin";
- ldap = mkLdapOptions "Mediagoblin" {};
- };
- };
- };
- nextcloud = mkOption {
- description = "Nextcloud configuration";
- type = submodule {
- options = {
- postgresql = mkPsqlOptions "Peertube";
- redis = mkRedisOptions "Peertube";
- password_salt = mkOption { type = str; description = "Password salt"; };
- instance_id = mkOption { type = str; description = "Instance ID"; };
- secret = mkOption { type = str; description = "App secret"; };
- };
- };
- };
- peertube = mkOption {
- description = "Peertube configuration";
- type = submodule {
- options = {
- listenPort = mkOption { type = port; description = "Port to listen to"; };
- postgresql = mkPsqlOptions "Peertube";
- redis = mkRedisOptions "Peertube";
- ldap = mkLdapOptions "Peertube" {};
- };
- };
- };
- syden_peertube = mkOption {
- description = "Peertube Syden configuration";
- type = submodule {
- options = {
- listenPort = mkOption { type = port; description = "Port to listen to"; };
- postgresql = mkPsqlOptions "Peertube";
- redis = mkRedisOptions "Peertube";
- };
- };
- };
- phpldapadmin = mkOption {
- description = "phpLdapAdmin configuration";
- type = submodule {
- options = {
- ldap = mkLdapOptions "phpldapadmin" {};
- };
- };
- };
- rompr = mkOption {
- description = "Rompr configuration";
- type = submodule {
- options = {
- mpd = mkOption {
- description = "MPD configuration";
- type = submodule {
- options = {
- host = mkOption { type = str; description = "Host for MPD"; };
- port = mkOption { type = port; description = "Port to access MPD host"; };
- };
- };
- };
- };
- };
- };
- roundcubemail = mkOption {
- description = "Roundcubemail configuration";
- type = submodule {
- options = {
- postgresql = mkPsqlOptions "TT-RSS";
- secret = mkOption { type = str; description = "Secret"; };
- };
- };
- };
- shaarli = mkOption {
- description = "Shaarli configuration";
- type = submodule {
- options = {
- ldap = mkLdapOptions "Shaarli" {};
- };
- };
- };
- status_engine = mkOption {
- description = "Status Engine configuration";
- type = submodule {
- options = {
- mysql = mkMysqlOptions "StatusEngine" {};
- ldap = mkLdapOptions "StatusEngine" {};
- };
- };
- };
- task = mkOption {
- description = "Taskwarrior configuration";
- type = submodule {
- options = {
- ldap = mkLdapOptions "Taskwarrior" {};
- taskwarrior-web = mkOption {
- description = "taskwarrior-web profiles";
- type = attrsOf (submodule {
- options = {
- uid = mkOption {
- type = listOf str;
- description = "List of ldap uids having access to this profile";
- };
- org = mkOption { type = str; description = "Taskd organisation"; };
- key = mkOption { type = str; description = "Taskd key"; };
- date = mkOption { type = str; description = "Preferred date format"; };
- };
- });
- };
- };
- };
- };
- ttrss = mkOption {
- description = "TT-RSS configuration";
- type = submodule {
- options = {
- postgresql = mkPsqlOptions "TT-RSS";
- ldap = mkLdapOptions "TT-RSS" {};
- };
- };
- };
- wallabag = mkOption {
- description = "Wallabag configuration";
- type = submodule {
- options = {
- postgresql = mkPsqlOptions "Wallabag";
- ldap = mkLdapOptions "Wallabag" {
- admin_filter = mkOption { type = str; description = "Admin users filter"; };
- };
- redis = mkRedisOptions "Wallabag";
- secret = mkOption { type = str; description = "App secret"; };
- };
- };
- };
- webhooks = mkOption {
- type = attrsOf str;
- description = "Mapping 'name'.php => script for webhooks";
- };
- csp_reports = mkOption {
- description = "CSP report configuration";
- type = submodule {
- options = {
- report_uri = mkOption { type = str; description = "URI to report CSP violations to"; };
- policies = mkOption { type = attrsOf str; description = "CSP policies to apply"; };
- postgresql = mkPsqlOptions "CSP reports";
- };
- };
- };
- commento = mkOption {
- description = "Commento configuration";
- type = submodule {
- options = {
- listenPort = mkOption { type = port; description = "Port to listen to"; };
- postgresql = mkPsqlOptions "Commento";
- smtp = mkSmtpOptions "Commento";
- };
- };
- };
- cryptpad = mkOption {
- description = "Cryptpad configuration";
- type = attrsOf (submodule {
- options = {
- email = mkOption { type = str; description = "Admin e-mail"; };
- admins = mkOption { type = listOf str; description = "Instance admin public keys"; };
- port = mkOption { type = port; description = "Port to listen to"; };
- };
- });
- };
- ympd = mkOption {
- description = "Ympd configuration";
- type = submodule {
- options = {
- listenPort = mkOption { type = port; description = "Port to listen to"; };
- mpd = mkOption {
- description = "MPD configuration";
- type = submodule {
- options = {
- password = mkOption { type = str; description = "Password to access MPD host"; };
- host = mkOption { type = str; description = "Host for MPD"; };
- port = mkOption { type = port; description = "Port to access MPD host"; };
- };
- };
- };
- };
- };
- };
- umami = mkOption {
- description = "Umami configuration";
- type = submodule {
- options = {
- listenPort = mkOption { type = port; description = "Port to listen to"; };
- postgresql = mkPsqlOptions "Umami";
- hashSalt = mkOption { type = str; description = "Hash salt"; };
- };
- };
- };
- yourls = mkOption {
- description = "Yourls configuration";
- type = submodule {
- options = {
- mysql = mkMysqlOptions "Yourls" {};
- ldap = mkLdapOptions "Yourls" {};
- cookieKey = mkOption { type = str; description = "Cookie key"; };
- };
- };
- };
- };
- };
- };
- serverSpecific = mkOption { type = attrsOf unspecified; description = "Server specific configuration"; };
- websites = mkOption {
- description = "Websites configurations";
- type = submodule {
- options = {
- immae = mkOption {
- description = "Immae configuration by environment";
- type = submodule {
- options = {
- temp = mkOption {
- description = "Temp configuration";
- type = submodule {
- options = {
- ldap = mkLdapOptions "Immae temp" {
- filter = mkOption { type = str; description = "Filter for user access"; };
- };
- };
- };
- };
- };
- };
- };
- isabelle = mkOption {
- description = "Isabelle configurations by environment";
- type =
- let
- atenSubmodule = mkOption {
- description = "environment configuration";
- type = submodule {
- options = {
- environment = mkOption { type = str; description = "Symfony environment"; };
- secret = mkOption { type = str; description = "Symfony App secret"; };
- postgresql = mkPsqlOptions "Aten";
- };
- };
- };
- in
- submodule {
- options = {
- aten_production = atenSubmodule;
- aten_integration = atenSubmodule;
- iridologie = mkOption {
- description = "environment configuration";
- type = submodule {
- options = {
- environment = mkOption { type = str; description = "SPIP environment"; };
- mysql = mkMysqlOptions "Iridologie" {};
- ldap = mkLdapOptions "Iridologie" {};
- };
- };
- };
- };
- };
- };
- chloe = mkOption {
- description = "Chloe configurations by environment";
- type =
- let
- chloeSubmodule = mkOption {
- description = "environment configuration";
- type = submodule {
- options = {
- environment = mkOption { type = str; description = "SPIP environment"; };
- mysql = mkMysqlOptions "Chloe" {};
- ldap = mkLdapOptions "Chloe" {};
- };
- };
- };
- in
- submodule {
- options = {
- production = chloeSubmodule;
- integration = chloeSubmodule;
- };
- };
- };
- connexionswing = mkOption {
- description = "Connexionswing configurations by environment";
- type =
- let
- csSubmodule = mkOption {
- description = "environment configuration";
- type = submodule {
- options = {
- environment = mkOption { type = str; description = "Symfony environment"; };
- mysql = mkMysqlOptions "Connexionswing" {};
- secret = mkOption { type = str; description = "Symfony App secret"; };
- email = mkOption { type = str; description = "Symfony email notification"; };
- };
- };
- };
- in
- submodule {
- options = {
- production = csSubmodule;
- integration = csSubmodule;
- };
- };
- };
- jerome = mkOption {
- description = "Naturaloutil configuration";
- type = submodule {
- options = {
- mysql = mkMysqlOptions "Naturaloutil" {};
- server_admin = mkOption { type = str; description = "Server admin e-mail"; };
- };
- };
- };
- telio_tortay = mkOption {
- description = "Telio Tortay configuration";
- type = submodule {
- options = {
- server_admin = mkOption { type = str; description = "Server admin e-mail"; };
- };
- };
- };
- ludivine = mkOption {
- description = "Ludivinecassal configurations by environment";
- type =
- let
- lcSubmodule = mkOption {
- description = "environment configuration";
- type = submodule {
- options = {
- environment = mkOption { type = str; description = "Symfony environment"; };
- mysql = mkMysqlOptions "LudivineCassal" {};
- ldap = mkLdapOptions "LudivineCassal" {};
- secret = mkOption { type = str; description = "Symfony App secret"; };
- };
- };
- };
- in
- submodule {
- options = {
- production = lcSubmodule;
- integration = lcSubmodule;
- };
- };
- };
- emilia = mkOption {
- description = "Emilia configuration";
- type = submodule {
- options = {
- postgresql = mkPsqlOptions "Emilia";
- };
- };
- };
- florian = mkOption {
- description = "Florian configuration";
- type = submodule {
- options = {
- server_admin = mkOption { type = str; description = "Server admin e-mail"; };
- };
- };
- };
- nassime = mkOption {
- description = "Nassime configuration";
- type = submodule {
- options = {
- server_admin = mkOption { type = str; description = "Server admin e-mail"; };
- };
- };
- };
- piedsjaloux = mkOption {
- description = "Piedsjaloux configurations by environment";
- type =
- let
- pjSubmodule = mkOption {
- description = "environment configuration";
- type = submodule {
- options = {
- environment = mkOption { type = str; description = "Symfony environment"; };
- mysql = mkMysqlOptions "Piedsjaloux" {};
- secret = mkOption { type = str; description = "Symfony App secret"; };
- };
- };
- };
- in
- submodule {
- options = {
- production = pjSubmodule;
- integration = pjSubmodule;
- };
- };
- };
- richie = mkOption {
- description = "Europe Richie configurations by environment";
- type = submodule {
- options = {
- mysql = mkMysqlOptions "Richie" {};
- smtp_mailer = mkOption {
- description = "SMTP mailer configuration";
- type = submodule {
- options = {
- user = mkOption { type = str; description = "Username"; };
- password = mkOption { type = str; description = "Password"; };
- };
- };
- };
- };
- };
- };
- caldance = mkOption {
- description = "Caldance configurations by environment";
- type = submodule {
- options = {
- integration = mkOption {
- description = "environment configuration";
- type = submodule {
- options = {
- password = mkOption { type = str; description = "Password file content for basic auth"; };
- };
- };
- };
- };
- };
- };
- tellesflorian = mkOption {
- description = "Tellesflorian configurations by environment";
- type =
- let
- tfSubmodule = mkOption {
- description = "environment configuration";
- type = submodule {
- options = {
- environment = mkOption { type = str; description = "Symfony environment"; };
- mysql = mkMysqlOptions "Tellesflorian" {};
- secret = mkOption { type = str; description = "Symfony App secret"; };
- invite_passwords = mkOption { type = str; description = "Password basic auth"; };
- };
- };
- };
- in
- submodule {
- options = {
- integration = tfSubmodule;
- };
- };
- };
- };
- };
- };
- };
- options.hostEnv = mkOption {
- readOnly = true;
- type = hostEnv;
- default = config.myEnv.servers."${name}";
- description = "Host environment";
- };
-}
projects / perso / Immae / Config / Nix.git / blobdiff