-{ lib, ... }:
+{ config, lib, name, ... }:
with lib;
with types;
with lists;
};
mysqlOptions = {
host = mkOption { description = "Host to access Mysql"; type = str; };
+ remoteHost = mkOption { description = "Host to access Mysql from outside"; type = str; };
port = mkOption { description = "Port to access Mysql"; type = str; };
socket = mkOption { description = "Socket to access Mysql"; type = path; };
systemUsers = mkOption {
};
};
};
- mkMysqlOptions = name: mkOption {
+ mkMysqlOptions = name: more: mkOption {
description = "${name} mysql configuration";
type = submodule {
options = mysqlOptions // {
database = mkOption { description = "${name} database"; type = str; };
user = mkOption { description = "${name} user"; type = str; };
password = mkOption { description = "mysql password of the ${name} user"; type = str; };
- };
+ } // more;
};
};
psqlOptions = {
};
};
};
+ smtpOptions = {
+ host = mkOption { description = "Host to access SMTP"; type = str; };
+ port = mkOption { description = "Port to access SMTP"; type = str; };
+ };
+ mkSmtpOptions = name: mkOption {
+ description = "${name} smtp configuration";
+ type = submodule {
+ options = smtpOptions // {
+ email = mkOption { description = "${name} email"; type = str; };
+ password = mkOption { description = "SMTP password of the ${name} user"; type = str; };
+ };
+ };
+ };
+ hostEnv = submodule {
+ options = {
+ fqdn = mkOption {
+ description = "Host FQDN";
+ type = str;
+ };
+ users = mkOption {
+ type = unspecified;
+ default = pkgs: [];
+ description = ''
+ Sublist of users from realUsers. Function that takes pkgs as
+ argument and gives an array as a result
+ '';
+ };
+ emails = mkOption {
+ default = [];
+ description = "List of e-mails that the server can be a sender of";
+ type = listOf str;
+ };
+ ldap = mkOption {
+ description = ''
+ LDAP credentials for the host
+ '';
+ type = submodule {
+ options = {
+ password = mkOption { type = str; description = "Password for the LDAP connection"; };
+ dn = mkOption { type = str; description = "DN for the LDAP connection"; };
+ };
+ };
+ };
+ mx = mkOption {
+ description = "subdomain and priority for MX server";
+ default = { enable = false; };
+ type = submodule {
+ options = {
+ enable = mkEnableOption "Enable MX";
+ subdomain = mkOption { type = nullOr str; description = "Subdomain name (mx-*)"; };
+ priority = mkOption { type = nullOr str; description = "Priority"; };
+ };
+ };
+ };
+ ips = mkOption {
+ description = ''
+ attrs of ip4/ip6 grouped by section
+ '';
+ type = attrsOf (submodule {
+ options = {
+ ip4 = mkOption {
+ type = str;
+ description = ''
+ ip4 address of the host
+ '';
+ };
+ ip6 = mkOption {
+ type = listOf str;
+ default = [];
+ description = ''
+ ip6 addresses of the host
+ '';
+ };
+ };
+ });
+ };
+ };
+ };
in
{
options.myEnv = {
Attrs of servers information in the cluster (not necessarily handled by nixops)
'';
default = {};
- type = attrsOf (submodule {
- options = {
- ldap = mkOption {
- description = ''
- LDAP credentials for the host
- '';
- type = submodule {
- options = {
- password = mkOption { type = string; description = "Password for the LDAP connection"; };
- dn = mkOption { type = string; description = "DN for the LDAP connection"; };
- };
- };
- };
- ips = mkOption {
- description = ''
- attrs of ip4/ip6 grouped by section
- '';
- type = attrsOf (submodule {
- options = {
- ip4 = mkOption {
- type = string;
- description = ''
- ip4 address of the host
- '';
- };
- ip6 = mkOption {
- type = listOf string;
- default = [];
- description = ''
- ip6 addresses of the host
- '';
- };
- };
- });
- };
- };
- });
+ type = attrsOf hostEnv;
};
hetznerCloud = mkOption {
description = ''
};
};
};
+ smtp = mkOption {
+ type = submodule { options = smtpOptions; };
+ description = "SMTP configuration";
+ };
ldap = mkOption {
description = ''
LDAP server configuration
};
};
};
+ realUsers = mkOption {
+ description = ''
+ Attrset of function taking pkgs as argument.
+ Real users settings, should provide a subattr of users.users.<name>
+ with at least: name, (hashed)Password, shell
+ '';
+ type = attrsOf unspecified;
+ };
users = mkOption {
description = "System and regular users uid/gid";
type = attrsOf (submodule {
type = submodule {
options = {
password = mkOption { type = str; description = "Password for encrypting files"; };
- remote = mkOption { type = str; description = "Remote url access"; };
- accessKeyId = mkOption { type = str; description = "Remote access-key"; };
- secretAccessKey = mkOption { type = str; description = "Remote access secret"; };
+ remotes = mkOption {
+ type = attrsOf (submodule {
+ options = {
+ remote = mkOption {
+ type = unspecified;
+ example = literalExample ''
+ bucket: "s3://some_host/${bucket}";
+ '';
+ description = ''
+ Function.
+ Takes a bucket name as argument and returns a url
+ '';
+ };
+ accessKeyId = mkOption { type = str; description = "Remote access-key"; };
+ secretAccessKey = mkOption { type = str; description = "Remote access secret"; };
+ };
+ });
+ };
+ };
+ };
+ };
+ zrepl_backup = mkOption {
+ type = submodule {
+ options = {
+ ssh_key = mkOption {
+ description = "SSH key information";
+ type = submodule {
+ options = {
+ public = mkOption { type = str; description = "Public part of the key"; };
+ private = mkOption { type = lines; description = "Private part of the key"; };
+ };
+ };
+ };
+ mysql = mkMysqlOptions "Zrepl" {};
};
};
};
'';
type = submodule {
options = {
- mailto = mkOption { type = str; description = "Where to e-mail on error"; };
ssh_key = mkOption {
description = "SSH key information";
type = submodule {
type = attrsOf (submodule {
options = {
keep = mkOption { type = int; description = "Number of backups to keep"; };
+ check_command = mkOption { type = str; description = "command to check if backup needs to be done"; default = "backup"; };
login = mkOption { type = str; description = "Login to connect to host"; };
port = mkOption { type = str; default = "22"; description = "Port to connect to host"; };
host = mkOption { type = str; description = "Host to connect to"; };
options = {
status_url = mkOption { type = str; description = "URL to push status to"; };
status_token = mkOption { type = str; description = "Token for the status url"; };
+ http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; };
email = mkOption { type = str; description = "Admin E-mail"; };
+ ssh_public_key = mkOption { type = str; description = "SSH public key"; };
+ ssh_secret_key = mkOption { type = str; description = "SSH secret key"; };
+ imap_login = mkOption { type = str; description = "IMAP login"; };
+ imap_password = mkOption { type = str; description = "IMAP password"; };
+ eriomem_keys = mkOption { type = listOf (listOf str); description = "Eriomem keys"; default = []; };
+ ovh_sms = mkOption {
+ description = "OVH credentials for sms script";
+ type = submodule {
+ options = {
+ endpoint = mkOption { type = str; default = "ovh-eu"; description = "OVH endpoint"; };
+ application_key = mkOption { type = str; description = "Application key"; };
+ application_secret = mkOption { type = str; description = "Application secret"; };
+ consumer_key = mkOption { type = str; description = "Consumer key"; };
+ account = mkOption { type = str; description = "Account"; };
+ };
+ };
+ };
+ nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; };
+ slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; };
+ slack_channel = mkOption { type = str; description = "Slack channel to push status update"; };
+ netdata_aggregator = mkOption { type = str; description = "Url where netdata information should be sent"; };
+ netdata_keys = mkOption { type = attrsOf str; description = "netdata host keys"; };
+ contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; };
+ email_check = mkOption {
+ description = "Emails services to check";
+ type = attrsOf (submodule {
+ options = {
+ local = mkOption { type = bool; default = false; description = "Use local configuration"; };
+ port = mkOption { type = nullOr str; default = null; description = "Port to connect to ssh"; };
+ login = mkOption { type = nullOr str; default = null; description = "Login to connect to ssh"; };
+ targets = mkOption { type = listOf str; description = "Hosts to send E-mails to"; };
+ mail_address = mkOption { type = nullOr str; default = null; description = "E-mail recipient part to send e-mail to"; };
+ mail_domain = mkOption { type = nullOr str; default = null; description = "E-mail domain part to send e-mail to"; };
+ };
+ });
+ };
};
};
};
};
};
};
+ vpn = mkOption {
+ description = "VPN configuration";
+ type = attrsOf (submodule {
+ options = {
+ prefix = mkOption { type = str; description = "ipv6 prefix for the vpn subnet"; };
+ privateKey = mkOption { type = str; description = "Private key for the host"; };
+ publicKey = mkOption { type = str; description = "Public key for the host"; };
+ };
+ });
+ };
mail = mkOption {
description = "Mail configuration";
type = submodule {
'';
type = listOf str;
};
- mysql = mkMysqlOptions "Postfix";
+ mysql = mkMysqlOptions "Postfix" {
+ password_encrypt = mkOption { type = str; description = "Key to encrypt relay password in database"; };
+ };
backup_domains = mkOption {
description = ''
Domains that are accepted for relay as backup domain
user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; };
iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; };
iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; };
+ postfix_mailbox_filter = mkOption { type = str; description = "Postfix filter to get mailboxes"; };
};
};
};
};
});
};
+ sympa = mkOption {
+ description = "Sympa configuration";
+ type = submodule {
+ options = {
+ listmasters = mkOption {
+ type = listOf str;
+ description = "Listmasters";
+ };
+ postgresql = mkPsqlOptions "Sympa";
+ data_sources = mkOption {
+ type = attrsOf str;
+ default = {};
+ description = "Data sources to make available to sympa";
+ };
+ scenari = mkOption {
+ type = attrsOf str;
+ default = {};
+ description = "Scenari to make available to sympa";
+ };
+ };
+ };
+ };
};
};
};
description = "Tools configurations";
type = submodule {
options = {
+ contact = mkOption { type = str; description = "Contact e-mail address"; };
+ assets = mkOption {
+ default = {};
+ type = attrsOf (submodule {
+ options = {
+ url = mkOption { type = str; description = "URL to fetch"; };
+ sha256 = mkOption { type = str; description = "Hash of the url"; };
+ };
+ });
+ description = "Assets to provide on assets.immae.eu";
+ };
davical = mkOption {
description = "Davical configuration";
type = submodule {
};
};
};
+ dmarc_reports = mkOption {
+ description = "DMARC reports configuration";
+ type = submodule {
+ options = {
+ mysql = mkMysqlOptions "DMARC" {};
+ anonymous_key = mkOption { type = str; description = "Anonymous hashing key"; };
+ };
+ };
+ };
etherpad-lite = mkOption {
description = "Etherpad configuration";
type = submodule {
ldap = mkLdapOptions "Etherpad" {
group_filter = mkOption { type = str; description = "Filter for groups"; };
};
+ adminPassword = mkOption { type = str; description = "Admin password for mypads / admin"; };
session_key = mkOption { type = str; description = "Session key"; };
api_key = mkOption { type = str; description = "API key"; };
redirects = mkOption { type = str; description = "Redirects for apache"; };
};
};
};
+ syden_peertube = mkOption {
+ description = "Peertube Syden configuration";
+ type = submodule {
+ options = {
+ listenPort = mkOption { type = port; description = "Port to listen to"; };
+ postgresql = mkPsqlOptions "Peertube";
+ redis = mkRedisOptions "Peertube";
+ };
+ };
+ };
phpldapadmin = mkOption {
description = "phpLdapAdmin configuration";
type = submodule {
};
};
};
+ status_engine = mkOption {
+ description = "Status Engine configuration";
+ type = submodule {
+ options = {
+ mysql = mkMysqlOptions "StatusEngine" {};
+ ldap = mkLdapOptions "StatusEngine" {};
+ };
+ };
+ };
task = mkOption {
description = "Taskwarrior configuration";
type = submodule {
};
};
};
+ webhooks = mkOption {
+ type = attrsOf str;
+ description = "Mapping 'name'.php => script for webhooks";
+ };
+ csp_reports = mkOption {
+ description = "CSP report configuration";
+ type = submodule {
+ options = {
+ report_uri = mkOption { type = str; description = "URI to report CSP violations to"; };
+ policies = mkOption { type = attrsOf str; description = "CSP policies to apply"; };
+ postgresql = mkPsqlOptions "CSP reports";
+ };
+ };
+ };
+ commento = mkOption {
+ description = "Commento configuration";
+ type = submodule {
+ options = {
+ listenPort = mkOption { type = port; description = "Port to listen to"; };
+ postgresql = mkPsqlOptions "Commento";
+ smtp = mkSmtpOptions "Commento";
+ };
+ };
+ };
ympd = mkOption {
description = "Ympd configuration";
type = submodule {
description = "Yourls configuration";
type = submodule {
options = {
- mysql = mkMysqlOptions "Yourls";
+ mysql = mkMysqlOptions "Yourls" {};
ldap = mkLdapOptions "Yourls" {};
cookieKey = mkOption { type = str; description = "Cookie key"; };
};
description = "Websites configurations";
type = submodule {
options = {
+ immae = mkOption {
+ description = "Immae configuration by environment";
+ type = submodule {
+ options = {
+ temp = mkOption {
+ description = "Temp configuration";
+ type = submodule {
+ options = {
+ ldap = mkLdapOptions "Immae temp" {
+ filter = mkOption { type = str; description = "Filter for user access"; };
+ };
+ };
+ };
+ };
+ };
+ };
+ };
isabelle = mkOption {
description = "Isabelle configurations by environment";
type =
options = {
aten_production = atenSubmodule;
aten_integration = atenSubmodule;
+ iridologie = mkOption {
+ description = "environment configuration";
+ type = submodule {
+ options = {
+ environment = mkOption { type = str; description = "SPIP environment"; };
+ mysql = mkMysqlOptions "Iridologie" {};
+ ldap = mkLdapOptions "Iridologie" {};
+ };
+ };
+ };
};
};
};
description = "environment configuration";
type = submodule {
options = {
- environment = mkOption { type = str; description = "Symfony environment"; };
- mysql = mkMysqlOptions "Chloe";
+ environment = mkOption { type = str; description = "SPIP environment"; };
+ mysql = mkMysqlOptions "Chloe" {};
ldap = mkLdapOptions "Chloe" {};
};
};
type = submodule {
options = {
environment = mkOption { type = str; description = "Symfony environment"; };
- mysql = mkMysqlOptions "Connexionswing";
+ mysql = mkMysqlOptions "Connexionswing" {};
secret = mkOption { type = str; description = "Symfony App secret"; };
email = mkOption { type = str; description = "Symfony email notification"; };
};
description = "Naturaloutil configuration";
type = submodule {
options = {
- mysql = mkMysqlOptions "Naturaloutil";
+ mysql = mkMysqlOptions "Naturaloutil" {};
server_admin = mkOption { type = str; description = "Server admin e-mail"; };
};
};
};
- telioTortay = mkOption {
+ telio_tortay = mkOption {
description = "Telio Tortay configuration";
type = submodule {
options = {
};
};
};
- ludivinecassal = mkOption {
+ ludivine = mkOption {
description = "Ludivinecassal configurations by environment";
type =
let
type = submodule {
options = {
environment = mkOption { type = str; description = "Symfony environment"; };
- mysql = mkMysqlOptions "LudivineCassal";
+ mysql = mkMysqlOptions "LudivineCassal" {};
ldap = mkLdapOptions "LudivineCassal" {};
secret = mkOption { type = str; description = "Symfony App secret"; };
};
type = submodule {
options = {
environment = mkOption { type = str; description = "Symfony environment"; };
- mysql = mkMysqlOptions "Piedsjaloux";
+ mysql = mkMysqlOptions "Piedsjaloux" {};
secret = mkOption { type = str; description = "Symfony App secret"; };
};
};
description = "Europe Richie configurations by environment";
type = submodule {
options = {
- mysql = mkMysqlOptions "Richie";
+ mysql = mkMysqlOptions "Richie" {};
smtp_mailer = mkOption {
description = "SMTP mailer configuration";
type = submodule {
};
};
};
+ caldance = mkOption {
+ description = "Caldance configurations by environment";
+ type = submodule {
+ options = {
+ integration = mkOption {
+ description = "environment configuration";
+ type = submodule {
+ options = {
+ password = mkOption { type = str; description = "Password file content for basic auth"; };
+ };
+ };
+ };
+ };
+ };
+ };
tellesflorian = mkOption {
description = "Tellesflorian configurations by environment";
type =
type = submodule {
options = {
environment = mkOption { type = str; description = "Symfony environment"; };
- mysql = mkMysqlOptions "Tellesflorian";
+ mysql = mkMysqlOptions "Tellesflorian" {};
secret = mkOption { type = str; description = "Symfony App secret"; };
invite_passwords = mkOption { type = str; description = "Password basic auth"; };
};
'';
};
};
- options.hostEnv = {
- FQDN = mkOption {
- type = string;
- description = ''
- FQDN of the current host.
- '';
- };
+ options.hostEnv = mkOption {
+ readOnly = true;
+ type = hostEnv;
+ default = config.myEnv.servers."${name}";
+ description = "Host environment";
};
}
projects / perso / Immae / Config / Nix.git / blobdiff