X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=modules%2Fprivate%2Fenvironment.nix;fp=modules%2Fprivate%2Fenvironment.nix;h=0000000000000000000000000000000000000000;hp=837d24be95e65a9251ba93b54163fc48b6f4a113;hb=1a64deeb894dc95e2645a75771732c6cc53a79ad;hpb=fa25ffd4583cc362075cd5e1b4130f33306103f0 diff --git a/modules/private/environment.nix b/modules/private/environment.nix deleted file mode 100644 index 837d24b..0000000 --- a/modules/private/environment.nix +++ /dev/null @@ -1,1492 +0,0 @@ -{ config, lib, name, ... }: -with lib; -with types; -with lists; -let - ldapOptions = { - base = mkOption { description = "Base of the LDAP tree"; type = str; }; - host = mkOption { description = "Host to access LDAP"; type = str; }; - root_dn = mkOption { description = "DN of the root user"; type = str; }; - root_pw = mkOption { description = "Hashed password of the root user"; type = str; }; - replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; }; - replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; }; - }; - mkLdapOptions = name: more: mkOption { - description = "${name} LDAP configuration"; - type = submodule { - options = ldapOptions // { - dn = mkOption { description = "DN of the ${name} user"; type = str; }; - password = mkOption { description = "password of the ${name} user"; type = str; }; - filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; }; - } // more; - }; - }; - mysqlOptions = { - host = mkOption { description = "Host to access Mysql"; type = str; }; - remoteHost = mkOption { description = "Host to access Mysql from outside"; type = str; }; - port = mkOption { description = "Port to access Mysql"; type = str; }; - socket = mkOption { description = "Socket to access Mysql"; type = path; }; - systemUsers = mkOption { - description = "Attrs of user-passwords allowed to access mysql"; - type = attrsOf str; - }; - pam = mkOption { - description = "PAM configuration for mysql"; - type = submodule { - options = { - dn = mkOption { description = "DN to connect as to check users"; type = str; }; - password = mkOption { description = "DN password to connect as to check users"; type = str; }; - filter = mkOption { description = "filter to match users"; type = str; }; - }; - }; - }; - }; - mkMysqlOptions = name: more: mkOption { - description = "${name} mysql configuration"; - type = submodule { - options = mysqlOptions // { - database = mkOption { description = "${name} database"; type = str; }; - user = mkOption { description = "${name} user"; type = str; }; - password = mkOption { description = "mysql password of the ${name} user"; type = str; }; - } // more; - }; - }; - psqlOptions = { - host = mkOption { description = "Host to access Postgresql"; type = str; }; - port = mkOption { description = "Port to access Postgresql"; type = str; }; - socket = mkOption { description = "Socket to access Postgresql"; type = path; }; - pam = mkOption { - description = "PAM configuration for psql"; - type = submodule { - options = { - dn = mkOption { description = "DN to connect as to check users"; type = str; }; - password = mkOption { description = "DN password to connect as to check users"; type = str; }; - filter = mkOption { description = "filter to match users"; type = str; }; - }; - }; - }; - }; - mkPsqlOptions = name: mkOption { - description = "${name} psql configuration"; - type = submodule { - options = psqlOptions // { - database = mkOption { description = "${name} database"; type = str; }; - schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; }; - user = mkOption { description = "${name} user"; type = str; }; - password = mkOption { description = "psql password of the ${name} user"; type = str; }; - }; - }; - }; - redisOptions = { - host = mkOption { description = "Host to access Redis"; type = str; }; - port = mkOption { description = "Port to access Redis"; type = str; }; - socket = mkOption { description = "Socket to access Redis"; type = path; }; - dbs = mkOption { - description = "Attrs of db number. Each number should be unique to avoid collision!"; - type = attrsOf str; - }; - spiped_key = mkOption { - type = str; - description = '' - Key to use with spiped to make a secure channel to replication - ''; - }; - predixy = mkOption { - description = "Predixy configuration. Unused yet"; - type = submodule { - options = { - read = mkOption { type = str; description = "Read password"; }; - }; - }; - }; - }; - mkRedisOptions = name: mkOption { - description = "${name} redis configuration"; - type = submodule { - options = redisOptions // { - db = mkOption { description = "${name} database"; type = str; }; - }; - }; - }; - smtpOptions = { - host = mkOption { description = "Host to access SMTP"; type = str; }; - port = mkOption { description = "Port to access SMTP"; type = str; }; - }; - mkSmtpOptions = name: mkOption { - description = "${name} smtp configuration"; - type = submodule { - options = smtpOptions // { - email = mkOption { description = "${name} email"; type = str; }; - password = mkOption { description = "SMTP password of the ${name} user"; type = str; }; - }; - }; - }; - hostEnv = submodule { - options = { - fqdn = mkOption { - description = "Host FQDN"; - type = str; - }; - users = mkOption { - type = unspecified; - default = pkgs: []; - description = '' - Sublist of users from realUsers. Function that takes pkgs as - argument and gives an array as a result - ''; - }; - emails = mkOption { - default = []; - description = "List of e-mails that the server can be a sender of"; - type = listOf str; - }; - ldap = mkOption { - description = '' - LDAP credentials for the host - ''; - type = submodule { - options = { - password = mkOption { type = str; description = "Password for the LDAP connection"; }; - dn = mkOption { type = str; description = "DN for the LDAP connection"; }; - }; - }; - }; - mx = mkOption { - description = "subdomain and priority for MX server"; - default = { enable = false; }; - type = submodule { - options = { - enable = mkEnableOption "Enable MX"; - subdomain = mkOption { type = nullOr str; description = "Subdomain name (mx-*)"; }; - priority = mkOption { type = nullOr str; description = "Priority"; }; - }; - }; - }; - ips = mkOption { - description = '' - attrs of ip4/ip6 grouped by section - ''; - type = attrsOf (submodule { - options = { - ip4 = mkOption { - type = str; - description = '' - ip4 address of the host - ''; - }; - ip6 = mkOption { - type = listOf str; - default = []; - description = '' - ip6 addresses of the host - ''; - }; - }; - }); - }; - }; - }; -in -{ - options.myEnv = { - servers = mkOption { - description = '' - Attrs of servers information in the cluster (not necessarily handled by nixops) - ''; - default = {}; - type = attrsOf hostEnv; - }; - hetznerCloud = mkOption { - description = '' - Hetzner Cloud credential information - ''; - type = submodule { - options = { - authToken = mkOption { - type = str; - description = '' - The API auth token. - ''; - }; - }; - }; - }; - hetzner = mkOption { - description = '' - Hetzner credential information - ''; - type = submodule { - options = { - user = mkOption { type = str; description = "User"; }; - pass = mkOption { type = str; description = "Password"; }; - }; - }; - }; - sshd = mkOption { - description = '' - sshd service credential information - ''; - type = submodule { - options = { - rootKeys = mkOption { type = attrsOf str; description = "Keys of root users"; }; - ldap = mkOption { - description = '' - LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn - ''; - type = submodule { - options = { - password = mkOption { description = "Password"; type = str; }; - }; - }; - }; - }; - }; - }; - ports = mkOption { - description = '' - non-standard reserved ports. Must be unique! - ''; - type = attrsOf port; - default = {}; - apply = let - noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x)); - in - x: if isAttrs x && noDupl x then x else throw "Non unique values for ports"; - }; - httpd = mkOption { - description = '' - httpd service credential information - ''; - type = submodule { - options = { - ldap = mkOption { - description = '' - LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn - ''; - type = submodule { - options = { - password = mkOption { description = "Password"; type = str; }; - }; - }; - }; - }; - }; - }; - smtp = mkOption { - type = submodule { options = smtpOptions; }; - description = "SMTP configuration"; - }; - ldap = mkOption { - description = '' - LDAP server configuration - ''; - type = submodule { - options = ldapOptions; - }; - }; - databases = mkOption { - description = "Databases configuration"; - type = submodule { - options = { - mysql = mkOption { - type = submodule { options = mysqlOptions; }; - description = "Mysql configuration"; - }; - redis = mkOption { - type = submodule { options = redisOptions; }; - description = "Redis configuration"; - }; - postgresql = mkOption { - type = submodule { options = psqlOptions; }; - description = "Postgresql configuration"; - }; - }; - }; - }; - jabber = mkOption { - description = "Jabber configuration"; - type = submodule { - options = { - postfix_user_filter = mkOption { type = str; description = "Postfix filter to get xmpp users"; }; - ldap = mkLdapOptions "Jabber" {}; - postgresql = mkPsqlOptions "Jabber"; - }; - }; - }; - realUsers = mkOption { - description = '' - Attrset of function taking pkgs as argument. - Real users settings, should provide a subattr of users.users. - with at least: name, (hashed)Password, shell - ''; - type = attrsOf unspecified; - }; - users = mkOption { - description = "System and regular users uid/gid"; - type = attrsOf (submodule { - options = { - uid = mkOption { - description = "user uid"; - type = int; - }; - gid = mkOption { - description = "user gid"; - type = int; - }; - }; - }); - }; - dns = mkOption { - description = "DNS configuration"; - type = submodule { - options = { - soa = mkOption { - description = "SOA information"; - type = submodule { - options = { - serial = mkOption { - description = "Serial number. Should be incremented at each change and unique"; - type = str; - }; - refresh = mkOption { - description = "Refresh time"; - type = str; - }; - retry = mkOption { - description = "Retry time"; - type = str; - }; - expire = mkOption { - description = "Expire time"; - type = str; - }; - ttl = mkOption { - description = "Default TTL time"; - type = str; - }; - email = mkOption { - description = "hostmaster e-mail"; - type = str; - }; - primary = mkOption { - description = "Primary NS"; - type = str; - }; - }; - }; - }; - ns = mkOption { - description = "Attrs of NS servers group"; - example = { - foo = { - "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ]; - "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ]; - }; - }; - type = attrsOf (attrsOf (listOf str)); - }; - keys = mkOption { - default = {}; - description = "DNS keys"; - type = attrsOf (submodule { - options = { - algorithm = mkOption { type = str; description = "Algorithm"; }; - secret = mkOption { type = str; description = "Secret"; }; - }; - }); - }; - slaveZones = mkOption { - description = "List of slave zones"; - type = listOf (submodule { - options = { - name = mkOption { type = str; description = "zone name"; }; - masters = mkOption { - description = "NS master groups of this zone"; - type = listOf str; - }; - keys = mkOption { - default = []; - description = "Keys associated to the server"; - type = listOf str; - }; - }; - }); - }; - masterZones = mkOption { - description = "List of master zones"; - type = listOf (submodule { - options = { - name = mkOption { type = str; description = "zone name"; }; - withCAA = mkOption { type = nullOr str; description = "CAA entry"; default = null; }; - slaves = mkOption { - description = "NS slave groups of this zone"; - type = listOf str; - }; - ns = mkOption { - description = "groups names that should have their NS entries listed here"; - type = listOf str; - }; - extra = mkOption { - description = "Extra zone configuration for bind"; - example = '' - notify yes; - ''; - type = lines; - }; - entries = mkOption { type = lines; description = "Regular entries of the NS zone"; }; - withEmail = mkOption { - description = "List of domains that should have mail entries (MX, dkim, SPF, ...)"; - default = []; - type = listOf (submodule { - options = { - domain = mkOption { type = str; description = "Which subdomain is concerned"; }; - send = mkOption { type = bool; description = "Whether there can be e-mails originating from the subdomain"; }; - receive = mkOption { type = bool; description = "Whether there can be e-mails arriving to the subdomain"; }; - }; - }); - }; - }; - }); - }; - }; - }; - }; - backup = mkOption { - description = '' - Remote backup with duplicity - ''; - type = submodule { - options = { - password = mkOption { type = str; description = "Password for encrypting files"; }; - remotes = mkOption { - type = attrsOf (submodule { - options = { - remote = mkOption { - type = unspecified; - example = literalExample '' - bucket: "s3://some_host/${bucket}"; - ''; - description = '' - Function. - Takes a bucket name as argument and returns a url - ''; - }; - accessKeyId = mkOption { type = str; description = "Remote access-key"; }; - secretAccessKey = mkOption { type = str; description = "Remote access secret"; }; - }; - }); - }; - }; - }; - }; - zrepl_backup = mkOption { - type = submodule { - options = { - ssh_key = mkOption { - description = "SSH key information"; - type = submodule { - options = { - public = mkOption { type = str; description = "Public part of the key"; }; - private = mkOption { type = lines; description = "Private part of the key"; }; - }; - }; - }; - mysql = mkMysqlOptions "Zrepl" {}; - }; - }; - }; - rsync_backup = mkOption { - description ='' - Rsync backup configuration from controlled host - ''; - type = submodule { - options = { - ssh_key = mkOption { - description = "SSH key information"; - type = submodule { - options = { - public = mkOption { type = str; description = "Public part of the key"; }; - private = mkOption { type = lines; description = "Private part of the key"; }; - }; - }; - }; - profiles = mkOption { - description = "Attrs of profiles to backup"; - type = attrsOf (submodule { - options = { - keep = mkOption { type = int; description = "Number of backups to keep"; }; - check_command = mkOption { type = str; description = "command to check if backup needs to be done"; default = "backup"; }; - login = mkOption { type = str; description = "Login to connect to host"; }; - port = mkOption { type = str; default = "22"; description = "Port to connect to host"; }; - host = mkOption { type = str; description = "Host to connect to"; }; - host_key = mkOption { type = str; description = "Host key"; }; - host_key_type = mkOption { type = str; description = "Host key type"; }; - parts = mkOption { - description = "Parts to backup for this host"; - type = attrsOf (submodule { - options = { - remote_folder = mkOption { type = path; description = "Remote folder to backup";}; - exclude_from = mkOption { - type = listOf path; - default = []; - description = "List of folders/files to exclude from the backup"; - }; - files_from = mkOption { - type = listOf path; - default = []; - description = "List of folders/files to backup in the base folder"; - }; - args = mkOption { - type = nullOr str; - default = null; - description = "Extra arguments to pass to rsync"; - }; - }; - }); - }; - }; - }); - }; - }; - }; - }; - monitoring = mkOption { - description = "Monitoring configuration"; - type = submodule { - options = { - status_url = mkOption { type = str; description = "URL to push status to"; }; - status_token = mkOption { type = str; description = "Token for the status url"; }; - http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; }; - email = mkOption { type = str; description = "Admin E-mail"; }; - ssh_public_key = mkOption { type = str; description = "SSH public key"; }; - ssh_secret_key = mkOption { type = str; description = "SSH secret key"; }; - imap_login = mkOption { type = str; description = "IMAP login"; }; - imap_password = mkOption { type = str; description = "IMAP password"; }; - eriomem_keys = mkOption { type = listOf (listOf str); description = "Eriomem keys"; default = []; }; - ovh_sms = mkOption { - description = "OVH credentials for sms script"; - type = submodule { - options = { - endpoint = mkOption { type = str; default = "ovh-eu"; description = "OVH endpoint"; }; - application_key = mkOption { type = str; description = "Application key"; }; - application_secret = mkOption { type = str; description = "Application secret"; }; - consumer_key = mkOption { type = str; description = "Consumer key"; }; - account = mkOption { type = str; description = "Account"; }; - }; - }; - }; - eban = mkOption { - description = "Eban credentials for webhook"; - type = submodule { - options = { - user = mkOption { type = str; description = "User"; }; - password = mkOption { type = str; description = "Password"; }; - }; - }; - }; - nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; }; - slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; }; - slack_channel = mkOption { type = str; description = "Slack channel to push status update"; }; - netdata_aggregator = mkOption { type = str; description = "Url where netdata information should be sent"; }; - netdata_keys = mkOption { type = attrsOf str; description = "netdata host keys"; }; - contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; }; - email_check = mkOption { - description = "Emails services to check"; - type = attrsOf (submodule { - options = { - local = mkOption { type = bool; default = false; description = "Use local configuration"; }; - port = mkOption { type = nullOr str; default = null; description = "Port to connect to ssh"; }; - login = mkOption { type = nullOr str; default = null; description = "Login to connect to ssh"; }; - targets = mkOption { type = listOf str; description = "Hosts to send E-mails to"; }; - mail_address = mkOption { type = nullOr str; default = null; description = "E-mail recipient part to send e-mail to"; }; - mail_domain = mkOption { type = nullOr str; default = null; description = "E-mail domain part to send e-mail to"; }; - }; - }); - }; - }; - }; - }; - mpd = mkOption { - description = "MPD configuration"; - type = submodule { - options = { - folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; }; - password = mkOption { type = str; description = "Password to connect to the MPD instance"; }; - host = mkOption { type = str; description = "Host to connect to the MPD instance"; }; - port = mkOption { type = str; description = "Port to connect to the MPD instance"; }; - }; - }; - }; - ftp = mkOption { - description = "FTP configuration"; - type = submodule { - options = { - ldap = mkLdapOptions "FTP" { - proftpd_filter = mkOption { type = str; description = "Filter for proftpd listing in LDAP"; }; - pure-ftpd_filter = mkOption { type = str; description = "Filter for pure-ftpd listing in LDAP"; }; - }; - }; - }; - }; - vpn = mkOption { - description = "VPN configuration"; - type = attrsOf (submodule { - options = { - prefix = mkOption { type = str; description = "ipv6 prefix for the vpn subnet"; }; - privateKey = mkOption { type = str; description = "Private key for the host"; }; - publicKey = mkOption { type = str; description = "Public key for the host"; }; - }; - }); - }; - mail = mkOption { - description = "Mail configuration"; - type = submodule { - options = { - dmarc = mkOption { - description = "DMARC configuration"; - type = submodule { - options = { - ignore_hosts = mkOption { - type = lines; - description = '' - Hosts to ignore when checking for dmarc - ''; - }; - }; - }; - }; - dkim = mkOption { - description = "DKIM configuration"; - type = attrsOf (submodule { - options = { - public = mkOption { - type = str; - example = '' - ( "v=DKIM1; k=rsa; " - "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB" ) - ''; - description = "Public entry to put in DNS TXT field"; - }; - private = mkOption { type = str; description = "Private key"; }; - }; - }); - }; - postfix = mkOption { - description = "Postfix configuration"; - type = submodule { - options = { - additional_mailbox_domains = mkOption { - description = '' - List of domains that are used as mailbox final destination, in addition to those defined in the DNS records - ''; - type = listOf str; - }; - mysql = mkMysqlOptions "Postfix" { - password_encrypt = mkOption { type = str; description = "Key to encrypt relay password in database"; }; - }; - backup_domains = mkOption { - description = '' - Domains that are accepted for relay as backup domain - ''; - type = attrsOf (submodule { - options = { - domains = mkOption { type = listOf str; description = "Domains list"; }; - relay_restrictions = mkOption { - type = lines; - description = '' - Restrictions for relaying the e-mails from the domains - ''; - }; - recipient_maps = mkOption { - description = '' - Recipient map to accept relay for. - Must be specified for domain, the rules apply to everyone! - ''; - type = listOf (submodule { - options = { - type = mkOption { - type = enum [ "hash" ]; - description = "Map type"; - }; - content = mkOption { - type = str; - description = "Map content"; - }; - }; - }); - }; - }; - }); - }; - }; - }; - }; - dovecot = mkOption { - description = "Dovecot configuration"; - type = submodule { - options = { - ldap = mkLdapOptions "Dovecot" { - pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; }; - user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; }; - iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; }; - iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; }; - postfix_mailbox_filter = mkOption { type = str; description = "Postfix filter to get mailboxes"; }; - }; - }; - }; - }; - rspamd = mkOption { - description = "rspamd configuration"; - type = submodule { - options = { - redis = mkRedisOptions "Redis"; - read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; }; - write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; }; - read_password = mkOption { - type = str; - description = "Read password for rspamd. Unused"; - apply = x: ""; - }; - write_password = mkOption { - type = str; - description = "Write password for rspamd. Unused"; - apply = x: ""; - }; - }; - }; - }; - scripts = mkOption { - description = "Mail script recipients"; - type = attrsOf (submodule { - options = { - external = mkEnableOption "Create a script_@mail.immae.eu external address"; - src = mkOption { - description = '' - git source to fetch the script from. - It must have a default.nix file as its root accepting a scriptEnv parameter - ''; - type = submodule { - options = { - url = mkOption { type = str; description = "git url to fetch"; }; - rev = mkOption { type = str; description = "git reference to fetch"; }; - }; - }; - }; - env = mkOption { - description = "Variables to pass to the script"; - type = unspecified; - }; - }; - }); - }; - sympa = mkOption { - description = "Sympa configuration"; - type = submodule { - options = { - listmasters = mkOption { - type = listOf str; - description = "Listmasters"; - }; - postgresql = mkPsqlOptions "Sympa"; - data_sources = mkOption { - type = attrsOf str; - default = {}; - description = "Data sources to make available to sympa"; - }; - scenari = mkOption { - type = attrsOf str; - default = {}; - description = "Scenari to make available to sympa"; - }; - }; - }; - }; - }; - }; - }; - buildbot = mkOption { - description = "Buildbot configuration"; - type = submodule { - options = { - ssh_key = mkOption { - description = "SSH key information"; - type = submodule { - options = { - public = mkOption { type = str; description = "Public part of the key"; }; - private = mkOption { type = lines; description = "Private part of the key"; }; - }; - }; - }; - workerPassword = mkOption { description = "Buildbot worker password"; type = str; }; - user = mkOption { - description = "Buildbot user"; - type = submodule { - options = { - uid = mkOption { - description = "user uid"; - type = int; - }; - gid = mkOption { - description = "user gid"; - type = int; - }; - }; - }; - }; - ldap = mkOption { - description = "Ldap configuration for buildbot"; - type = submodule { - options = { - password = mkOption { type = str; description = "Buildbot password"; }; - }; - }; - }; - projects = mkOption { - description = "Projects to make a buildbot for"; - type = attrsOf (submodule { - options = { - name = mkOption { type = str; description = "Project name"; }; - packages = mkOption { - type = unspecified; - example = literalExample '' - pkgs: [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ]; - ''; - description = '' - Function. - Builds packages list to make available to buildbot project. - Takes pkgs as argument. - ''; - }; - pythonPackages = mkOption { - type = unspecified; - example = literalExample '' - p: pkgs: [ pkgs.python3Packages.pip ]; - ''; - description = '' - Function. - Builds python packages list to make available to buildbot project. - Takes buildbot python module as first argument and pkgs as second argument in order to augment the python modules list. - ''; - }; - pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; }; - workerPort = mkOption { type = port; description = "Port for the worker"; }; - secrets = mkOption { - type = attrsOf str; - description = "Secrets for the project to dump as files"; - }; - environment = mkOption { - type = attrsOf str; - description = '' - Environment variables for the project. - BUILDBOT_ is prefixed to the variable names - ''; - }; - activationScript = mkOption { - type = lines; - description = '' - Activation script to run during deployment - ''; - }; - builderPaths = mkOption { - type = attrsOf unspecified; - default = {}; - description = '' - Attrs of functions to make accessible specifically per builder. - Takes pkgs as argument and should return a single path containing binaries. - This path will be accessible as BUILDBOT_PATH_ - ''; - }; - webhookTokens = mkOption { - type = nullOr (listOf str); - default = null; - description = '' - List of tokens allowed to push to project’s change_hook/base endpoint - ''; - }; - }; - }); - }; - }; - }; - }; - tools = mkOption { - description = "Tools configurations"; - type = submodule { - options = { - contact = mkOption { type = str; description = "Contact e-mail address"; }; - assets = mkOption { - default = {}; - type = attrsOf (submodule { - options = { - url = mkOption { type = str; description = "URL to fetch"; }; - sha256 = mkOption { type = str; description = "Hash of the url"; }; - }; - }); - description = "Assets to provide on assets.immae.eu"; - }; - davical = mkOption { - description = "Davical configuration"; - type = submodule { - options = { - postgresql = mkPsqlOptions "Davical"; - ldap = mkLdapOptions "Davical" {}; - }; - }; - }; - diaspora = mkOption { - description = "Diaspora configuration"; - type = submodule { - options = { - postgresql = mkPsqlOptions "Diaspora"; - redis = mkRedisOptions "Diaspora"; - ldap = mkLdapOptions "Diaspora" {}; - secret_token = mkOption { type = str; description = "Secret token"; }; - }; - }; - }; - dmarc_reports = mkOption { - description = "DMARC reports configuration"; - type = submodule { - options = { - mysql = mkMysqlOptions "DMARC" {}; - anonymous_key = mkOption { type = str; description = "Anonymous hashing key"; }; - }; - }; - }; - etherpad-lite = mkOption { - description = "Etherpad configuration"; - type = submodule { - options = { - postgresql = mkPsqlOptions "Etherpad"; - ldap = mkLdapOptions "Etherpad" { - group_filter = mkOption { type = str; description = "Filter for groups"; }; - }; - adminPassword = mkOption { type = str; description = "Admin password for mypads / admin"; }; - session_key = mkOption { type = str; description = "Session key"; }; - api_key = mkOption { type = str; description = "API key"; }; - redirects = mkOption { type = str; description = "Redirects for apache"; }; - }; - }; - }; - gitolite = mkOption { - description = "Gitolite configuration"; - type = submodule { - options = { - ldap = mkLdapOptions "Gitolite" {}; - ssh_key = mkOption { - description = "SSH key information"; - type = submodule { - options = { - public = mkOption { type = str; description = "Public part of the key"; }; - private = mkOption { type = lines; description = "Private part of the key"; }; - }; - }; - }; - }; - }; - }; - kanboard = mkOption { - description = "Kanboard configuration"; - type = submodule { - options = { - postgresql = mkPsqlOptions "Kanboard"; - ldap = mkLdapOptions "Kanboard" { - admin_dn = mkOption { type = str; description = "Admin DN"; }; - }; - }; - }; - }; - mantisbt = mkOption { - description = "Mantisbt configuration"; - type = submodule { - options = { - postgresql = mkPsqlOptions "Mantisbt"; - ldap = mkLdapOptions "Mantisbt" {}; - master_salt = mkOption { type = str; description = "Master salt for password hash"; }; - }; - }; - }; - mastodon = mkOption { - description = "Mastodon configuration"; - type = submodule { - options = { - postgresql = mkPsqlOptions "Mastodon"; - redis = mkRedisOptions "Mastodon"; - ldap = mkLdapOptions "Mastodon" {}; - paperclip_secret = mkOption { type = str; description = "Paperclip secret"; }; - otp_secret = mkOption { type = str; description = "OTP secret"; }; - secret_key_base = mkOption { type = str; description = "Secret key base"; }; - vapid = mkOption { - description = "vapid key"; - type = submodule { - options = { - private = mkOption { type = str; description = "Private key"; }; - public = mkOption { type = str; description = "Public key"; }; - }; - }; - }; - }; - }; - }; - mediagoblin = mkOption { - description = "Mediagoblin configuration"; - type = submodule { - options = { - postgresql = mkPsqlOptions "Mediagoblin"; - redis = mkRedisOptions "Mediagoblin"; - ldap = mkLdapOptions "Mediagoblin" {}; - }; - }; - }; - nextcloud = mkOption { - description = "Nextcloud configuration"; - type = submodule { - options = { - postgresql = mkPsqlOptions "Peertube"; - redis = mkRedisOptions "Peertube"; - password_salt = mkOption { type = str; description = "Password salt"; }; - instance_id = mkOption { type = str; description = "Instance ID"; }; - secret = mkOption { type = str; description = "App secret"; }; - }; - }; - }; - peertube = mkOption { - description = "Peertube configuration"; - type = submodule { - options = { - listenPort = mkOption { type = port; description = "Port to listen to"; }; - postgresql = mkPsqlOptions "Peertube"; - redis = mkRedisOptions "Peertube"; - ldap = mkLdapOptions "Peertube" {}; - }; - }; - }; - syden_peertube = mkOption { - description = "Peertube Syden configuration"; - type = submodule { - options = { - listenPort = mkOption { type = port; description = "Port to listen to"; }; - postgresql = mkPsqlOptions "Peertube"; - redis = mkRedisOptions "Peertube"; - }; - }; - }; - phpldapadmin = mkOption { - description = "phpLdapAdmin configuration"; - type = submodule { - options = { - ldap = mkLdapOptions "phpldapadmin" {}; - }; - }; - }; - rompr = mkOption { - description = "Rompr configuration"; - type = submodule { - options = { - mpd = mkOption { - description = "MPD configuration"; - type = submodule { - options = { - host = mkOption { type = str; description = "Host for MPD"; }; - port = mkOption { type = port; description = "Port to access MPD host"; }; - }; - }; - }; - }; - }; - }; - roundcubemail = mkOption { - description = "Roundcubemail configuration"; - type = submodule { - options = { - postgresql = mkPsqlOptions "TT-RSS"; - secret = mkOption { type = str; description = "Secret"; }; - }; - }; - }; - shaarli = mkOption { - description = "Shaarli configuration"; - type = submodule { - options = { - ldap = mkLdapOptions "Shaarli" {}; - }; - }; - }; - status_engine = mkOption { - description = "Status Engine configuration"; - type = submodule { - options = { - mysql = mkMysqlOptions "StatusEngine" {}; - ldap = mkLdapOptions "StatusEngine" {}; - }; - }; - }; - task = mkOption { - description = "Taskwarrior configuration"; - type = submodule { - options = { - ldap = mkLdapOptions "Taskwarrior" {}; - taskwarrior-web = mkOption { - description = "taskwarrior-web profiles"; - type = attrsOf (submodule { - options = { - uid = mkOption { - type = listOf str; - description = "List of ldap uids having access to this profile"; - }; - org = mkOption { type = str; description = "Taskd organisation"; }; - key = mkOption { type = str; description = "Taskd key"; }; - date = mkOption { type = str; description = "Preferred date format"; }; - }; - }); - }; - }; - }; - }; - ttrss = mkOption { - description = "TT-RSS configuration"; - type = submodule { - options = { - postgresql = mkPsqlOptions "TT-RSS"; - ldap = mkLdapOptions "TT-RSS" {}; - }; - }; - }; - wallabag = mkOption { - description = "Wallabag configuration"; - type = submodule { - options = { - postgresql = mkPsqlOptions "Wallabag"; - ldap = mkLdapOptions "Wallabag" { - admin_filter = mkOption { type = str; description = "Admin users filter"; }; - }; - redis = mkRedisOptions "Wallabag"; - secret = mkOption { type = str; description = "App secret"; }; - }; - }; - }; - webhooks = mkOption { - type = attrsOf str; - description = "Mapping 'name'.php => script for webhooks"; - }; - csp_reports = mkOption { - description = "CSP report configuration"; - type = submodule { - options = { - report_uri = mkOption { type = str; description = "URI to report CSP violations to"; }; - policies = mkOption { type = attrsOf str; description = "CSP policies to apply"; }; - postgresql = mkPsqlOptions "CSP reports"; - }; - }; - }; - commento = mkOption { - description = "Commento configuration"; - type = submodule { - options = { - listenPort = mkOption { type = port; description = "Port to listen to"; }; - postgresql = mkPsqlOptions "Commento"; - smtp = mkSmtpOptions "Commento"; - }; - }; - }; - cryptpad = mkOption { - description = "Cryptpad configuration"; - type = attrsOf (submodule { - options = { - email = mkOption { type = str; description = "Admin e-mail"; }; - admins = mkOption { type = listOf str; description = "Instance admin public keys"; }; - port = mkOption { type = port; description = "Port to listen to"; }; - }; - }); - }; - ympd = mkOption { - description = "Ympd configuration"; - type = submodule { - options = { - listenPort = mkOption { type = port; description = "Port to listen to"; }; - mpd = mkOption { - description = "MPD configuration"; - type = submodule { - options = { - password = mkOption { type = str; description = "Password to access MPD host"; }; - host = mkOption { type = str; description = "Host for MPD"; }; - port = mkOption { type = port; description = "Port to access MPD host"; }; - }; - }; - }; - }; - }; - }; - umami = mkOption { - description = "Umami configuration"; - type = submodule { - options = { - listenPort = mkOption { type = port; description = "Port to listen to"; }; - postgresql = mkPsqlOptions "Umami"; - hashSalt = mkOption { type = str; description = "Hash salt"; }; - }; - }; - }; - yourls = mkOption { - description = "Yourls configuration"; - type = submodule { - options = { - mysql = mkMysqlOptions "Yourls" {}; - ldap = mkLdapOptions "Yourls" {}; - cookieKey = mkOption { type = str; description = "Cookie key"; }; - }; - }; - }; - }; - }; - }; - serverSpecific = mkOption { type = attrsOf unspecified; description = "Server specific configuration"; }; - websites = mkOption { - description = "Websites configurations"; - type = submodule { - options = { - immae = mkOption { - description = "Immae configuration by environment"; - type = submodule { - options = { - temp = mkOption { - description = "Temp configuration"; - type = submodule { - options = { - ldap = mkLdapOptions "Immae temp" { - filter = mkOption { type = str; description = "Filter for user access"; }; - }; - }; - }; - }; - }; - }; - }; - isabelle = mkOption { - description = "Isabelle configurations by environment"; - type = - let - atenSubmodule = mkOption { - description = "environment configuration"; - type = submodule { - options = { - environment = mkOption { type = str; description = "Symfony environment"; }; - secret = mkOption { type = str; description = "Symfony App secret"; }; - postgresql = mkPsqlOptions "Aten"; - }; - }; - }; - in - submodule { - options = { - aten_production = atenSubmodule; - aten_integration = atenSubmodule; - iridologie = mkOption { - description = "environment configuration"; - type = submodule { - options = { - environment = mkOption { type = str; description = "SPIP environment"; }; - mysql = mkMysqlOptions "Iridologie" {}; - ldap = mkLdapOptions "Iridologie" {}; - }; - }; - }; - }; - }; - }; - chloe = mkOption { - description = "Chloe configurations by environment"; - type = - let - chloeSubmodule = mkOption { - description = "environment configuration"; - type = submodule { - options = { - environment = mkOption { type = str; description = "SPIP environment"; }; - mysql = mkMysqlOptions "Chloe" {}; - ldap = mkLdapOptions "Chloe" {}; - }; - }; - }; - in - submodule { - options = { - production = chloeSubmodule; - integration = chloeSubmodule; - }; - }; - }; - connexionswing = mkOption { - description = "Connexionswing configurations by environment"; - type = - let - csSubmodule = mkOption { - description = "environment configuration"; - type = submodule { - options = { - environment = mkOption { type = str; description = "Symfony environment"; }; - mysql = mkMysqlOptions "Connexionswing" {}; - secret = mkOption { type = str; description = "Symfony App secret"; }; - email = mkOption { type = str; description = "Symfony email notification"; }; - }; - }; - }; - in - submodule { - options = { - production = csSubmodule; - integration = csSubmodule; - }; - }; - }; - jerome = mkOption { - description = "Naturaloutil configuration"; - type = submodule { - options = { - mysql = mkMysqlOptions "Naturaloutil" {}; - server_admin = mkOption { type = str; description = "Server admin e-mail"; }; - }; - }; - }; - telio_tortay = mkOption { - description = "Telio Tortay configuration"; - type = submodule { - options = { - server_admin = mkOption { type = str; description = "Server admin e-mail"; }; - }; - }; - }; - ludivine = mkOption { - description = "Ludivinecassal configurations by environment"; - type = - let - lcSubmodule = mkOption { - description = "environment configuration"; - type = submodule { - options = { - environment = mkOption { type = str; description = "Symfony environment"; }; - mysql = mkMysqlOptions "LudivineCassal" {}; - ldap = mkLdapOptions "LudivineCassal" {}; - secret = mkOption { type = str; description = "Symfony App secret"; }; - }; - }; - }; - in - submodule { - options = { - production = lcSubmodule; - integration = lcSubmodule; - }; - }; - }; - emilia = mkOption { - description = "Emilia configuration"; - type = submodule { - options = { - postgresql = mkPsqlOptions "Emilia"; - }; - }; - }; - florian = mkOption { - description = "Florian configuration"; - type = submodule { - options = { - server_admin = mkOption { type = str; description = "Server admin e-mail"; }; - }; - }; - }; - nassime = mkOption { - description = "Nassime configuration"; - type = submodule { - options = { - server_admin = mkOption { type = str; description = "Server admin e-mail"; }; - }; - }; - }; - piedsjaloux = mkOption { - description = "Piedsjaloux configurations by environment"; - type = - let - pjSubmodule = mkOption { - description = "environment configuration"; - type = submodule { - options = { - environment = mkOption { type = str; description = "Symfony environment"; }; - mysql = mkMysqlOptions "Piedsjaloux" {}; - secret = mkOption { type = str; description = "Symfony App secret"; }; - }; - }; - }; - in - submodule { - options = { - production = pjSubmodule; - integration = pjSubmodule; - }; - }; - }; - richie = mkOption { - description = "Europe Richie configurations by environment"; - type = submodule { - options = { - mysql = mkMysqlOptions "Richie" {}; - smtp_mailer = mkOption { - description = "SMTP mailer configuration"; - type = submodule { - options = { - user = mkOption { type = str; description = "Username"; }; - password = mkOption { type = str; description = "Password"; }; - }; - }; - }; - }; - }; - }; - caldance = mkOption { - description = "Caldance configurations by environment"; - type = submodule { - options = { - integration = mkOption { - description = "environment configuration"; - type = submodule { - options = { - password = mkOption { type = str; description = "Password file content for basic auth"; }; - }; - }; - }; - }; - }; - }; - tellesflorian = mkOption { - description = "Tellesflorian configurations by environment"; - type = - let - tfSubmodule = mkOption { - description = "environment configuration"; - type = submodule { - options = { - environment = mkOption { type = str; description = "Symfony environment"; }; - mysql = mkMysqlOptions "Tellesflorian" {}; - secret = mkOption { type = str; description = "Symfony App secret"; }; - invite_passwords = mkOption { type = str; description = "Password basic auth"; }; - }; - }; - }; - in - submodule { - options = { - integration = tfSubmodule; - }; - }; - }; - }; - }; - }; - }; - options.hostEnv = mkOption { - readOnly = true; - type = hostEnv; - default = config.myEnv.servers."${name}"; - description = "Host environment"; - }; -}