X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=modules%2Fprivate%2Fenvironment.nix;h=a8799d26e492ef821edd7aae8d194b1bcf94b82f;hp=c4c32c8e34a32d6392ac920eb8e80f10baa0fb1d;hb=e43fdf341072e4a0150324196fc7af8f383860ec;hpb=ef0a9217fba817d7fb71ccd4cca65919dd89ebec diff --git a/modules/private/environment.nix b/modules/private/environment.nix index c4c32c8..a8799d2 100644 --- a/modules/private/environment.nix +++ b/modules/private/environment.nix @@ -108,12 +108,33 @@ let }; }; }; + smtpOptions = { + host = mkOption { description = "Host to access SMTP"; type = str; }; + port = mkOption { description = "Port to access SMTP"; type = str; }; + }; + mkSmtpOptions = name: mkOption { + description = "${name} smtp configuration"; + type = submodule { + options = smtpOptions // { + email = mkOption { description = "${name} email"; type = str; }; + password = mkOption { description = "SMTP password of the ${name} user"; type = str; }; + }; + }; + }; hostEnv = submodule { options = { fqdn = mkOption { description = "Host FQDN"; type = str; }; + users = mkOption { + type = unspecified; + default = pkgs: []; + description = '' + Sublist of users from realUsers. Function that takes pkgs as + argument and gives an array as a result + ''; + }; emails = mkOption { default = []; description = "List of e-mails that the server can be a sender of"; @@ -125,8 +146,8 @@ let ''; type = submodule { options = { - password = mkOption { type = string; description = "Password for the LDAP connection"; }; - dn = mkOption { type = string; description = "DN for the LDAP connection"; }; + password = mkOption { type = str; description = "Password for the LDAP connection"; }; + dn = mkOption { type = str; description = "DN for the LDAP connection"; }; }; }; }; @@ -148,13 +169,13 @@ let type = attrsOf (submodule { options = { ip4 = mkOption { - type = string; + type = str; description = '' ip4 address of the host ''; }; ip6 = mkOption { - type = listOf string; + type = listOf str; default = []; description = '' ip6 addresses of the host @@ -250,6 +271,10 @@ in }; }; }; + smtp = mkOption { + type = submodule { options = smtpOptions; }; + description = "SMTP configuration"; + }; ldap = mkOption { description = '' LDAP server configuration @@ -287,6 +312,14 @@ in }; }; }; + realUsers = mkOption { + description = '' + Attrset of function taking pkgs as argument. + Real users settings, should provide a subattr of users.users. + with at least: name, (hashed)Password, shell + ''; + type = attrsOf unspecified; + }; users = mkOption { description = "System and regular users uid/gid"; type = attrsOf (submodule { @@ -408,9 +441,40 @@ in type = submodule { options = { password = mkOption { type = str; description = "Password for encrypting files"; }; - remote = mkOption { type = str; description = "Remote url access"; }; - accessKeyId = mkOption { type = str; description = "Remote access-key"; }; - secretAccessKey = mkOption { type = str; description = "Remote access secret"; }; + remotes = mkOption { + type = attrsOf (submodule { + options = { + remote = mkOption { + type = unspecified; + example = literalExample '' + bucket: "s3://some_host/${bucket}"; + ''; + description = '' + Function. + Takes a bucket name as argument and returns a url + ''; + }; + accessKeyId = mkOption { type = str; description = "Remote access-key"; }; + secretAccessKey = mkOption { type = str; description = "Remote access secret"; }; + }; + }); + }; + }; + }; + }; + zrepl_backup = mkOption { + type = submodule { + options = { + ssh_key = mkOption { + description = "SSH key information"; + type = submodule { + options = { + public = mkOption { type = str; description = "Public part of the key"; }; + private = mkOption { type = lines; description = "Private part of the key"; }; + }; + }; + }; + mysql = mkMysqlOptions "Zrepl" {}; }; }; }; @@ -434,6 +498,7 @@ in type = attrsOf (submodule { options = { keep = mkOption { type = int; description = "Number of backups to keep"; }; + check_command = mkOption { type = str; description = "command to check if backup needs to be done"; default = "backup"; }; login = mkOption { type = str; description = "Login to connect to host"; }; port = mkOption { type = str; default = "22"; description = "Port to connect to host"; }; host = mkOption { type = str; description = "Host to connect to"; }; @@ -481,9 +546,23 @@ in imap_login = mkOption { type = str; description = "IMAP login"; }; imap_password = mkOption { type = str; description = "IMAP password"; }; eriomem_keys = mkOption { type = listOf (listOf str); description = "Eriomem keys"; default = []; }; + ovh_sms = mkOption { + description = "OVH credentials for sms script"; + type = submodule { + options = { + endpoint = mkOption { type = str; default = "ovh-eu"; description = "OVH endpoint"; }; + application_key = mkOption { type = str; description = "Application key"; }; + application_secret = mkOption { type = str; description = "Application secret"; }; + consumer_key = mkOption { type = str; description = "Consumer key"; }; + account = mkOption { type = str; description = "Account"; }; + }; + }; + }; nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; }; slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; }; slack_channel = mkOption { type = str; description = "Slack channel to push status update"; }; + netdata_aggregator = mkOption { type = str; description = "Url where netdata information should be sent"; }; + netdata_keys = mkOption { type = attrsOf str; description = "netdata host keys"; }; contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; }; email_check = mkOption { description = "Emails services to check"; @@ -520,6 +599,16 @@ in }; }; }; + vpn = mkOption { + description = "VPN configuration"; + type = attrsOf (submodule { + options = { + prefix = mkOption { type = str; description = "ipv6 prefix for the vpn subnet"; }; + privateKey = mkOption { type = str; description = "Private key for the host"; }; + publicKey = mkOption { type = str; description = "Public key for the host"; }; + }; + }); + }; mail = mkOption { description = "Mail configuration"; type = submodule { @@ -612,6 +701,7 @@ in user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; }; iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; }; iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; }; + postfix_mailbox_filter = mkOption { type = str; description = "Postfix filter to get mailboxes"; }; }; }; }; @@ -660,6 +750,28 @@ in }; }); }; + sympa = mkOption { + description = "Sympa configuration"; + type = submodule { + options = { + listmasters = mkOption { + type = listOf str; + description = "Listmasters"; + }; + postgresql = mkPsqlOptions "Sympa"; + data_sources = mkOption { + type = attrsOf str; + default = {}; + description = "Data sources to make available to sympa"; + }; + scenari = mkOption { + type = attrsOf str; + default = {}; + description = "Scenari to make available to sympa"; + }; + }; + }; + }; }; }; }; @@ -761,6 +873,17 @@ in description = "Tools configurations"; type = submodule { options = { + contact = mkOption { type = str; description = "Contact e-mail address"; }; + assets = mkOption { + default = {}; + type = attrsOf (submodule { + options = { + url = mkOption { type = str; description = "URL to fetch"; }; + sha256 = mkOption { type = str; description = "Hash of the url"; }; + }; + }); + description = "Assets to provide on assets.immae.eu"; + }; davical = mkOption { description = "Davical configuration"; type = submodule { @@ -781,6 +904,15 @@ in }; }; }; + dmarc_reports = mkOption { + description = "DMARC reports configuration"; + type = submodule { + options = { + mysql = mkMysqlOptions "DMARC" {}; + anonymous_key = mkOption { type = str; description = "Anonymous hashing key"; }; + }; + }; + }; etherpad-lite = mkOption { description = "Etherpad configuration"; type = submodule { @@ -789,6 +921,7 @@ in ldap = mkLdapOptions "Etherpad" { group_filter = mkOption { type = str; description = "Filter for groups"; }; }; + adminPassword = mkOption { type = str; description = "Admin password for mypads / admin"; }; session_key = mkOption { type = str; description = "Session key"; }; api_key = mkOption { type = str; description = "API key"; }; redirects = mkOption { type = str; description = "Redirects for apache"; }; @@ -879,6 +1012,16 @@ in }; }; }; + syden_peertube = mkOption { + description = "Peertube Syden configuration"; + type = submodule { + options = { + listenPort = mkOption { type = port; description = "Port to listen to"; }; + postgresql = mkPsqlOptions "Peertube"; + redis = mkRedisOptions "Peertube"; + }; + }; + }; phpldapadmin = mkOption { description = "phpLdapAdmin configuration"; type = submodule { @@ -920,6 +1063,15 @@ in }; }; }; + status_engine = mkOption { + description = "Status Engine configuration"; + type = submodule { + options = { + mysql = mkMysqlOptions "StatusEngine" {}; + ldap = mkLdapOptions "StatusEngine" {}; + }; + }; + }; task = mkOption { description = "Taskwarrior configuration"; type = submodule { @@ -964,6 +1116,30 @@ in }; }; }; + webhooks = mkOption { + type = attrsOf str; + description = "Mapping 'name'.php => script for webhooks"; + }; + csp_reports = mkOption { + description = "CSP report configuration"; + type = submodule { + options = { + report_uri = mkOption { type = str; description = "URI to report CSP violations to"; }; + policies = mkOption { type = attrsOf str; description = "CSP policies to apply"; }; + postgresql = mkPsqlOptions "CSP reports"; + }; + }; + }; + commento = mkOption { + description = "Commento configuration"; + type = submodule { + options = { + listenPort = mkOption { type = port; description = "Port to listen to"; }; + postgresql = mkPsqlOptions "Commento"; + smtp = mkSmtpOptions "Commento"; + }; + }; + }; ympd = mkOption { description = "Ympd configuration"; type = submodule { @@ -999,6 +1175,23 @@ in description = "Websites configurations"; type = submodule { options = { + immae = mkOption { + description = "Immae configuration by environment"; + type = submodule { + options = { + temp = mkOption { + description = "Temp configuration"; + type = submodule { + options = { + ldap = mkLdapOptions "Immae temp" { + filter = mkOption { type = str; description = "Filter for user access"; }; + }; + }; + }; + }; + }; + }; + }; isabelle = mkOption { description = "Isabelle configurations by environment"; type = @@ -1085,7 +1278,7 @@ in }; }; }; - telioTortay = mkOption { + telio_tortay = mkOption { description = "Telio Tortay configuration"; type = submodule { options = { @@ -1093,7 +1286,7 @@ in }; }; }; - ludivinecassal = mkOption { + ludivine = mkOption { description = "Ludivinecassal configurations by environment"; type = let @@ -1179,6 +1372,21 @@ in }; }; }; + caldance = mkOption { + description = "Caldance configurations by environment"; + type = submodule { + options = { + integration = mkOption { + description = "environment configuration"; + type = submodule { + options = { + password = mkOption { type = str; description = "Password file content for basic auth"; }; + }; + }; + }; + }; + }; + }; tellesflorian = mkOption { description = "Tellesflorian configurations by environment"; type =