X-Git-Url: https://git.immae.eu/?p=perso%2FImmae%2FConfig%2FNix.git;a=blobdiff_plain;f=modules%2Fprivate%2Fenvironment.nix;h=e79feec573e2273e3471cc3d2f0b362f397173ae;hp=15e8f5489f56729d4f00d471cb49c04ed8746f32;hb=75489e72e379af8aeac64bc4967717d9ae776ff0;hpb=829ef7f1cb79f0171f9c5254278d93c48c44a7b5 diff --git a/modules/private/environment.nix b/modules/private/environment.nix index 15e8f54..e79feec 100644 --- a/modules/private/environment.nix +++ b/modules/private/environment.nix @@ -1,4 +1,4 @@ -{ lib, ... }: +{ config, lib, name, ... }: with lib; with types; with lists; @@ -23,6 +23,7 @@ let }; mysqlOptions = { host = mkOption { description = "Host to access Mysql"; type = str; }; + remoteHost = mkOption { description = "Host to access Mysql from outside"; type = str; }; port = mkOption { description = "Port to access Mysql"; type = str; }; socket = mkOption { description = "Socket to access Mysql"; type = path; }; systemUsers = mkOption { @@ -40,14 +41,14 @@ let }; }; }; - mkMysqlOptions = name: mkOption { + mkMysqlOptions = name: more: mkOption { description = "${name} mysql configuration"; type = submodule { options = mysqlOptions // { database = mkOption { description = "${name} database"; type = str; }; user = mkOption { description = "${name} user"; type = str; }; password = mkOption { description = "mysql password of the ${name} user"; type = str; }; - }; + } // more; }; }; psqlOptions = { @@ -107,6 +108,84 @@ let }; }; }; + smtpOptions = { + host = mkOption { description = "Host to access SMTP"; type = str; }; + port = mkOption { description = "Port to access SMTP"; type = str; }; + }; + mkSmtpOptions = name: mkOption { + description = "${name} smtp configuration"; + type = submodule { + options = smtpOptions // { + email = mkOption { description = "${name} email"; type = str; }; + password = mkOption { description = "SMTP password of the ${name} user"; type = str; }; + }; + }; + }; + hostEnv = submodule { + options = { + fqdn = mkOption { + description = "Host FQDN"; + type = str; + }; + users = mkOption { + type = unspecified; + default = pkgs: []; + description = '' + Sublist of users from realUsers. Function that takes pkgs as + argument and gives an array as a result + ''; + }; + emails = mkOption { + default = []; + description = "List of e-mails that the server can be a sender of"; + type = listOf str; + }; + ldap = mkOption { + description = '' + LDAP credentials for the host + ''; + type = submodule { + options = { + password = mkOption { type = str; description = "Password for the LDAP connection"; }; + dn = mkOption { type = str; description = "DN for the LDAP connection"; }; + }; + }; + }; + mx = mkOption { + description = "subdomain and priority for MX server"; + default = { enable = false; }; + type = submodule { + options = { + enable = mkEnableOption "Enable MX"; + subdomain = mkOption { type = nullOr str; description = "Subdomain name (mx-*)"; }; + priority = mkOption { type = nullOr str; description = "Priority"; }; + }; + }; + }; + ips = mkOption { + description = '' + attrs of ip4/ip6 grouped by section + ''; + type = attrsOf (submodule { + options = { + ip4 = mkOption { + type = str; + description = '' + ip4 address of the host + ''; + }; + ip6 = mkOption { + type = listOf str; + default = []; + description = '' + ip6 addresses of the host + ''; + }; + }; + }); + }; + }; + }; in { options.myEnv = { @@ -115,43 +194,7 @@ in Attrs of servers information in the cluster (not necessarily handled by nixops) ''; default = {}; - type = attrsOf (submodule { - options = { - ldap = mkOption { - description = '' - LDAP credentials for the host - ''; - type = submodule { - options = { - password = mkOption { type = string; description = "Password for the LDAP connection"; }; - dn = mkOption { type = string; description = "DN for the LDAP connection"; }; - }; - }; - }; - ips = mkOption { - description = '' - attrs of ip4/ip6 grouped by section - ''; - type = attrsOf (submodule { - options = { - ip4 = mkOption { - type = string; - description = '' - ip4 address of the host - ''; - }; - ip6 = mkOption { - type = listOf string; - default = []; - description = '' - ip6 addresses of the host - ''; - }; - }; - }); - }; - }; - }); + type = attrsOf hostEnv; }; hetznerCloud = mkOption { description = '' @@ -228,6 +271,10 @@ in }; }; }; + smtp = mkOption { + type = submodule { options = smtpOptions; }; + description = "SMTP configuration"; + }; ldap = mkOption { description = '' LDAP server configuration @@ -259,11 +306,20 @@ in description = "Jabber configuration"; type = submodule { options = { + postfix_user_filter = mkOption { type = str; description = "Postfix filter to get xmpp users"; }; ldap = mkLdapOptions "Jabber" {}; postgresql = mkPsqlOptions "Jabber"; }; }; }; + realUsers = mkOption { + description = '' + Attrset of function taking pkgs as argument. + Real users settings, should provide a subattr of users.users. + with at least: name, (hashed)Password, shell + ''; + type = attrsOf unspecified; + }; users = mkOption { description = "System and regular users uid/gid"; type = attrsOf (submodule { @@ -385,9 +441,40 @@ in type = submodule { options = { password = mkOption { type = str; description = "Password for encrypting files"; }; - remote = mkOption { type = str; description = "Remote url access"; }; - accessKeyId = mkOption { type = str; description = "Remote access-key"; }; - secretAccessKey = mkOption { type = str; description = "Remote access secret"; }; + remotes = mkOption { + type = attrsOf (submodule { + options = { + remote = mkOption { + type = unspecified; + example = literalExample '' + bucket: "s3://some_host/${bucket}"; + ''; + description = '' + Function. + Takes a bucket name as argument and returns a url + ''; + }; + accessKeyId = mkOption { type = str; description = "Remote access-key"; }; + secretAccessKey = mkOption { type = str; description = "Remote access secret"; }; + }; + }); + }; + }; + }; + }; + zrepl_backup = mkOption { + type = submodule { + options = { + ssh_key = mkOption { + description = "SSH key information"; + type = submodule { + options = { + public = mkOption { type = str; description = "Public part of the key"; }; + private = mkOption { type = lines; description = "Private part of the key"; }; + }; + }; + }; + mysql = mkMysqlOptions "Zrepl" {}; }; }; }; @@ -397,7 +484,6 @@ in ''; type = submodule { options = { - mailto = mkOption { type = str; description = "Where to e-mail on error"; }; ssh_key = mkOption { description = "SSH key information"; type = submodule { @@ -412,6 +498,7 @@ in type = attrsOf (submodule { options = { keep = mkOption { type = int; description = "Number of backups to keep"; }; + check_command = mkOption { type = str; description = "command to check if backup needs to be done"; default = "backup"; }; login = mkOption { type = str; description = "Login to connect to host"; }; port = mkOption { type = str; default = "22"; description = "Port to connect to host"; }; host = mkOption { type = str; description = "Host to connect to"; }; @@ -452,7 +539,44 @@ in options = { status_url = mkOption { type = str; description = "URL to push status to"; }; status_token = mkOption { type = str; description = "Token for the status url"; }; + http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; }; email = mkOption { type = str; description = "Admin E-mail"; }; + ssh_public_key = mkOption { type = str; description = "SSH public key"; }; + ssh_secret_key = mkOption { type = str; description = "SSH secret key"; }; + imap_login = mkOption { type = str; description = "IMAP login"; }; + imap_password = mkOption { type = str; description = "IMAP password"; }; + eriomem_keys = mkOption { type = listOf (listOf str); description = "Eriomem keys"; default = []; }; + ovh_sms = mkOption { + description = "OVH credentials for sms script"; + type = submodule { + options = { + endpoint = mkOption { type = str; default = "ovh-eu"; description = "OVH endpoint"; }; + application_key = mkOption { type = str; description = "Application key"; }; + application_secret = mkOption { type = str; description = "Application secret"; }; + consumer_key = mkOption { type = str; description = "Consumer key"; }; + account = mkOption { type = str; description = "Account"; }; + }; + }; + }; + nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; }; + slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; }; + slack_channel = mkOption { type = str; description = "Slack channel to push status update"; }; + netdata_aggregator = mkOption { type = str; description = "Url where netdata information should be sent"; }; + netdata_keys = mkOption { type = attrsOf str; description = "netdata host keys"; }; + contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; }; + email_check = mkOption { + description = "Emails services to check"; + type = attrsOf (submodule { + options = { + local = mkOption { type = bool; default = false; description = "Use local configuration"; }; + port = mkOption { type = nullOr str; default = null; description = "Port to connect to ssh"; }; + login = mkOption { type = nullOr str; default = null; description = "Login to connect to ssh"; }; + targets = mkOption { type = listOf str; description = "Hosts to send E-mails to"; }; + mail_address = mkOption { type = nullOr str; default = null; description = "E-mail recipient part to send e-mail to"; }; + mail_domain = mkOption { type = nullOr str; default = null; description = "E-mail domain part to send e-mail to"; }; + }; + }); + }; }; }; }; @@ -475,6 +599,16 @@ in }; }; }; + vpn = mkOption { + description = "VPN configuration"; + type = attrsOf (submodule { + options = { + prefix = mkOption { type = str; description = "ipv6 prefix for the vpn subnet"; }; + privateKey = mkOption { type = str; description = "Private key for the host"; }; + publicKey = mkOption { type = str; description = "Public key for the host"; }; + }; + }); + }; mail = mkOption { description = "Mail configuration"; type = submodule { @@ -518,7 +652,9 @@ in ''; type = listOf str; }; - mysql = mkMysqlOptions "Postfix"; + mysql = mkMysqlOptions "Postfix" { + password_encrypt = mkOption { type = str; description = "Key to encrypt relay password in database"; }; + }; backup_domains = mkOption { description = '' Domains that are accepted for relay as backup domain @@ -565,6 +701,7 @@ in user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; }; iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; }; iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; }; + postfix_mailbox_filter = mkOption { type = str; description = "Postfix filter to get mailboxes"; }; }; }; }; @@ -593,6 +730,7 @@ in description = "Mail script recipients"; type = attrsOf (submodule { options = { + external = mkEnableOption "Create a script_@mail.immae.eu external address"; src = mkOption { description = '' git source to fetch the script from. @@ -612,6 +750,28 @@ in }; }); }; + sympa = mkOption { + description = "Sympa configuration"; + type = submodule { + options = { + listmasters = mkOption { + type = listOf str; + description = "Listmasters"; + }; + postgresql = mkPsqlOptions "Sympa"; + data_sources = mkOption { + type = attrsOf str; + default = {}; + description = "Data sources to make available to sympa"; + }; + scenari = mkOption { + type = attrsOf str; + default = {}; + description = "Scenari to make available to sympa"; + }; + }; + }; + }; }; }; }; @@ -713,6 +873,17 @@ in description = "Tools configurations"; type = submodule { options = { + contact = mkOption { type = str; description = "Contact e-mail address"; }; + assets = mkOption { + default = {}; + type = attrsOf (submodule { + options = { + url = mkOption { type = str; description = "URL to fetch"; }; + sha256 = mkOption { type = str; description = "Hash of the url"; }; + }; + }); + description = "Assets to provide on assets.immae.eu"; + }; davical = mkOption { description = "Davical configuration"; type = submodule { @@ -733,6 +904,15 @@ in }; }; }; + dmarc_reports = mkOption { + description = "DMARC reports configuration"; + type = submodule { + options = { + mysql = mkMysqlOptions "DMARC" {}; + anonymous_key = mkOption { type = str; description = "Anonymous hashing key"; }; + }; + }; + }; etherpad-lite = mkOption { description = "Etherpad configuration"; type = submodule { @@ -741,6 +921,7 @@ in ldap = mkLdapOptions "Etherpad" { group_filter = mkOption { type = str; description = "Filter for groups"; }; }; + adminPassword = mkOption { type = str; description = "Admin password for mypads / admin"; }; session_key = mkOption { type = str; description = "Session key"; }; api_key = mkOption { type = str; description = "API key"; }; redirects = mkOption { type = str; description = "Redirects for apache"; }; @@ -831,6 +1012,16 @@ in }; }; }; + syden_peertube = mkOption { + description = "Peertube Syden configuration"; + type = submodule { + options = { + listenPort = mkOption { type = port; description = "Port to listen to"; }; + postgresql = mkPsqlOptions "Peertube"; + redis = mkRedisOptions "Peertube"; + }; + }; + }; phpldapadmin = mkOption { description = "phpLdapAdmin configuration"; type = submodule { @@ -872,6 +1063,15 @@ in }; }; }; + status_engine = mkOption { + description = "Status Engine configuration"; + type = submodule { + options = { + mysql = mkMysqlOptions "StatusEngine" {}; + ldap = mkLdapOptions "StatusEngine" {}; + }; + }; + }; task = mkOption { description = "Taskwarrior configuration"; type = submodule { @@ -916,6 +1116,30 @@ in }; }; }; + webhooks = mkOption { + type = attrsOf str; + description = "Mapping 'name'.php => script for webhooks"; + }; + csp_reports = mkOption { + description = "CSP report configuration"; + type = submodule { + options = { + report_uri = mkOption { type = str; description = "URI to report CSP violations to"; }; + policies = mkOption { type = attrsOf str; description = "CSP policies to apply"; }; + postgresql = mkPsqlOptions "CSP reports"; + }; + }; + }; + commento = mkOption { + description = "Commento configuration"; + type = submodule { + options = { + listenPort = mkOption { type = port; description = "Port to listen to"; }; + postgresql = mkPsqlOptions "Commento"; + smtp = mkSmtpOptions "Commento"; + }; + }; + }; ympd = mkOption { description = "Ympd configuration"; type = submodule { @@ -938,7 +1162,7 @@ in description = "Yourls configuration"; type = submodule { options = { - mysql = mkMysqlOptions "Yourls"; + mysql = mkMysqlOptions "Yourls" {}; ldap = mkLdapOptions "Yourls" {}; cookieKey = mkOption { type = str; description = "Cookie key"; }; }; @@ -947,10 +1171,28 @@ in }; }; }; + serverSpecific = mkOption { type = attrsOf unspecified; description = "Server specific configuration"; }; websites = mkOption { description = "Websites configurations"; type = submodule { options = { + immae = mkOption { + description = "Immae configuration by environment"; + type = submodule { + options = { + temp = mkOption { + description = "Temp configuration"; + type = submodule { + options = { + ldap = mkLdapOptions "Immae temp" { + filter = mkOption { type = str; description = "Filter for user access"; }; + }; + }; + }; + }; + }; + }; + }; isabelle = mkOption { description = "Isabelle configurations by environment"; type = @@ -970,6 +1212,16 @@ in options = { aten_production = atenSubmodule; aten_integration = atenSubmodule; + iridologie = mkOption { + description = "environment configuration"; + type = submodule { + options = { + environment = mkOption { type = str; description = "SPIP environment"; }; + mysql = mkMysqlOptions "Iridologie" {}; + ldap = mkLdapOptions "Iridologie" {}; + }; + }; + }; }; }; }; @@ -981,8 +1233,8 @@ in description = "environment configuration"; type = submodule { options = { - environment = mkOption { type = str; description = "Symfony environment"; }; - mysql = mkMysqlOptions "Chloe"; + environment = mkOption { type = str; description = "SPIP environment"; }; + mysql = mkMysqlOptions "Chloe" {}; ldap = mkLdapOptions "Chloe" {}; }; }; @@ -1004,7 +1256,7 @@ in type = submodule { options = { environment = mkOption { type = str; description = "Symfony environment"; }; - mysql = mkMysqlOptions "Connexionswing"; + mysql = mkMysqlOptions "Connexionswing" {}; secret = mkOption { type = str; description = "Symfony App secret"; }; email = mkOption { type = str; description = "Symfony email notification"; }; }; @@ -1022,12 +1274,12 @@ in description = "Naturaloutil configuration"; type = submodule { options = { - mysql = mkMysqlOptions "Naturaloutil"; + mysql = mkMysqlOptions "Naturaloutil" {}; server_admin = mkOption { type = str; description = "Server admin e-mail"; }; }; }; }; - telioTortay = mkOption { + telio_tortay = mkOption { description = "Telio Tortay configuration"; type = submodule { options = { @@ -1035,7 +1287,7 @@ in }; }; }; - ludivinecassal = mkOption { + ludivine = mkOption { description = "Ludivinecassal configurations by environment"; type = let @@ -1044,7 +1296,7 @@ in type = submodule { options = { environment = mkOption { type = str; description = "Symfony environment"; }; - mysql = mkMysqlOptions "LudivineCassal"; + mysql = mkMysqlOptions "LudivineCassal" {}; ldap = mkLdapOptions "LudivineCassal" {}; secret = mkOption { type = str; description = "Symfony App secret"; }; }; @@ -1091,7 +1343,7 @@ in type = submodule { options = { environment = mkOption { type = str; description = "Symfony environment"; }; - mysql = mkMysqlOptions "Piedsjaloux"; + mysql = mkMysqlOptions "Piedsjaloux" {}; secret = mkOption { type = str; description = "Symfony App secret"; }; }; }; @@ -1108,7 +1360,7 @@ in description = "Europe Richie configurations by environment"; type = submodule { options = { - mysql = mkMysqlOptions "Richie"; + mysql = mkMysqlOptions "Richie" {}; smtp_mailer = mkOption { description = "SMTP mailer configuration"; type = submodule { @@ -1121,6 +1373,21 @@ in }; }; }; + caldance = mkOption { + description = "Caldance configurations by environment"; + type = submodule { + options = { + integration = mkOption { + description = "environment configuration"; + type = submodule { + options = { + password = mkOption { type = str; description = "Password file content for basic auth"; }; + }; + }; + }; + }; + }; + }; tellesflorian = mkOption { description = "Tellesflorian configurations by environment"; type = @@ -1130,7 +1397,7 @@ in type = submodule { options = { environment = mkOption { type = str; description = "Symfony environment"; }; - mysql = mkMysqlOptions "Tellesflorian"; + mysql = mkMysqlOptions "Tellesflorian" {}; secret = mkOption { type = str; description = "Symfony App secret"; }; invite_passwords = mkOption { type = str; description = "Password basic auth"; }; }; @@ -1154,12 +1421,10 @@ in ''; }; }; - options.hostEnv = { - FQDN = mkOption { - type = string; - description = '' - FQDN of the current host. - ''; - }; + options.hostEnv = mkOption { + readOnly = true; + type = hostEnv; + default = config.myEnv.servers."${name}"; + description = "Host environment"; }; }