src = fetchgitPrivate json.git;
};
- checkEnv = var: builtins.stringLength (builtins.getEnv var) > 0;
-
wrap = { paths ? [], vars ? {}, file ? null, script ? null, name ? "wrap" }:
assert file != null || script != null ||
abort "wrap needs 'file' or 'script' argument";
_module.args = {
mylibs = import ../libs.nix;
myconfig = {
+ env = import ./environment.nix;
ips = {
main = "176.9.151.89";
production = "176.9.151.154";
deployment = {
targetEnv = "hetzner";
hetzner = {
- #robotUser = "defined in HETZNER_ROBOT_USER";
- #robotPass = "defined in HETZNER_ROBOT_PASS";
+ robotUser = myconfig.env.hetzner.user;
+ robotPass = myconfig.env.hetzner.pass;
mainIPv4 = myconfig.ips.main;
partitions = ''
clearpart --all --initlabel --drives=sda,sdb
environment.etc."ssh/ldap_authorized_keys" = let
ldap_authorized_keys =
- assert checkEnv "NIXOPS_SSHD_LDAP_PASSWORD";
wrap {
name = "ldap_authorized_keys";
file = ./ldap_authorized_keys.sh;
vars = {
- LDAP_PASS = builtins.getEnv "NIXOPS_SSHD_LDAP_PASSWORD";
+ LDAP_PASS = myconfig.env.sshd.ldap.password;
GITOLITE_SHELL = "${pkgs.gitolite}/bin/gitolite-shell";
ECHO = "${pkgs.coreutils}/bin/echo";
};
-{ lib, pkgs, config, mylibs, ... }:
+{ lib, pkgs, config, myconfig, mylibs, ... }:
let
cfg = config.services.myDatabases;
in {
security.pam.services = let
pam_ldap = pkgs.pam_ldap;
- pam_ldap_mysql = assert mylibs.checkEnv "NIXOPS_MYSQL_PAM_PASSWORD";
- pkgs.writeText "mysql.conf" ''
+ pam_ldap_mysql = pkgs.writeText "mysql.conf" ''
host ldap.immae.eu
base dc=immae,dc=eu
binddn cn=mysql,cn=pam,ou=services,dc=immae,dc=eu
- bindpw ${builtins.getEnv "NIXOPS_MYSQL_PAM_PASSWORD"}
+ bindpw ${myconfig.env.databases.mysql.pam_password}
pam_filter memberOf=cn=users,cn=mysql,cn=pam,ou=services,dc=immae,dc=eu
'';
- pam_ldap_postgresql_replication = assert mylibs.checkEnv "NIXOPS_ELDIRON_LDAP_PASSWORD";
- pkgs.writeText "postgresql.conf" ''
+ pam_ldap_postgresql_replication = pkgs.writeText "postgresql.conf" ''
host ldap.immae.eu
base dc=immae,dc=eu
binddn cn=eldiron,ou=hosts,dc=immae,dc=eu
- bindpw ${builtins.getEnv "NIXOPS_ELDIRON_LDAP_PASSWORD"}
+ bindpw ${myconfig.env.ldap.password}
pam_login_attribute cn
'';
in [
-{ lib, pkgs, config, mylibs, ... }:
+{ lib, pkgs, config, myconfig, mylibs, ... }:
let
cfg = config.services.myGitolite;
in {
basePath = "${cfg.gitoliteDir}/repositories";
};
- system.activationScripts.gitolite =
- assert mylibs.checkEnv "NIXOPS_GITOLITE_LDAP_PASSWORD";
- let
+ system.activationScripts.gitolite = let
gitolite_ldap_groups = mylibs.wrap {
name = "gitolite_ldap_groups.sh";
file = ./gitolite_ldap_groups.sh;
vars = {
- LDAP_PASS = builtins.getEnv "NIXOPS_GITOLITE_LDAP_PASSWORD";
+ LDAP_PASS = myconfig.env.tools.gitolite.ldap.password;
};
paths = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.coreutils ];
};
-{ lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, yarn }:
+{ lib, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, yarn }:
let
- aten = { environment ? "dev" }: rec {
- varPrefix = "ATEN";
+ aten = { config }: rec {
+ environment = config.environment;
varDir = "/var/lib/aten_${environment}";
- envName= lib.strings.toUpper environment;
phpFpm = rec {
socket = "/var/run/phpfpm/aten-${environment}.sock";
pool = ''
user = "wwwrun";
group = "wwwrun";
modules = [ "proxy_fcgi" ];
- vhostConf =
- assert checkEnv "NIXOPS_${varPrefix}_${envName}_SECRET";
- assert checkEnv "NIXOPS_${varPrefix}_${envName}_PSQL_URL";
- ''
+ vhostConf = ''
<FilesMatch "\.php$">
SetHandler "proxy:unix:${phpFpm.socket}|fcgi://localhost"
</FilesMatch>
SetEnv APP_ENV "${environment}"
- SetEnv APP_SECRET "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"}
- SetEnv DATABASE_URL "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_PSQL_URL"}
+ SetEnv APP_SECRET "${config.secret}"
+ SetEnv DATABASE_URL "${config.psql_url}"
${if environment == "dev" then ''
<Location />
export GIT_SSL_CAINFO=${cacert}/etc/ssl/certs/ca-bundle.crt
export SSL_CERT_FILE=${cacert}/etc/ssl/certs/ca-bundle.crt
export APP_ENV="${environment}"
- export DATABASE_URL="${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_PSQL_URL"}"
- export APP_SECRET="${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"}"
+ export DATABASE_URL="${config.psql_url}"
+ export APP_SECRET="${config.secret}"
${if environment == "dev" then ''
composer install
-{ lib, pkgs, config, mylibs, ... }:
+{ lib, pkgs, config, myconfig, mylibs, ... }:
let
- aten = pkgs.callPackage ./aten.nix { inherit (mylibs) checkEnv fetchedGitPrivate; };
- aten_dev = aten { environment = "dev"; };
- aten_prod = aten { environment = "prod"; };
+ aten = pkgs.callPackage ./aten.nix { inherit (mylibs) fetchedGitPrivate; };
+ aten_dev = aten {
+ config = myconfig.env.websites.aten.integration;
+ };
+ aten_prod = aten {
+ config = myconfig.env.websites.aten.production;
+ };
cfg = config.services.myWebsites.Aten;
in {
-{ stdenv, lib, checkEnv, fetchzip, fetchurl, fetchedGitPrivate, sassc }:
+{ stdenv, lib, fetchzip, fetchurl, fetchedGitPrivate, sassc }:
let
- chloe = { environment ? "dev" }: rec {
- varPrefix = "CHLOE";
- envName= lib.strings.toUpper environment;
+ chloe = { config }: rec {
+ environment = config.environment;
phpFpm = rec {
socket = "/var/run/phpfpm/chloe-${environment}.sock";
- pool =
- assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD";
- assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER";
- assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_DB";
- assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_DN";
- assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD";
- assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH";
- ''
+ pool = ''
listen = ${socket}
user = ${apache.user}
group = ${apache.group}
env[SPIP_SITE] = "chloe-${environment}"
env[SPIP_LDAP_BASE] = "dc=immae,dc=eu"
env[SPIP_LDAP_HOST] = "ldaps://ldap.immae.eu"
- env[SPIP_LDAP_SEARCH_DN] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_DN"}"
- env[SPIP_LDAP_SEARCH_PW] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD"}"
- env[SPIP_LDAP_SEARCH] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH"}"
+ env[SPIP_LDAP_SEARCH_DN] = "${config.ldap.dn}"
+ env[SPIP_LDAP_SEARCH_PW] = "${config.ldap.password}"
+ env[SPIP_LDAP_SEARCH] = "${config.ldap.search}"
env[SPIP_MYSQL_HOST] = "db-1.immae.eu"
- env[SPIP_MYSQL_DB] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_DB"}"
- env[SPIP_MYSQL_USER] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"}"
- env[SPIP_MYSQL_PASSWORD] = "${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"}"
+ env[SPIP_MYSQL_DB] = "${config.mysql.name}"
+ env[SPIP_MYSQL_USER] = "${config.mysql.user}"
+ env[SPIP_MYSQL_PASSWORD] = "${config.mysql.password}"
${if environment == "dev" then ''
pm = ondemand
pm.max_children = 5
-{ lib, pkgs, config, mylibs, ... }:
+{ lib, pkgs, config, myconfig, mylibs, ... }:
let
- chloe = pkgs.callPackage ./chloe.nix { inherit (mylibs) checkEnv fetchedGitPrivate; };
- chloe_dev = chloe { environment = "dev"; };
- chloe_prod = chloe { environment = "prod"; };
+ chloe = pkgs.callPackage ./chloe.nix { inherit (mylibs) fetchedGitPrivate; };
+ chloe_dev = chloe {
+ config = myconfig.env.websites.chloe.integration;
+ };
+ chloe_prod = chloe {
+ config = myconfig.env.websites.chloe.production;
+ };
cfg = config.services.myWebsites.Chloe;
in {
-{ lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert }:
+{ lib, writeText, fetchedGitPrivate, stdenv, php, git, cacert }:
let
- connexionswing = { environment ? "dev" }: rec {
+ connexionswing = { config }: rec {
+ environment = config.environment;
varDir = "/var/lib/connexionswing_${environment}";
envName= lib.strings.toUpper environment;
configRoot =
- assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_PASSWORD";
- assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_USER";
- assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_NAME";
- assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_SECRET";
- assert checkEnv "NIXOPS_CONNEXIONSWING_${envName}_EMAIL";
writeText "parameters.yml" ''
# This file is auto-generated during the composer install
parameters:
database_host: db-1.immae.eu
database_port: null
- database_name: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_NAME"}
- database_user: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_USER"}
- database_password: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_MYSQL_PASSWORD"}
+ database_name: ${config.mysql.name}
+ database_user: ${config.mysql.user}
+ database_password: ${config.mysql.password}
mailer_transport: smtp
mailer_host: mail.immae.eu
mailer_user: null
mailer_password: null
- subscription_email: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_EMAIL"}
+ subscription_email: ${config.email}
allow_robots: true
- secret: ${builtins.getEnv "NIXOPS_CONNEXIONSWING_${envName}_SECRET"}
+ secret: ${config.secret}
'';
phpFpm = rec {
socket = "/var/run/phpfpm/connexionswing-${environment}.sock";
-{ lib, pkgs, config, mylibs, ... }:
+{ lib, pkgs, config, mylibs, myconfig, ... }:
let
- connexionswing = pkgs.callPackage ./connexionswing.nix { inherit (mylibs) checkEnv fetchedGitPrivate; };
- connexionswing_dev = connexionswing { environment = "dev"; };
- connexionswing_prod = connexionswing { environment = "prod"; };
+ connexionswing = pkgs.callPackage ./connexionswing.nix { inherit (mylibs) fetchedGitPrivate; };
+ connexionswing_dev = connexionswing {
+ config = myconfig.env.websites.connexionswing.integration;
+ };
+ connexionswing_prod = connexionswing {
+ config = myconfig.env.websites.connexionswing.production;
+ };
cfg = config.services.myWebsites.Connexionswing;
in {
{ lib, pkgs, config, mylibs, myconfig, ... }:
let
- mypkgs = pkgs.callPackage ../../packages.nix {
- inherit (mylibs) checkEnv fetchedGit fetchedGithub;
- };
cfg = config.services.myWebsites;
makeService = name: cfg: let
toVhost = vhostConf: {
};
ldap = {
modules = [ "ldap" "authnz_ldap" ];
- extraConfig = assert mylibs.checkEnv "NIXOPS_HTTP_LDAP_PASSWORD"; ''
+ extraConfig = ''
<IfModule ldap_module>
LDAPSharedCacheSize 500000
LDAPCacheEntries 1024
<IfModule authnz_ldap_module>
AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS
AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu
- AuthLDAPBindPassword "${builtins.getEnv "NIXOPS_HTTP_LDAP_PASSWORD"}"
+ AuthLDAPBindPassword "${myconfig.env.httpd.ldap.password}"
AuthType Basic
AuthName "Authentification requise (Acces LDAP)"
AuthBasicProvider ldap
-{ lib, pkgs, config, mylibs, ... }:
+{ lib, pkgs, config, myconfig, mylibs, ... }:
let
- ludivinecassal = pkgs.callPackage ./ludivinecassal.nix { inherit (mylibs) checkEnv fetchedGitPrivate; };
- ludivinecassal_dev = ludivinecassal { environment = "dev"; };
- ludivinecassal_prod = ludivinecassal { environment = "prod"; };
+ ludivinecassal = pkgs.callPackage ./ludivinecassal.nix { inherit (mylibs) fetchedGitPrivate; };
+ ludivinecassal_dev = ludivinecassal {
+ config = myconfig.env.websites.ludivinecassal.integration;
+ };
+ ludivinecassal_prod = ludivinecassal {
+ config = myconfig.env.websites.ludivinecassal.production;
+ };
cfg = config.services.myWebsites.Ludivine;
in {
-{ lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, ruby, sass, imagemagick }:
+{ lib, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, ruby, sass, imagemagick }:
let
- ludivinecassal = { environment ? "dev" }: rec {
- varPrefix = "LUDIVINECASSAL";
+ ludivinecassal = { config }: rec {
+ environment = config.environment;
varDir = "/var/lib/ludivinecassal_${environment}";
- envName= lib.strings.toUpper environment;
configRoot =
- assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD";
- assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER";
- assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME";
- assert checkEnv "NIXOPS_${varPrefix}_${envName}_SECRET";
- assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD";
- assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_DN";
- assert checkEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_FILTER";
writeText "parameters.yml" ''
# This file is auto-generated during the composer install
parameters:
database_host: db-1.immae.eu
database_port: null
- database_name: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"}
- database_user: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"}
- database_password: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"}
+ database_name: ${config.mysql.name}
+ database_user: ${config.mysql.user}
+ database_password: ${config.mysql.password}
mailer_transport: smtp
mailer_host: mail.immae.eu
mailer_user: null
mailer_password: null
- secret: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"}
+ secret: ${config.secret}
ldap_host: ldap.immae.eu
ldap_port: 636
ldap_version: 3
ldap_tls: false
ldap_user_bind: 'uid={username},ou=users,dc=immae,dc=eu'
ldap_base_dn: 'dc=immae,dc=eu'
- ldap_search_dn: '${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_DN"}'
- ldap_search_password: '${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_PASSWORD"}'
- ldap_search_filter: '${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_LDAP_SEARCH_FILTER"}'
+ ldap_search_dn: '${config.ldap.dn}'
+ ldap_search_password: '${config.ldap.password}'
+ ldap_search_filter: '${config.ldap.search}'
leapt_im:
binary_path: ${imagemagick}/bin
assetic:
-{ lib, pkgs, config, mylibs, ... }:
+{ lib, pkgs, config, myconfig, mylibs, ... }:
let
- piedsjaloux = pkgs.callPackage ./piedsjaloux.nix { inherit (mylibs) checkEnv fetchedGitPrivate; };
- piedsjaloux_dev = piedsjaloux { environment = "dev"; };
- piedsjaloux_prod = piedsjaloux { environment = "prod"; };
+ piedsjaloux = pkgs.callPackage ./piedsjaloux.nix { inherit (mylibs) fetchedGitPrivate; };
+ piedsjaloux_dev = piedsjaloux {
+ config = myconfig.env.websites.piedsjaloux.integration;
+ };
+ piedsjaloux_prod = piedsjaloux {
+ config = myconfig.env.websites.piedsjaloux.production;
+ };
cfg = config.services.myWebsites.PiedsJaloux;
in {
-{ lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, texlive, imagemagick }:
+{ lib, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages, texlive, imagemagick }:
let
- piedsjaloux = { environment ? "dev" }: rec {
- varPrefix = "PIEDSJALOUX";
+ piedsjaloux = { config }: rec {
+ environment = config.environment;
varDir = "/var/lib/piedsjaloux_${environment}";
- envName= lib.strings.toUpper environment;
configRoot =
- assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD";
- assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER";
- assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME";
- assert checkEnv "NIXOPS_${varPrefix}_${envName}_SECRET";
writeText "parameters.yml" ''
# This file is auto-generated during the composer install
parameters:
database_host: db-1.immae.eu
database_port: null
- database_name: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"}
- database_user: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"}
- database_password: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"}
+ database_name: ${config.mysql.name}
+ database_user: ${config.mysql.user}
+ database_password: ${config.mysql.password}
mailer_transport: smtp
mailer_host: mail.immae.eu
mailer_user: null
mailer_password: null
- secret: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"}
+ secret: ${config.secret}
pdflatex: "${texlive.combine { inherit (texlive) attachfile preprint scheme-small; }}/bin/pdflatex"
leapt_im:
binary_path: ${imagemagick}/bin
-{ lib, pkgs, config, mylibs, ... }:
+{ lib, pkgs, config, myconfig, mylibs, ... }:
let
adminer = pkgs.callPackage ../commons/adminer.nix {};
- tellesflorian = pkgs.callPackage ./tellesflorian.nix { inherit (mylibs) checkEnv fetchedGitPrivate; };
- tellesflorian_dev = tellesflorian { environment = "dev"; };
+ tellesflorian = pkgs.callPackage ./tellesflorian.nix { inherit (mylibs) fetchedGitPrivate; };
+ tellesflorian_dev = tellesflorian {
+ config = myconfig.env.websites.tellesflorian.integration;
+ };
cfg = config.services.myWebsites.TellesFlorian;
in {
-{ lib, checkEnv, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages }:
+{ lib, writeText, fetchedGitPrivate, stdenv, php, git, cacert, phpPackages }:
let
- tellesflorian = { environment ? "dev" }: rec {
- varPrefix = "TELLESFLORIAN";
+ tellesflorian = { config }: rec {
+ environment = config.environment;
varDir = "/var/lib/tellesflorian_${environment}";
- envName= lib.strings.toUpper environment;
configRoot =
- assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD";
- assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER";
- assert checkEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME";
- assert checkEnv "NIXOPS_${varPrefix}_${envName}_SECRET";
writeText "parameters.yml" ''
# This file is auto-generated during the composer install
parameters:
database_host: db-1.immae.eu
database_port: null
- database_name: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_NAME"}
- database_user: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_USER"}
- database_password: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_MYSQL_PASSWORD"}
+ database_name: ${config.mysql.name}
+ database_user: ${config.mysql.user}
+ database_password: ${config.mysql.password}
mailer_transport: smtp
mailer_host: mail.immae.eu
mailer_user: null
mailer_password: null
- secret: ${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_SECRET"}
+ secret: ${config.secret}
'';
phpFpm = rec {
socket = "/var/run/phpfpm/floriantelles-${environment}.sock";
pm.max_spare_servers = 3
''}'';
};
- passwords =
- assert checkEnv "NIXOPS_${varPrefix}_${envName}_INVITE_PASSWORDS";
- writeText "tellesflorian_passwords" ''
- invite:${builtins.getEnv "NIXOPS_${varPrefix}_${envName}_INVITE_PASSWORDS"}
+ passwords = writeText "tellesflorian_passwords" ''
+ invite:${config.invite_passwords}
'';
apache = {
user = "wwwrun";
-{ lib, pkgs, config, mylibs, ... }:
+{ lib, pkgs, config, myconfig, mylibs, ... }:
let
- nextcloud = pkgs.callPackage ./nextcloud.nix { inherit (mylibs) checkEnv; };
+ nextcloud = pkgs.callPackage ./nextcloud.nix {
+ env = myconfig.env.tools.nextcloud;
+ };
cfg = config.services.myWebsites.tools.cloud;
in {
-{ stdenv, fetchurl, checkEnv, writeText, lib, phpPackages, php }:
+{ stdenv, fetchurl, env, writeText, lib, phpPackages, php }:
let
nextcloud = let
buildApp = { appName, version, url, sha256, installPhase ? "mkdir -p $out && cp -R . $out/" }:
};
in rec {
varDir = "/var/lib/nextcloud";
- config_php =
- assert checkEnv "NIXOPS_NEXTCLOUD_PASSWORD_SALT";
- assert checkEnv "NIXOPS_NEXTCLOUD_DB_USER";
- assert checkEnv "NIXOPS_NEXTCLOUD_DB_PASSWORD";
- assert checkEnv "NIXOPS_NEXTCLOUD_INSTANCE_ID";
- assert checkEnv "NIXOPS_NEXTCLOUD_SECRET";
- assert checkEnv "NIXOPS_NEXTCLOUD_REDIS_DB_INDEX";
- writeText "config.php" ''
+ config_php = writeText "config.php" ''
<?php
$CONFIG = array (
- 'instanceid' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_INSTANCE_ID"}',
+ 'instanceid' => '${env.instance_id}',
'datadirectory' => '/var/lib/nextcloud/',
- 'passwordsalt' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_PASSWORD_SALT"}',
+ 'passwordsalt' => '${env.password_salt}',
'debug' => false,
'dbtype' => 'pgsql',
'version' => '15.0.0.10',
'dbname' => 'webapps',
'dbhost' => '/run/postgresql',
'dbtableprefix' => 'oc_',
- 'dbuser' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_DB_USER"}',
- 'dbpassword' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_DB_PASSWORD"}',
+ 'dbuser' => '${env.postgresql.user}',
+ 'dbpassword' => '${env.postgresql.password}',
'installed' => true,
'maxZipInputSize' => 0,
'allowZipDownload' => true,
array (
0 => 'cloud.immae.eu',
),
- 'secret' => '${builtins.getEnv "NIXOPS_NEXTCLOUD_SECRET"}',
+ 'secret' => '${env.secret}',
'appstoreenabled' => false,
'appstore.experimental.enabled' => true,
'loglevel' => 0,
array (
'host' => 'localhost',
'port' => 6379,
- 'dbindex' => ${builtins.getEnv "NIXOPS_NEXTCLOUD_REDIS_DB_INDEX"},
+ 'dbindex' => ${env.redis.db_index},
),
'overwrite.cli.url' => 'https://cloud.immae.eu',
'ldapIgnoreNamingRules' => false,
-{ stdenv, fetchurl, gettext, writeText, checkEnv }:
+{ stdenv, fetchurl, gettext, writeText, env }:
let
awl = stdenv.mkDerivation rec {
version = "0.59";
'';
};
davical = rec {
- config =
- assert checkEnv "NIXOPS_DAVICAL_DB_PASSWORD";
- assert checkEnv "NIXOPS_DAVICAL_LDAP_PASSWORD";
- writeText "davical_config.php" ''
+ config = writeText "davical_config.php" ''
<?php
- $c->pg_connect[] = "dbname=davical user=davical_app host=db-1.immae.eu password=${builtins.getEnv "NIXOPS_DAVICAL_DB_PASSWORD"}";
+ $c->pg_connect[] = "dbname=davical user=davical_app host=db-1.immae.eu password=${env.postgresql.password}";
$c->readonly_webdav_collections = false;
'port' => '389',
'startTLS' => 'yes',
'bindDN'=> 'cn=davical,ou=services,dc=immae,dc=eu',
- 'passDN'=> '${builtins.getEnv "NIXOPS_DAVICAL_LDAP_PASSWORD"}',
+ 'passDN'=> '${env.ldap.password}',
'protocolVersion' => '3',
'baseDNUsers'=> array('ou=users,dc=immae,dc=eu', 'ou=group_users,dc=immae,dc=eu'),
'filterUsers' => 'memberOf=cn=users,cn=davical,ou=services,dc=immae,dc=eu',
-{ lib, pkgs, config, mylibs, ... }:
+{ lib, pkgs, config, myconfig, mylibs, ... }:
let
infcloud = pkgs.callPackage ./infcloud.nix {};
- davical = pkgs.callPackage ./davical.nix { inherit (mylibs) checkEnv; };
+ davical = pkgs.callPackage ./davical.nix {
+ env = myconfig.env.tools.davical;
+ };
cfg = config.services.myWebsites.tools.dav;
in {
-{ lib, pkgs, config, mylibs, ... }:
+{ lib, pkgs, config, myconfig, mylibs, ... }:
let
diaspora = pkgs.callPackage ./diaspora.nix {
- inherit (mylibs) fetchedGithub checkEnv;
+ inherit (mylibs) fetchedGithub;
+ env = myconfig.env.tools.diaspora;
};
cfg = config.services.myWebsites.tools.diaspora;
-{ checkEnv, fetchedGithub, stdenv, defaultGemConfig, writeText, bundlerEnv, ruby_2_4, pkgs, cacert }:
+{ env, fetchedGithub, stdenv, defaultGemConfig, writeText, bundlerEnv, ruby_2_4, pkgs, cacert }:
let
gems = bundlerEnv {
name = "diaspora-env";
'';
propagatedBuildInputs = buildInputs;
});
- secret_token = assert checkEnv "NIXOPS_DIASPORA_SECRET_TOKEN";
- writeText "secret_token.rb" ''
- Diaspora::Application.config.secret_key_base = '${builtins.getEnv "NIXOPS_DIASPORA_SECRET_TOKEN"}'
+ secret_token = writeText "secret_token.rb" ''
+ Diaspora::Application.config.secret_key_base = '${env.secret_token}'
'';
- config =
- assert checkEnv "NIXOPS_DIASPORA_LDAP_PASSWORD";
- writeText "diaspora.yml" ''
+ config = writeText "diaspora.yml" ''
configuration:
environment:
url: "https://diaspora.immae.eu/"
skip_email_confirmation: true
use_bind_dn: true
bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu"
- bind_pw: "${builtins.getEnv "NIXOPS_DIASPORA_LDAP_PASSWORD"}"
+ bind_pw: "${env.ldap.password}"
search_base: "dc=immae,dc=eu"
search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))"
production:
development:
environment:
'';
- database_config =
- assert checkEnv "NIXOPS_DIASPORA_SQL_PASSWORD";
- writeText "database.yml" ''
+ database_config = writeText "database.yml" ''
postgresql: &postgresql
adapter: postgresql
host: db-1.immae.eu
port: 5432
username: "diaspora"
- password: "${builtins.getEnv "NIXOPS_DIASPORA_SQL_PASSWORD"}"
+ password: "${env.postgresql.password}"
encoding: unicode
common: &common
<<: *postgresql
-{ lib, pkgs, config, mylibs, ... }:
+{ lib, pkgs, config, myconfig, mylibs, ... }:
let
- mantisbt = pkgs.callPackage ./mantisbt/mantisbt.nix { inherit (mylibs) checkEnv fetchedGithub; };
+ mantisbt = pkgs.callPackage ./mantisbt/mantisbt.nix {
+ inherit (mylibs) fetchedGithub;
+ env = myconfig.env.tools.mantisbt;
+ };
gitweb = pkgs.callPackage ./gitweb/gitweb.nix { gitoliteDir = config.services.myGitolite.gitoliteDir; };
cfg = config.services.myWebsites.tools.git;
-{ lib, checkEnv, writeText, stdenv, fetchurl, fetchedGithub }:
+{ lib, env, writeText, stdenv, fetchurl, fetchedGithub }:
let
mantisbt = let
plugins = {
};
in rec {
config =
- assert checkEnv "NIXOPS_MANTISBT_DB_PASSWORD";
- assert checkEnv "NIXOPS_MANTISBT_MASTER_SALT";
- assert checkEnv "NIXOPS_MANTISBT_LDAP_PASSWORD";
writeText "config_inc.php" ''
<?php
$g_hostname = 'db-1.immae.eu';
$g_db_username = 'mantisbt';
- $g_db_password = '${builtins.getEnv "NIXOPS_MANTISBT_DB_PASSWORD"}';
+ $g_db_password = '${env.postgresql.password}';
$g_database_name = 'mantisbt';
$g_db_type = 'pgsql';
- $g_crypto_master_salt = '${builtins.getEnv "NIXOPS_MANTISBT_MASTER_SALT"}';
+ $g_crypto_master_salt = '${env.master_salt}';
$g_allow_signup = OFF;
$g_allow_anonymous_login = ON;
$g_anonymous_account = 'anonymous';
$g_ldap_server = 'ldaps://ldap.immae.eu:636';
$g_ldap_root_dn = 'ou=users,dc=immae,dc=eu';
$g_ldap_bind_dn = 'cn=mantisbt,ou=services,dc=immae,dc=eu';
- $g_ldap_bind_passwd = '${builtins.getEnv "NIXOPS_MANTISBT_LDAP_PASSWORD"}';
+ $g_ldap_bind_passwd = '${env.ldap.password}';
$g_use_ldap_email = ON;
$g_use_ldap_realname = ON;
$g_ldap_uid_field = 'uid';
-{ lib, pkgs, config, mylibs, ... }:
+{ lib, pkgs, config, myconfig, mylibs, ... }:
let
mastodon = pkgs.callPackage ./mastodon.nix {
- inherit (mylibs) fetchedGithub checkEnv;
+ inherit (mylibs) fetchedGithub;
+ env = myconfig.env.tools.mastodon;
};
cfg = config.services.myWebsites.tools.mastodon;
-{ checkEnv, fetchedGithub, stdenv, writeText, pkgs, cacert }:
+{ env, fetchedGithub, stdenv, writeText, pkgs, cacert }:
let
varDir = "/var/lib/mastodon_immae";
socketsDir = "/run/mastodon";
jemalloc which postgresql python3 cacert
];
});
- config =
- assert checkEnv "NIXOPS_MASTODON_DB_PASS";
- assert checkEnv "NIXOPS_MASTODON_PAPERCLIP_SECRET";
- assert checkEnv "NIXOPS_MASTODON_SECRET_KEY_BASE";
- assert checkEnv "NIXOPS_MASTODON_OTP_SECRET";
- assert checkEnv "NIXOPS_MASTODON_VAPID_PRIVATE_KEY";
- assert checkEnv "NIXOPS_MASTODON_VAPID_PUBLIC_KEY";
- assert checkEnv "NIXOPS_MASTODON_OTP_SECRET";
- assert checkEnv "NIXOPS_MASTODON_LDAP_PASSWORD";
- writeText "mastodon_environment" ''
+ config = writeText "mastodon_environment" ''
REDIS_HOST=localhost
REDIS_PORT=6379
REDIS_DB=13
DB_HOST=/run/postgresql
DB_USER=mastodon
DB_NAME=mastodon
- DB_PASS=${builtins.getEnv "NIXOPS_MASTODON_DB_PASS"}
+ DB_PASS=${env.postgresql.password}
DB_PORT=5432
LOCAL_DOMAIN=mastodon.immae.eu
LOCAL_HTTPS=true
ALTERNATE_DOMAINS=immae.eu
- PAPERCLIP_SECRET=${builtins.getEnv "NIXOPS_MASTODON_PAPERCLIP_SECRET"}
- SECRET_KEY_BASE=${builtins.getEnv "NIXOPS_MASTODON_SECRET_KEY_BASE"}
- OTP_SECRET=${builtins.getEnv "NIXOPS_MASTODON_OTP_SECRET"}
+ PAPERCLIP_SECRET=${env.paperclip_secret}
+ SECRET_KEY_BASE=${env.secret_key_base}
+ OTP_SECRET=${env.otp_secret}
- VAPID_PRIVATE_KEY=${builtins.getEnv "NIXOPS_MASTODON_VAPID_PRIVATE_KEY"}
- VAPID_PUBLIC_KEY=${builtins.getEnv "NIXOPS_MASTODON_VAPID_PUBLIC_KEY"}
+ VAPID_PRIVATE_KEY=${env.vapid.private}
+ VAPID_PUBLIC_KEY=${env.vapid.public}
SMTP_SERVER=mail.immae.eu
SMTP_PORT=587
LDAP_METHOD=simple_tls
LDAP_BASE="dc=immae,dc=eu"
LDAP_BIND_DN="cn=mastodon,ou=services,dc=immae,dc=eu"
- LDAP_PASSWORD="${builtins.getEnv "NIXOPS_MASTODON_LDAP_PASSWORD"}"
+ LDAP_PASSWORD="${env.ldap.password}"
LDAP_UID="uid"
LDAP_SEARCH_FILTER="(&(%{uid}=%{email})(memberOf=cn=users,cn=mastodon,ou=services,dc=immae,dc=eu))"
'';
-{ lib, pkgs, config, mylibs, ... }:
+{ lib, pkgs, config, myconfig, mylibs, ... }:
let
mediagoblin = pkgs.callPackage ./mediagoblin.nix {
- inherit (mylibs) checkEnv fetchedGit fetchedGithub;
+ inherit (mylibs) fetchedGit fetchedGithub;
+ env = myconfig.env.tools.mediagoblin;
};
cfg = config.services.myWebsites.tools.mediagoblin;
-{ checkEnv, makeWrapper, stdenv, writeText, fetchurl, fetchedGit, fetchedGithub, which, python3, pkgs, automake, autoconf, nodejs, nodePackages, git, cacert }:
+{ env, makeWrapper, stdenv, writeText, fetchurl, fetchedGit, fetchedGithub, which, python3, pkgs, automake, autoconf, nodejs, nodePackages, git, cacert }:
let
plugins = {
basicsearch = stdenv.mkDerivation (fetchedGithub ./mediagoblin-plugin-basicsearch.json // rec {
url_scheme = https
'';
- mediagoblin_local =
- assert checkEnv "NIXOPS_MEDIAGOBLIN_LDAP_PASSWORD";
- assert checkEnv "NIXOPS_MEDIAGOBLIN_SQL_URI";
- writeText "mediagoblin_local.ini" ''
+ mediagoblin_local = writeText "mediagoblin_local.ini" ''
[DEFAULT]
data_basedir = "${varDir}"
email_sender_address = "mediagoblin@mail.immae.eu"
#sql_engine = sqlite:///%(data_basedir)s/mediagoblin.db
- sql_engine = ${builtins.getEnv "NIXOPS_MEDIAGOBLIN_SQL_URI"}
+ sql_engine = ${env.psql_url}
email_debug_mode = false
allow_registration = false
LDAP_SERVER_URI = 'ldaps://ldap.immae.eu:636'
LDAP_SEARCH_BASE = 'dc=immae,dc=eu'
LDAP_BIND_DN = 'cn=mediagoblin,ou=services,dc=immae,dc=eu'
- LDAP_BIND_PW = '${builtins.getEnv "NIXOPS_MEDIAGOBLIN_LDAP_PASSWORD"}'
+ LDAP_BIND_PW = '${env.ldap.password}'
LDAP_SEARCH_FILTER = '(&(memberOf=cn=users,cn=mediagoblin,ou=services,dc=immae,dc=eu)(uid={username}))'
EMAIL_SEARCH_FIELD = 'mail'
[[mediagoblin.plugins.basicsearch]]
-{ lib, pkgs, config, mylibs, ... }:
+{ lib, pkgs, config, myconfig, mylibs, ... }:
let
adminer = pkgs.callPackage ../../commons/adminer.nix {};
ympd = pkgs.callPackage ./ympd.nix {};
- ttrss = pkgs.callPackage ./ttrss.nix { inherit (mylibs) checkEnv fetchedGithub fetchedGit; };
- roundcubemail = pkgs.callPackage ./roundcubemail.nix { inherit (mylibs) checkEnv; };
- wallabag = pkgs.callPackage ./wallabag.nix { inherit (mylibs) checkEnv; };
+ ttrss = pkgs.callPackage ./ttrss.nix {
+ inherit (mylibs) fetchedGithub fetchedGit;
+ env = myconfig.env.tools.ttrss;
+ };
+ roundcubemail = pkgs.callPackage ./roundcubemail.nix { env = myconfig.env.tools.roundcubemail; };
+ wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
cfg = config.services.myWebsites.tools.tools;
in {
-{ lib, checkEnv, writeText, stdenv, fetchurl }:
+{ lib, env, writeText, stdenv, fetchurl }:
let
roundcubemail = let
plugins = {};
install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
'';
};
- config =
- assert checkEnv "NIXOPS_ROUNDCUBEMAIL_PSQL_URL";
- assert checkEnv "NIXOPS_ROUNDCUBEMAIL_SECRET";
- writeText "config.php" ''
+ config = writeText "config.php" ''
<?php
- $config['db_dsnw'] = '${builtins.getEnv "NIXOPS_ROUNDCUBEMAIL_PSQL_URL"}';
+ $config['db_dsnw'] = '${env.psql_url}';
$config['default_host'] = 'ssl://mail.immae.eu';
$config['imap_conn_options'] = array("ssl" => array("verify_peer" => false));
$config['smtp_server'] = 'tls://mail.immae.eu';
$config['support_url'] = ''';
- $config['des_key'] = '${builtins.getEnv "NIXOPS_ROUNDCUBEMAIL_SECRET"}';
+ $config['des_key'] = '${env.secret}';
$config['plugins'] = array();
-{ lib, php, checkEnv, writeText, stdenv, fetchedGit, fetchedGithub }:
+{ lib, php, env, writeText, stdenv, fetchedGit, fetchedGithub }:
let
ttrss = let
plugins = {
install -m 0750 -o ${apache.user} -g ${apache.group} -d ${varDir}/phpSessions
'';
};
- config =
- assert checkEnv "NIXOPS_TTRSS_DB_PASSWORD";
- assert checkEnv "NIXOPS_TTRSS_LDAP_PASSWORD";
- writeText "config.php" ''
+ config = writeText "config.php" ''
<?php
define('PHP_EXECUTABLE', '${php}/bin/php');
define('DB_HOST', 'db-1.immae.eu');
define('DB_USER', 'ttrss');
define('DB_NAME', 'ttrss');
- define('DB_PASS', '${builtins.getEnv "NIXOPS_TTRSS_DB_PASSWORD"}');
+ define('DB_PASS', '${env.postgresql.password}');
define('DB_PORT', '5432');
define('AUTH_AUTO_CREATE', true);
define('LDAP_AUTH_SEARCHFILTER', '(&(memberOf=cn=users,cn=ttrss,ou=services,dc=immae,dc=eu)(|(cn=???)(uid=???)(&(uid:dn:=???)(ou=ttrss))))');
define('LDAP_AUTH_BINDDN', 'cn=ttrss,ou=services,dc=immae,dc=eu');
- define('LDAP_AUTH_BINDPW', '${builtins.getEnv "NIXOPS_TTRSS_LDAP_PASSWORD"}');
+ define('LDAP_AUTH_BINDPW', '${env.ldap.password}');
define('LDAP_AUTH_LOGIN_ATTRIB', 'immaeTtrssLogin');
define('LDAP_AUTH_LOG_ATTEMPTS', FALSE);
-{ stdenv, fetchurl, writeText, checkEnv, phpPackages, php, which }:
+{ stdenv, fetchurl, writeText, env, phpPackages, php, which }:
let
wallabag = rec {
varDir = "/var/lib/wallabag";
- parameters =
- assert checkEnv "NIXOPS_WALLABAG_SQL_PASSWORD";
- assert checkEnv "NIXOPS_WALLABAG_SECRET";
- assert checkEnv "NIXOPS_WALLABAG_LDAP_PASSWORD";
- writeText "parameters.yml" ''
+ parameters = writeText "parameters.yml" ''
# This file is auto-generated during the composer install
parameters:
database_driver: pdo_pgsql
database_port: null
database_name: webapps
database_user: wallabag
- database_password: ${builtins.getEnv "NIXOPS_WALLABAG_SQL_PASSWORD"}
+ database_password: ${env.postgresql.password}
database_path: null
database_table_prefix: wallabag_
database_socket: null
mailer_user: null
mailer_password: null
locale: fr
- secret: ${builtins.getEnv "NIXOPS_WALLABAG_SECRET"}
+ secret: ${env.secret}
twofactor_auth: true
twofactor_sender: wallabag@immae.eu
fosuser_registration: false
ldap_bind_requires_dn: true
ldap_base: 'dc=immae,dc=eu'
ldap_manager_dn: 'cn=wallabag,ou=services,dc=immae,dc=eu'
- ldap_manager_pw: ${builtins.getEnv "NIXOPS_WALLABAG_LDAP_PASSWORD"}
+ ldap_manager_pw: ${env.ldap.password}
ldap_filter: '(&(memberOf=cn=users,cn=wallabag,ou=services,dc=immae,dc=eu))'
ldap_admin_filter: '(&(memberOf=cn=admins,cn=wallabag,ou=services,dc=immae,dc=eu)(uid=%s))'
ldap_username_attribute: uid
projects / perso / Immae / Config / Nix.git / commitdiff
