diff options
author | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 01:35:06 +0200 |
---|---|---|
committer | Ismaël Bouya <ismael.bouya@normalesup.org> | 2023-10-04 02:11:48 +0200 |
commit | 1a64deeb894dc95e2645a75771732c6cc53a79ad (patch) | |
tree | 1b9df4838f894577a09b9b260151756272efeb53 /modules/private/environment.nix | |
parent | fa25ffd4583cc362075cd5e1b4130f33306103f0 (diff) | |
download | Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.gz Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.tar.zst Nix-1a64deeb894dc95e2645a75771732c6cc53a79ad.zip |
Squash changes containing private information
There were a lot of changes since the previous commit, but a lot of them
contained personnal information about users. All thos changes got
stashed into a single commit (history is kept in a different place) and
private information was moved in a separate private repository
Diffstat (limited to 'modules/private/environment.nix')
-rw-r--r-- | modules/private/environment.nix | 1492 |
1 files changed, 0 insertions, 1492 deletions
diff --git a/modules/private/environment.nix b/modules/private/environment.nix deleted file mode 100644 index 837d24b..0000000 --- a/modules/private/environment.nix +++ /dev/null | |||
@@ -1,1492 +0,0 @@ | |||
1 | { config, lib, name, ... }: | ||
2 | with lib; | ||
3 | with types; | ||
4 | with lists; | ||
5 | let | ||
6 | ldapOptions = { | ||
7 | base = mkOption { description = "Base of the LDAP tree"; type = str; }; | ||
8 | host = mkOption { description = "Host to access LDAP"; type = str; }; | ||
9 | root_dn = mkOption { description = "DN of the root user"; type = str; }; | ||
10 | root_pw = mkOption { description = "Hashed password of the root user"; type = str; }; | ||
11 | replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; }; | ||
12 | replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; }; | ||
13 | }; | ||
14 | mkLdapOptions = name: more: mkOption { | ||
15 | description = "${name} LDAP configuration"; | ||
16 | type = submodule { | ||
17 | options = ldapOptions // { | ||
18 | dn = mkOption { description = "DN of the ${name} user"; type = str; }; | ||
19 | password = mkOption { description = "password of the ${name} user"; type = str; }; | ||
20 | filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; }; | ||
21 | } // more; | ||
22 | }; | ||
23 | }; | ||
24 | mysqlOptions = { | ||
25 | host = mkOption { description = "Host to access Mysql"; type = str; }; | ||
26 | remoteHost = mkOption { description = "Host to access Mysql from outside"; type = str; }; | ||
27 | port = mkOption { description = "Port to access Mysql"; type = str; }; | ||
28 | socket = mkOption { description = "Socket to access Mysql"; type = path; }; | ||
29 | systemUsers = mkOption { | ||
30 | description = "Attrs of user-passwords allowed to access mysql"; | ||
31 | type = attrsOf str; | ||
32 | }; | ||
33 | pam = mkOption { | ||
34 | description = "PAM configuration for mysql"; | ||
35 | type = submodule { | ||
36 | options = { | ||
37 | dn = mkOption { description = "DN to connect as to check users"; type = str; }; | ||
38 | password = mkOption { description = "DN password to connect as to check users"; type = str; }; | ||
39 | filter = mkOption { description = "filter to match users"; type = str; }; | ||
40 | }; | ||
41 | }; | ||
42 | }; | ||
43 | }; | ||
44 | mkMysqlOptions = name: more: mkOption { | ||
45 | description = "${name} mysql configuration"; | ||
46 | type = submodule { | ||
47 | options = mysqlOptions // { | ||
48 | database = mkOption { description = "${name} database"; type = str; }; | ||
49 | user = mkOption { description = "${name} user"; type = str; }; | ||
50 | password = mkOption { description = "mysql password of the ${name} user"; type = str; }; | ||
51 | } // more; | ||
52 | }; | ||
53 | }; | ||
54 | psqlOptions = { | ||
55 | host = mkOption { description = "Host to access Postgresql"; type = str; }; | ||
56 | port = mkOption { description = "Port to access Postgresql"; type = str; }; | ||
57 | socket = mkOption { description = "Socket to access Postgresql"; type = path; }; | ||
58 | pam = mkOption { | ||
59 | description = "PAM configuration for psql"; | ||
60 | type = submodule { | ||
61 | options = { | ||
62 | dn = mkOption { description = "DN to connect as to check users"; type = str; }; | ||
63 | password = mkOption { description = "DN password to connect as to check users"; type = str; }; | ||
64 | filter = mkOption { description = "filter to match users"; type = str; }; | ||
65 | }; | ||
66 | }; | ||
67 | }; | ||
68 | }; | ||
69 | mkPsqlOptions = name: mkOption { | ||
70 | description = "${name} psql configuration"; | ||
71 | type = submodule { | ||
72 | options = psqlOptions // { | ||
73 | database = mkOption { description = "${name} database"; type = str; }; | ||
74 | schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; }; | ||
75 | user = mkOption { description = "${name} user"; type = str; }; | ||
76 | password = mkOption { description = "psql password of the ${name} user"; type = str; }; | ||
77 | }; | ||
78 | }; | ||
79 | }; | ||
80 | redisOptions = { | ||
81 | host = mkOption { description = "Host to access Redis"; type = str; }; | ||
82 | port = mkOption { description = "Port to access Redis"; type = str; }; | ||
83 | socket = mkOption { description = "Socket to access Redis"; type = path; }; | ||
84 | dbs = mkOption { | ||
85 | description = "Attrs of db number. Each number should be unique to avoid collision!"; | ||
86 | type = attrsOf str; | ||
87 | }; | ||
88 | spiped_key = mkOption { | ||
89 | type = str; | ||
90 | description = '' | ||
91 | Key to use with spiped to make a secure channel to replication | ||
92 | ''; | ||
93 | }; | ||
94 | predixy = mkOption { | ||
95 | description = "Predixy configuration. Unused yet"; | ||
96 | type = submodule { | ||
97 | options = { | ||
98 | read = mkOption { type = str; description = "Read password"; }; | ||
99 | }; | ||
100 | }; | ||
101 | }; | ||
102 | }; | ||
103 | mkRedisOptions = name: mkOption { | ||
104 | description = "${name} redis configuration"; | ||
105 | type = submodule { | ||
106 | options = redisOptions // { | ||
107 | db = mkOption { description = "${name} database"; type = str; }; | ||
108 | }; | ||
109 | }; | ||
110 | }; | ||
111 | smtpOptions = { | ||
112 | host = mkOption { description = "Host to access SMTP"; type = str; }; | ||
113 | port = mkOption { description = "Port to access SMTP"; type = str; }; | ||
114 | }; | ||
115 | mkSmtpOptions = name: mkOption { | ||
116 | description = "${name} smtp configuration"; | ||
117 | type = submodule { | ||
118 | options = smtpOptions // { | ||
119 | email = mkOption { description = "${name} email"; type = str; }; | ||
120 | password = mkOption { description = "SMTP password of the ${name} user"; type = str; }; | ||
121 | }; | ||
122 | }; | ||
123 | }; | ||
124 | hostEnv = submodule { | ||
125 | options = { | ||
126 | fqdn = mkOption { | ||
127 | description = "Host FQDN"; | ||
128 | type = str; | ||
129 | }; | ||
130 | users = mkOption { | ||
131 | type = unspecified; | ||
132 | default = pkgs: []; | ||
133 | description = '' | ||
134 | Sublist of users from realUsers. Function that takes pkgs as | ||
135 | argument and gives an array as a result | ||
136 | ''; | ||
137 | }; | ||
138 | emails = mkOption { | ||
139 | default = []; | ||
140 | description = "List of e-mails that the server can be a sender of"; | ||
141 | type = listOf str; | ||
142 | }; | ||
143 | ldap = mkOption { | ||
144 | description = '' | ||
145 | LDAP credentials for the host | ||
146 | ''; | ||
147 | type = submodule { | ||
148 | options = { | ||
149 | password = mkOption { type = str; description = "Password for the LDAP connection"; }; | ||
150 | dn = mkOption { type = str; description = "DN for the LDAP connection"; }; | ||
151 | }; | ||
152 | }; | ||
153 | }; | ||
154 | mx = mkOption { | ||
155 | description = "subdomain and priority for MX server"; | ||
156 | default = { enable = false; }; | ||
157 | type = submodule { | ||
158 | options = { | ||
159 | enable = mkEnableOption "Enable MX"; | ||
160 | subdomain = mkOption { type = nullOr str; description = "Subdomain name (mx-*)"; }; | ||
161 | priority = mkOption { type = nullOr str; description = "Priority"; }; | ||
162 | }; | ||
163 | }; | ||
164 | }; | ||
165 | ips = mkOption { | ||
166 | description = '' | ||
167 | attrs of ip4/ip6 grouped by section | ||
168 | ''; | ||
169 | type = attrsOf (submodule { | ||
170 | options = { | ||
171 | ip4 = mkOption { | ||
172 | type = str; | ||
173 | description = '' | ||
174 | ip4 address of the host | ||
175 | ''; | ||
176 | }; | ||
177 | ip6 = mkOption { | ||
178 | type = listOf str; | ||
179 | default = []; | ||
180 | description = '' | ||
181 | ip6 addresses of the host | ||
182 | ''; | ||
183 | }; | ||
184 | }; | ||
185 | }); | ||
186 | }; | ||
187 | }; | ||
188 | }; | ||
189 | in | ||
190 | { | ||
191 | options.myEnv = { | ||
192 | servers = mkOption { | ||
193 | description = '' | ||
194 | Attrs of servers information in the cluster (not necessarily handled by nixops) | ||
195 | ''; | ||
196 | default = {}; | ||
197 | type = attrsOf hostEnv; | ||
198 | }; | ||
199 | hetznerCloud = mkOption { | ||
200 | description = '' | ||
201 | Hetzner Cloud credential information | ||
202 | ''; | ||
203 | type = submodule { | ||
204 | options = { | ||
205 | authToken = mkOption { | ||
206 | type = str; | ||
207 | description = '' | ||
208 | The API auth token. | ||
209 | ''; | ||
210 | }; | ||
211 | }; | ||
212 | }; | ||
213 | }; | ||
214 | hetzner = mkOption { | ||
215 | description = '' | ||
216 | Hetzner credential information | ||
217 | ''; | ||
218 | type = submodule { | ||
219 | options = { | ||
220 | user = mkOption { type = str; description = "User"; }; | ||
221 | pass = mkOption { type = str; description = "Password"; }; | ||
222 | }; | ||
223 | }; | ||
224 | }; | ||
225 | sshd = mkOption { | ||
226 | description = '' | ||
227 | sshd service credential information | ||
228 | ''; | ||
229 | type = submodule { | ||
230 | options = { | ||
231 | rootKeys = mkOption { type = attrsOf str; description = "Keys of root users"; }; | ||
232 | ldap = mkOption { | ||
233 | description = '' | ||
234 | LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn | ||
235 | ''; | ||
236 | type = submodule { | ||
237 | options = { | ||
238 | password = mkOption { description = "Password"; type = str; }; | ||
239 | }; | ||
240 | }; | ||
241 | }; | ||
242 | }; | ||
243 | }; | ||
244 | }; | ||
245 | ports = mkOption { | ||
246 | description = '' | ||
247 | non-standard reserved ports. Must be unique! | ||
248 | ''; | ||
249 | type = attrsOf port; | ||
250 | default = {}; | ||
251 | apply = let | ||
252 | noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x)); | ||
253 | in | ||
254 | x: if isAttrs x && noDupl x then x else throw "Non unique values for ports"; | ||
255 | }; | ||
256 | httpd = mkOption { | ||
257 | description = '' | ||
258 | httpd service credential information | ||
259 | ''; | ||
260 | type = submodule { | ||
261 | options = { | ||
262 | ldap = mkOption { | ||
263 | description = '' | ||
264 | LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn | ||
265 | ''; | ||
266 | type = submodule { | ||
267 | options = { | ||
268 | password = mkOption { description = "Password"; type = str; }; | ||
269 | }; | ||
270 | }; | ||
271 | }; | ||
272 | }; | ||
273 | }; | ||
274 | }; | ||
275 | smtp = mkOption { | ||
276 | type = submodule { options = smtpOptions; }; | ||
277 | description = "SMTP configuration"; | ||
278 | }; | ||
279 | ldap = mkOption { | ||
280 | description = '' | ||
281 | LDAP server configuration | ||
282 | ''; | ||
283 | type = submodule { | ||
284 | options = ldapOptions; | ||
285 | }; | ||
286 | }; | ||
287 | databases = mkOption { | ||
288 | description = "Databases configuration"; | ||
289 | type = submodule { | ||
290 | options = { | ||
291 | mysql = mkOption { | ||
292 | type = submodule { options = mysqlOptions; }; | ||
293 | description = "Mysql configuration"; | ||
294 | }; | ||
295 | redis = mkOption { | ||
296 | type = submodule { options = redisOptions; }; | ||
297 | description = "Redis configuration"; | ||
298 | }; | ||
299 | postgresql = mkOption { | ||
300 | type = submodule { options = psqlOptions; }; | ||
301 | description = "Postgresql configuration"; | ||
302 | }; | ||
303 | }; | ||
304 | }; | ||
305 | }; | ||
306 | jabber = mkOption { | ||
307 | description = "Jabber configuration"; | ||
308 | type = submodule { | ||
309 | options = { | ||
310 | postfix_user_filter = mkOption { type = str; description = "Postfix filter to get xmpp users"; }; | ||
311 | ldap = mkLdapOptions "Jabber" {}; | ||
312 | postgresql = mkPsqlOptions "Jabber"; | ||
313 | }; | ||
314 | }; | ||
315 | }; | ||
316 | realUsers = mkOption { | ||
317 | description = '' | ||
318 | Attrset of function taking pkgs as argument. | ||
319 | Real users settings, should provide a subattr of users.users.<name> | ||
320 | with at least: name, (hashed)Password, shell | ||
321 | ''; | ||
322 | type = attrsOf unspecified; | ||
323 | }; | ||
324 | users = mkOption { | ||
325 | description = "System and regular users uid/gid"; | ||
326 | type = attrsOf (submodule { | ||
327 | options = { | ||
328 | uid = mkOption { | ||
329 | description = "user uid"; | ||
330 | type = int; | ||
331 | }; | ||
332 | gid = mkOption { | ||
333 | description = "user gid"; | ||
334 | type = int; | ||
335 | }; | ||
336 | }; | ||
337 | }); | ||
338 | }; | ||
339 | dns = mkOption { | ||
340 | description = "DNS configuration"; | ||
341 | type = submodule { | ||
342 | options = { | ||
343 | soa = mkOption { | ||
344 | description = "SOA information"; | ||
345 | type = submodule { | ||
346 | options = { | ||
347 | serial = mkOption { | ||
348 | description = "Serial number. Should be incremented at each change and unique"; | ||
349 | type = str; | ||
350 | }; | ||
351 | refresh = mkOption { | ||
352 | description = "Refresh time"; | ||
353 | type = str; | ||
354 | }; | ||
355 | retry = mkOption { | ||
356 | description = "Retry time"; | ||
357 | type = str; | ||
358 | }; | ||
359 | expire = mkOption { | ||
360 | description = "Expire time"; | ||
361 | type = str; | ||
362 | }; | ||
363 | ttl = mkOption { | ||
364 | description = "Default TTL time"; | ||
365 | type = str; | ||
366 | }; | ||
367 | email = mkOption { | ||
368 | description = "hostmaster e-mail"; | ||
369 | type = str; | ||
370 | }; | ||
371 | primary = mkOption { | ||
372 | description = "Primary NS"; | ||
373 | type = str; | ||
374 | }; | ||
375 | }; | ||
376 | }; | ||
377 | }; | ||
378 | ns = mkOption { | ||
379 | description = "Attrs of NS servers group"; | ||
380 | example = { | ||
381 | foo = { | ||
382 | "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ]; | ||
383 | "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ]; | ||
384 | }; | ||
385 | }; | ||
386 | type = attrsOf (attrsOf (listOf str)); | ||
387 | }; | ||
388 | keys = mkOption { | ||
389 | default = {}; | ||
390 | description = "DNS keys"; | ||
391 | type = attrsOf (submodule { | ||
392 | options = { | ||
393 | algorithm = mkOption { type = str; description = "Algorithm"; }; | ||
394 | secret = mkOption { type = str; description = "Secret"; }; | ||
395 | }; | ||
396 | }); | ||
397 | }; | ||
398 | slaveZones = mkOption { | ||
399 | description = "List of slave zones"; | ||
400 | type = listOf (submodule { | ||
401 | options = { | ||
402 | name = mkOption { type = str; description = "zone name"; }; | ||
403 | masters = mkOption { | ||
404 | description = "NS master groups of this zone"; | ||
405 | type = listOf str; | ||
406 | }; | ||
407 | keys = mkOption { | ||
408 | default = []; | ||
409 | description = "Keys associated to the server"; | ||
410 | type = listOf str; | ||
411 | }; | ||
412 | }; | ||
413 | }); | ||
414 | }; | ||
415 | masterZones = mkOption { | ||
416 | description = "List of master zones"; | ||
417 | type = listOf (submodule { | ||
418 | options = { | ||
419 | name = mkOption { type = str; description = "zone name"; }; | ||
420 | withCAA = mkOption { type = nullOr str; description = "CAA entry"; default = null; }; | ||
421 | slaves = mkOption { | ||
422 | description = "NS slave groups of this zone"; | ||
423 | type = listOf str; | ||
424 | }; | ||
425 | ns = mkOption { | ||
426 | description = "groups names that should have their NS entries listed here"; | ||
427 | type = listOf str; | ||
428 | }; | ||
429 | extra = mkOption { | ||
430 | description = "Extra zone configuration for bind"; | ||
431 | example = '' | ||
432 | notify yes; | ||
433 | ''; | ||
434 | type = lines; | ||
435 | }; | ||
436 | entries = mkOption { type = lines; description = "Regular entries of the NS zone"; }; | ||
437 | withEmail = mkOption { | ||
438 | description = "List of domains that should have mail entries (MX, dkim, SPF, ...)"; | ||
439 | default = []; | ||
440 | type = listOf (submodule { | ||
441 | options = { | ||
442 | domain = mkOption { type = str; description = "Which subdomain is concerned"; }; | ||
443 | send = mkOption { type = bool; description = "Whether there can be e-mails originating from the subdomain"; }; | ||
444 | receive = mkOption { type = bool; description = "Whether there can be e-mails arriving to the subdomain"; }; | ||
445 | }; | ||
446 | }); | ||
447 | }; | ||
448 | }; | ||
449 | }); | ||
450 | }; | ||
451 | }; | ||
452 | }; | ||
453 | }; | ||
454 | backup = mkOption { | ||
455 | description = '' | ||
456 | Remote backup with duplicity | ||
457 | ''; | ||
458 | type = submodule { | ||
459 | options = { | ||
460 | password = mkOption { type = str; description = "Password for encrypting files"; }; | ||
461 | remotes = mkOption { | ||
462 | type = attrsOf (submodule { | ||
463 | options = { | ||
464 | remote = mkOption { | ||
465 | type = unspecified; | ||
466 | example = literalExample '' | ||
467 | bucket: "s3://some_host/${bucket}"; | ||
468 | ''; | ||
469 | description = '' | ||
470 | Function. | ||
471 | Takes a bucket name as argument and returns a url | ||
472 | ''; | ||
473 | }; | ||
474 | accessKeyId = mkOption { type = str; description = "Remote access-key"; }; | ||
475 | secretAccessKey = mkOption { type = str; description = "Remote access secret"; }; | ||
476 | }; | ||
477 | }); | ||
478 | }; | ||
479 | }; | ||
480 | }; | ||
481 | }; | ||
482 | zrepl_backup = mkOption { | ||
483 | type = submodule { | ||
484 | options = { | ||
485 | ssh_key = mkOption { | ||
486 | description = "SSH key information"; | ||
487 | type = submodule { | ||
488 | options = { | ||
489 | public = mkOption { type = str; description = "Public part of the key"; }; | ||
490 | private = mkOption { type = lines; description = "Private part of the key"; }; | ||
491 | }; | ||
492 | }; | ||
493 | }; | ||
494 | mysql = mkMysqlOptions "Zrepl" {}; | ||
495 | }; | ||
496 | }; | ||
497 | }; | ||
498 | rsync_backup = mkOption { | ||
499 | description ='' | ||
500 | Rsync backup configuration from controlled host | ||
501 | ''; | ||
502 | type = submodule { | ||
503 | options = { | ||
504 | ssh_key = mkOption { | ||
505 | description = "SSH key information"; | ||
506 | type = submodule { | ||
507 | options = { | ||
508 | public = mkOption { type = str; description = "Public part of the key"; }; | ||
509 | private = mkOption { type = lines; description = "Private part of the key"; }; | ||
510 | }; | ||
511 | }; | ||
512 | }; | ||
513 | profiles = mkOption { | ||
514 | description = "Attrs of profiles to backup"; | ||
515 | type = attrsOf (submodule { | ||
516 | options = { | ||
517 | keep = mkOption { type = int; description = "Number of backups to keep"; }; | ||
518 | check_command = mkOption { type = str; description = "command to check if backup needs to be done"; default = "backup"; }; | ||
519 | login = mkOption { type = str; description = "Login to connect to host"; }; | ||
520 | port = mkOption { type = str; default = "22"; description = "Port to connect to host"; }; | ||
521 | host = mkOption { type = str; description = "Host to connect to"; }; | ||
522 | host_key = mkOption { type = str; description = "Host key"; }; | ||
523 | host_key_type = mkOption { type = str; description = "Host key type"; }; | ||
524 | parts = mkOption { | ||
525 | description = "Parts to backup for this host"; | ||
526 | type = attrsOf (submodule { | ||
527 | options = { | ||
528 | remote_folder = mkOption { type = path; description = "Remote folder to backup";}; | ||
529 | exclude_from = mkOption { | ||
530 | type = listOf path; | ||
531 | default = []; | ||
532 | description = "List of folders/files to exclude from the backup"; | ||
533 | }; | ||
534 | files_from = mkOption { | ||
535 | type = listOf path; | ||
536 | default = []; | ||
537 | description = "List of folders/files to backup in the base folder"; | ||
538 | }; | ||
539 | args = mkOption { | ||
540 | type = nullOr str; | ||
541 | default = null; | ||
542 | description = "Extra arguments to pass to rsync"; | ||
543 | }; | ||
544 | }; | ||
545 | }); | ||
546 | }; | ||
547 | }; | ||
548 | }); | ||
549 | }; | ||
550 | }; | ||
551 | }; | ||
552 | }; | ||
553 | monitoring = mkOption { | ||
554 | description = "Monitoring configuration"; | ||
555 | type = submodule { | ||
556 | options = { | ||
557 | status_url = mkOption { type = str; description = "URL to push status to"; }; | ||
558 | status_token = mkOption { type = str; description = "Token for the status url"; }; | ||
559 | http_user_password = mkOption { type = str; description = "HTTP credentials to check services behind wall"; }; | ||
560 | email = mkOption { type = str; description = "Admin E-mail"; }; | ||
561 | ssh_public_key = mkOption { type = str; description = "SSH public key"; }; | ||
562 | ssh_secret_key = mkOption { type = str; description = "SSH secret key"; }; | ||
563 | imap_login = mkOption { type = str; description = "IMAP login"; }; | ||
564 | imap_password = mkOption { type = str; description = "IMAP password"; }; | ||
565 | eriomem_keys = mkOption { type = listOf (listOf str); description = "Eriomem keys"; default = []; }; | ||
566 | ovh_sms = mkOption { | ||
567 | description = "OVH credentials for sms script"; | ||
568 | type = submodule { | ||
569 | options = { | ||
570 | endpoint = mkOption { type = str; default = "ovh-eu"; description = "OVH endpoint"; }; | ||
571 | application_key = mkOption { type = str; description = "Application key"; }; | ||
572 | application_secret = mkOption { type = str; description = "Application secret"; }; | ||
573 | consumer_key = mkOption { type = str; description = "Consumer key"; }; | ||
574 | account = mkOption { type = str; description = "Account"; }; | ||
575 | }; | ||
576 | }; | ||
577 | }; | ||
578 | eban = mkOption { | ||
579 | description = "Eban credentials for webhook"; | ||
580 | type = submodule { | ||
581 | options = { | ||
582 | user = mkOption { type = str; description = "User"; }; | ||
583 | password = mkOption { type = str; description = "Password"; }; | ||
584 | }; | ||
585 | }; | ||
586 | }; | ||
587 | nrdp_tokens = mkOption { type = listOf str; description = "Tokens allowed to push status update"; }; | ||
588 | slack_url = mkOption { type = str; description = "Slack webhook url to push status update"; }; | ||
589 | slack_channel = mkOption { type = str; description = "Slack channel to push status update"; }; | ||
590 | netdata_aggregator = mkOption { type = str; description = "Url where netdata information should be sent"; }; | ||
591 | netdata_keys = mkOption { type = attrsOf str; description = "netdata host keys"; }; | ||
592 | contacts = mkOption { type = attrsOf unspecified; description = "Contact dicts to fill naemon objects"; }; | ||
593 | email_check = mkOption { | ||
594 | description = "Emails services to check"; | ||
595 | type = attrsOf (submodule { | ||
596 | options = { | ||
597 | local = mkOption { type = bool; default = false; description = "Use local configuration"; }; | ||
598 | port = mkOption { type = nullOr str; default = null; description = "Port to connect to ssh"; }; | ||
599 | login = mkOption { type = nullOr str; default = null; description = "Login to connect to ssh"; }; | ||
600 | targets = mkOption { type = listOf str; description = "Hosts to send E-mails to"; }; | ||
601 | mail_address = mkOption { type = nullOr str; default = null; description = "E-mail recipient part to send e-mail to"; }; | ||
602 | mail_domain = mkOption { type = nullOr str; default = null; description = "E-mail domain part to send e-mail to"; }; | ||
603 | }; | ||
604 | }); | ||
605 | }; | ||
606 | }; | ||
607 | }; | ||
608 | }; | ||
609 | mpd = mkOption { | ||
610 | description = "MPD configuration"; | ||
611 | type = submodule { | ||
612 | options = { | ||
613 | folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; }; | ||
614 | password = mkOption { type = str; description = "Password to connect to the MPD instance"; }; | ||
615 | host = mkOption { type = str; description = "Host to connect to the MPD instance"; }; | ||
616 | port = mkOption { type = str; description = "Port to connect to the MPD instance"; }; | ||
617 | }; | ||
618 | }; | ||
619 | }; | ||
620 | ftp = mkOption { | ||
621 | description = "FTP configuration"; | ||
622 | type = submodule { | ||
623 | options = { | ||
624 | ldap = mkLdapOptions "FTP" { | ||
625 | proftpd_filter = mkOption { type = str; description = "Filter for proftpd listing in LDAP"; }; | ||
626 | pure-ftpd_filter = mkOption { type = str; description = "Filter for pure-ftpd listing in LDAP"; }; | ||
627 | }; | ||
628 | }; | ||
629 | }; | ||
630 | }; | ||
631 | vpn = mkOption { | ||
632 | description = "VPN configuration"; | ||
633 | type = attrsOf (submodule { | ||
634 | options = { | ||
635 | prefix = mkOption { type = str; description = "ipv6 prefix for the vpn subnet"; }; | ||
636 | privateKey = mkOption { type = str; description = "Private key for the host"; }; | ||
637 | publicKey = mkOption { type = str; description = "Public key for the host"; }; | ||
638 | }; | ||
639 | }); | ||
640 | }; | ||
641 | mail = mkOption { | ||
642 | description = "Mail configuration"; | ||
643 | type = submodule { | ||
644 | options = { | ||
645 | dmarc = mkOption { | ||
646 | description = "DMARC configuration"; | ||
647 | type = submodule { | ||
648 | options = { | ||
649 | ignore_hosts = mkOption { | ||
650 | type = lines; | ||
651 | description = '' | ||
652 | Hosts to ignore when checking for dmarc | ||
653 | ''; | ||
654 | }; | ||
655 | }; | ||
656 | }; | ||
657 | }; | ||
658 | dkim = mkOption { | ||
659 | description = "DKIM configuration"; | ||
660 | type = attrsOf (submodule { | ||
661 | options = { | ||
662 | public = mkOption { | ||
663 | type = str; | ||
664 | example = '' | ||
665 | ( "v=DKIM1; k=rsa; " | ||
666 | "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB" ) | ||
667 | ''; | ||
668 | description = "Public entry to put in DNS TXT field"; | ||
669 | }; | ||
670 | private = mkOption { type = str; description = "Private key"; }; | ||
671 | }; | ||
672 | }); | ||
673 | }; | ||
674 | postfix = mkOption { | ||
675 | description = "Postfix configuration"; | ||
676 | type = submodule { | ||
677 | options = { | ||
678 | additional_mailbox_domains = mkOption { | ||
679 | description = '' | ||
680 | List of domains that are used as mailbox final destination, in addition to those defined in the DNS records | ||
681 | ''; | ||
682 | type = listOf str; | ||
683 | }; | ||
684 | mysql = mkMysqlOptions "Postfix" { | ||
685 | password_encrypt = mkOption { type = str; description = "Key to encrypt relay password in database"; }; | ||
686 | }; | ||
687 | backup_domains = mkOption { | ||
688 | description = '' | ||
689 | Domains that are accepted for relay as backup domain | ||
690 | ''; | ||
691 | type = attrsOf (submodule { | ||
692 | options = { | ||
693 | domains = mkOption { type = listOf str; description = "Domains list"; }; | ||
694 | relay_restrictions = mkOption { | ||
695 | type = lines; | ||
696 | description = '' | ||
697 | Restrictions for relaying the e-mails from the domains | ||
698 | ''; | ||
699 | }; | ||
700 | recipient_maps = mkOption { | ||
701 | description = '' | ||
702 | Recipient map to accept relay for. | ||
703 | Must be specified for domain, the rules apply to everyone! | ||
704 | ''; | ||
705 | type = listOf (submodule { | ||
706 | options = { | ||
707 | type = mkOption { | ||
708 | type = enum [ "hash" ]; | ||
709 | description = "Map type"; | ||
710 | }; | ||
711 | content = mkOption { | ||
712 | type = str; | ||
713 | description = "Map content"; | ||
714 | }; | ||
715 | }; | ||
716 | }); | ||
717 | }; | ||
718 | }; | ||
719 | }); | ||
720 | }; | ||
721 | }; | ||
722 | }; | ||
723 | }; | ||
724 | dovecot = mkOption { | ||
725 | description = "Dovecot configuration"; | ||
726 | type = submodule { | ||
727 | options = { | ||
728 | ldap = mkLdapOptions "Dovecot" { | ||
729 | pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; }; | ||
730 | user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; }; | ||
731 | iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; }; | ||
732 | iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; }; | ||
733 | postfix_mailbox_filter = mkOption { type = str; description = "Postfix filter to get mailboxes"; }; | ||
734 | }; | ||
735 | }; | ||
736 | }; | ||
737 | }; | ||
738 | rspamd = mkOption { | ||
739 | description = "rspamd configuration"; | ||
740 | type = submodule { | ||
741 | options = { | ||
742 | redis = mkRedisOptions "Redis"; | ||
743 | read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; }; | ||
744 | write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; }; | ||
745 | read_password = mkOption { | ||
746 | type = str; | ||
747 | description = "Read password for rspamd. Unused"; | ||
748 | apply = x: ""; | ||
749 | }; | ||
750 | write_password = mkOption { | ||
751 | type = str; | ||
752 | description = "Write password for rspamd. Unused"; | ||
753 | apply = x: ""; | ||
754 | }; | ||
755 | }; | ||
756 | }; | ||
757 | }; | ||
758 | scripts = mkOption { | ||
759 | description = "Mail script recipients"; | ||
760 | type = attrsOf (submodule { | ||
761 | options = { | ||
762 | external = mkEnableOption "Create a script_<name>@mail.immae.eu external address"; | ||
763 | src = mkOption { | ||
764 | description = '' | ||
765 | git source to fetch the script from. | ||
766 | It must have a default.nix file as its root accepting a scriptEnv parameter | ||
767 | ''; | ||
768 | type = submodule { | ||
769 | options = { | ||
770 | url = mkOption { type = str; description = "git url to fetch"; }; | ||
771 | rev = mkOption { type = str; description = "git reference to fetch"; }; | ||
772 | }; | ||
773 | }; | ||
774 | }; | ||
775 | env = mkOption { | ||
776 | description = "Variables to pass to the script"; | ||
777 | type = unspecified; | ||
778 | }; | ||
779 | }; | ||
780 | }); | ||
781 | }; | ||
782 | sympa = mkOption { | ||
783 | description = "Sympa configuration"; | ||
784 | type = submodule { | ||
785 | options = { | ||
786 | listmasters = mkOption { | ||
787 | type = listOf str; | ||
788 | description = "Listmasters"; | ||
789 | }; | ||
790 | postgresql = mkPsqlOptions "Sympa"; | ||
791 | data_sources = mkOption { | ||
792 | type = attrsOf str; | ||
793 | default = {}; | ||
794 | description = "Data sources to make available to sympa"; | ||
795 | }; | ||
796 | scenari = mkOption { | ||
797 | type = attrsOf str; | ||
798 | default = {}; | ||
799 | description = "Scenari to make available to sympa"; | ||
800 | }; | ||
801 | }; | ||
802 | }; | ||
803 | }; | ||
804 | }; | ||
805 | }; | ||
806 | }; | ||
807 | buildbot = mkOption { | ||
808 | description = "Buildbot configuration"; | ||
809 | type = submodule { | ||
810 | options = { | ||
811 | ssh_key = mkOption { | ||
812 | description = "SSH key information"; | ||
813 | type = submodule { | ||
814 | options = { | ||
815 | public = mkOption { type = str; description = "Public part of the key"; }; | ||
816 | private = mkOption { type = lines; description = "Private part of the key"; }; | ||
817 | }; | ||
818 | }; | ||
819 | }; | ||
820 | workerPassword = mkOption { description = "Buildbot worker password"; type = str; }; | ||
821 | user = mkOption { | ||
822 | description = "Buildbot user"; | ||
823 | type = submodule { | ||
824 | options = { | ||
825 | uid = mkOption { | ||
826 | description = "user uid"; | ||
827 | type = int; | ||
828 | }; | ||
829 | gid = mkOption { | ||
830 | description = "user gid"; | ||
831 | type = int; | ||
832 | }; | ||
833 | }; | ||
834 | }; | ||
835 | }; | ||
836 | ldap = mkOption { | ||
837 | description = "Ldap configuration for buildbot"; | ||
838 | type = submodule { | ||
839 | options = { | ||
840 | password = mkOption { type = str; description = "Buildbot password"; }; | ||
841 | }; | ||
842 | }; | ||
843 | }; | ||
844 | projects = mkOption { | ||
845 | description = "Projects to make a buildbot for"; | ||
846 | type = attrsOf (submodule { | ||
847 | options = { | ||
848 | name = mkOption { type = str; description = "Project name"; }; | ||
849 | packages = mkOption { | ||
850 | type = unspecified; | ||
851 | example = literalExample '' | ||
852 | pkgs: [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ]; | ||
853 | ''; | ||
854 | description = '' | ||
855 | Function. | ||
856 | Builds packages list to make available to buildbot project. | ||
857 | Takes pkgs as argument. | ||
858 | ''; | ||
859 | }; | ||
860 | pythonPackages = mkOption { | ||
861 | type = unspecified; | ||
862 | example = literalExample '' | ||
863 | p: pkgs: [ pkgs.python3Packages.pip ]; | ||
864 | ''; | ||
865 | description = '' | ||
866 | Function. | ||
867 | Builds python packages list to make available to buildbot project. | ||
868 | Takes buildbot python module as first argument and pkgs as second argument in order to augment the python modules list. | ||
869 | ''; | ||
870 | }; | ||
871 | pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; }; | ||
872 | workerPort = mkOption { type = port; description = "Port for the worker"; }; | ||
873 | secrets = mkOption { | ||
874 | type = attrsOf str; | ||
875 | description = "Secrets for the project to dump as files"; | ||
876 | }; | ||
877 | environment = mkOption { | ||
878 | type = attrsOf str; | ||
879 | description = '' | ||
880 | Environment variables for the project. | ||
881 | BUILDBOT_ is prefixed to the variable names | ||
882 | ''; | ||
883 | }; | ||
884 | activationScript = mkOption { | ||
885 | type = lines; | ||
886 | description = '' | ||
887 | Activation script to run during deployment | ||
888 | ''; | ||
889 | }; | ||
890 | builderPaths = mkOption { | ||
891 | type = attrsOf unspecified; | ||
892 | default = {}; | ||
893 | description = '' | ||
894 | Attrs of functions to make accessible specifically per builder. | ||
895 | Takes pkgs as argument and should return a single path containing binaries. | ||
896 | This path will be accessible as BUILDBOT_PATH_<attrskey> | ||
897 | ''; | ||
898 | }; | ||
899 | webhookTokens = mkOption { | ||
900 | type = nullOr (listOf str); | ||
901 | default = null; | ||
902 | description = '' | ||
903 | List of tokens allowed to push to project’s change_hook/base endpoint | ||
904 | ''; | ||
905 | }; | ||
906 | }; | ||
907 | }); | ||
908 | }; | ||
909 | }; | ||
910 | }; | ||
911 | }; | ||
912 | tools = mkOption { | ||
913 | description = "Tools configurations"; | ||
914 | type = submodule { | ||
915 | options = { | ||
916 | contact = mkOption { type = str; description = "Contact e-mail address"; }; | ||
917 | assets = mkOption { | ||
918 | default = {}; | ||
919 | type = attrsOf (submodule { | ||
920 | options = { | ||
921 | url = mkOption { type = str; description = "URL to fetch"; }; | ||
922 | sha256 = mkOption { type = str; description = "Hash of the url"; }; | ||
923 | }; | ||
924 | }); | ||
925 | description = "Assets to provide on assets.immae.eu"; | ||
926 | }; | ||
927 | davical = mkOption { | ||
928 | description = "Davical configuration"; | ||
929 | type = submodule { | ||
930 | options = { | ||
931 | postgresql = mkPsqlOptions "Davical"; | ||
932 | ldap = mkLdapOptions "Davical" {}; | ||
933 | }; | ||
934 | }; | ||
935 | }; | ||
936 | diaspora = mkOption { | ||
937 | description = "Diaspora configuration"; | ||
938 | type = submodule { | ||
939 | options = { | ||
940 | postgresql = mkPsqlOptions "Diaspora"; | ||
941 | redis = mkRedisOptions "Diaspora"; | ||
942 | ldap = mkLdapOptions "Diaspora" {}; | ||
943 | secret_token = mkOption { type = str; description = "Secret token"; }; | ||
944 | }; | ||
945 | }; | ||
946 | }; | ||
947 | dmarc_reports = mkOption { | ||
948 | description = "DMARC reports configuration"; | ||
949 | type = submodule { | ||
950 | options = { | ||
951 | mysql = mkMysqlOptions "DMARC" {}; | ||
952 | anonymous_key = mkOption { type = str; description = "Anonymous hashing key"; }; | ||
953 | }; | ||
954 | }; | ||
955 | }; | ||
956 | etherpad-lite = mkOption { | ||
957 | description = "Etherpad configuration"; | ||
958 | type = submodule { | ||
959 | options = { | ||
960 | postgresql = mkPsqlOptions "Etherpad"; | ||
961 | ldap = mkLdapOptions "Etherpad" { | ||
962 | group_filter = mkOption { type = str; description = "Filter for groups"; }; | ||
963 | }; | ||
964 | adminPassword = mkOption { type = str; description = "Admin password for mypads / admin"; }; | ||
965 | session_key = mkOption { type = str; description = "Session key"; }; | ||
966 | api_key = mkOption { type = str; description = "API key"; }; | ||
967 | redirects = mkOption { type = str; description = "Redirects for apache"; }; | ||
968 | }; | ||
969 | }; | ||
970 | }; | ||
971 | gitolite = mkOption { | ||
972 | description = "Gitolite configuration"; | ||
973 | type = submodule { | ||
974 | options = { | ||
975 | ldap = mkLdapOptions "Gitolite" {}; | ||
976 | ssh_key = mkOption { | ||
977 | description = "SSH key information"; | ||
978 | type = submodule { | ||
979 | options = { | ||
980 | public = mkOption { type = str; description = "Public part of the key"; }; | ||
981 | private = mkOption { type = lines; description = "Private part of the key"; }; | ||
982 | }; | ||
983 | }; | ||
984 | }; | ||
985 | }; | ||
986 | }; | ||
987 | }; | ||
988 | kanboard = mkOption { | ||
989 | description = "Kanboard configuration"; | ||
990 | type = submodule { | ||
991 | options = { | ||
992 | postgresql = mkPsqlOptions "Kanboard"; | ||
993 | ldap = mkLdapOptions "Kanboard" { | ||
994 | admin_dn = mkOption { type = str; description = "Admin DN"; }; | ||
995 | }; | ||
996 | }; | ||
997 | }; | ||
998 | }; | ||
999 | mantisbt = mkOption { | ||
1000 | description = "Mantisbt configuration"; | ||
1001 | type = submodule { | ||
1002 | options = { | ||
1003 | postgresql = mkPsqlOptions "Mantisbt"; | ||
1004 | ldap = mkLdapOptions "Mantisbt" {}; | ||
1005 | master_salt = mkOption { type = str; description = "Master salt for password hash"; }; | ||
1006 | }; | ||
1007 | }; | ||
1008 | }; | ||
1009 | mastodon = mkOption { | ||
1010 | description = "Mastodon configuration"; | ||
1011 | type = submodule { | ||
1012 | options = { | ||
1013 | postgresql = mkPsqlOptions "Mastodon"; | ||
1014 | redis = mkRedisOptions "Mastodon"; | ||
1015 | ldap = mkLdapOptions "Mastodon" {}; | ||
1016 | paperclip_secret = mkOption { type = str; description = "Paperclip secret"; }; | ||
1017 | otp_secret = mkOption { type = str; description = "OTP secret"; }; | ||
1018 | secret_key_base = mkOption { type = str; description = "Secret key base"; }; | ||
1019 | vapid = mkOption { | ||
1020 | description = "vapid key"; | ||
1021 | type = submodule { | ||
1022 | options = { | ||
1023 | private = mkOption { type = str; description = "Private key"; }; | ||
1024 | public = mkOption { type = str; description = "Public key"; }; | ||
1025 | }; | ||
1026 | }; | ||
1027 | }; | ||
1028 | }; | ||
1029 | }; | ||
1030 | }; | ||
1031 | mediagoblin = mkOption { | ||
1032 | description = "Mediagoblin configuration"; | ||
1033 | type = submodule { | ||
1034 | options = { | ||
1035 | postgresql = mkPsqlOptions "Mediagoblin"; | ||
1036 | redis = mkRedisOptions "Mediagoblin"; | ||
1037 | ldap = mkLdapOptions "Mediagoblin" {}; | ||
1038 | }; | ||
1039 | }; | ||
1040 | }; | ||
1041 | nextcloud = mkOption { | ||
1042 | description = "Nextcloud configuration"; | ||
1043 | type = submodule { | ||
1044 | options = { | ||
1045 | postgresql = mkPsqlOptions "Peertube"; | ||
1046 | redis = mkRedisOptions "Peertube"; | ||
1047 | password_salt = mkOption { type = str; description = "Password salt"; }; | ||
1048 | instance_id = mkOption { type = str; description = "Instance ID"; }; | ||
1049 | secret = mkOption { type = str; description = "App secret"; }; | ||
1050 | }; | ||
1051 | }; | ||
1052 | }; | ||
1053 | peertube = mkOption { | ||
1054 | description = "Peertube configuration"; | ||
1055 | type = submodule { | ||
1056 | options = { | ||
1057 | listenPort = mkOption { type = port; description = "Port to listen to"; }; | ||
1058 | postgresql = mkPsqlOptions "Peertube"; | ||
1059 | redis = mkRedisOptions "Peertube"; | ||
1060 | ldap = mkLdapOptions "Peertube" {}; | ||
1061 | }; | ||
1062 | }; | ||
1063 | }; | ||
1064 | syden_peertube = mkOption { | ||
1065 | description = "Peertube Syden configuration"; | ||
1066 | type = submodule { | ||
1067 | options = { | ||
1068 | listenPort = mkOption { type = port; description = "Port to listen to"; }; | ||
1069 | postgresql = mkPsqlOptions "Peertube"; | ||
1070 | redis = mkRedisOptions "Peertube"; | ||
1071 | }; | ||
1072 | }; | ||
1073 | }; | ||
1074 | phpldapadmin = mkOption { | ||
1075 | description = "phpLdapAdmin configuration"; | ||
1076 | type = submodule { | ||
1077 | options = { | ||
1078 | ldap = mkLdapOptions "phpldapadmin" {}; | ||
1079 | }; | ||
1080 | }; | ||
1081 | }; | ||
1082 | rompr = mkOption { | ||
1083 | description = "Rompr configuration"; | ||
1084 | type = submodule { | ||
1085 | options = { | ||
1086 | mpd = mkOption { | ||
1087 | description = "MPD configuration"; | ||
1088 | type = submodule { | ||
1089 | options = { | ||
1090 | host = mkOption { type = str; description = "Host for MPD"; }; | ||
1091 | port = mkOption { type = port; description = "Port to access MPD host"; }; | ||
1092 | }; | ||
1093 | }; | ||
1094 | }; | ||
1095 | }; | ||
1096 | }; | ||
1097 | }; | ||
1098 | roundcubemail = mkOption { | ||
1099 | description = "Roundcubemail configuration"; | ||
1100 | type = submodule { | ||
1101 | options = { | ||
1102 | postgresql = mkPsqlOptions "TT-RSS"; | ||
1103 | secret = mkOption { type = str; description = "Secret"; }; | ||
1104 | }; | ||
1105 | }; | ||
1106 | }; | ||
1107 | shaarli = mkOption { | ||
1108 | description = "Shaarli configuration"; | ||
1109 | type = submodule { | ||
1110 | options = { | ||
1111 | ldap = mkLdapOptions "Shaarli" {}; | ||
1112 | }; | ||
1113 | }; | ||
1114 | }; | ||
1115 | status_engine = mkOption { | ||
1116 | description = "Status Engine configuration"; | ||
1117 | type = submodule { | ||
1118 | options = { | ||
1119 | mysql = mkMysqlOptions "StatusEngine" {}; | ||
1120 | ldap = mkLdapOptions "StatusEngine" {}; | ||
1121 | }; | ||
1122 | }; | ||
1123 | }; | ||
1124 | task = mkOption { | ||
1125 | description = "Taskwarrior configuration"; | ||
1126 | type = submodule { | ||
1127 | options = { | ||
1128 | ldap = mkLdapOptions "Taskwarrior" {}; | ||
1129 | taskwarrior-web = mkOption { | ||
1130 | description = "taskwarrior-web profiles"; | ||
1131 | type = attrsOf (submodule { | ||
1132 | options = { | ||
1133 | uid = mkOption { | ||
1134 | type = listOf str; | ||
1135 | description = "List of ldap uids having access to this profile"; | ||
1136 | }; | ||
1137 | org = mkOption { type = str; description = "Taskd organisation"; }; | ||
1138 | key = mkOption { type = str; description = "Taskd key"; }; | ||
1139 | date = mkOption { type = str; description = "Preferred date format"; }; | ||
1140 | }; | ||
1141 | }); | ||
1142 | }; | ||
1143 | }; | ||
1144 | }; | ||
1145 | }; | ||
1146 | ttrss = mkOption { | ||
1147 | description = "TT-RSS configuration"; | ||
1148 | type = submodule { | ||
1149 | options = { | ||
1150 | postgresql = mkPsqlOptions "TT-RSS"; | ||
1151 | ldap = mkLdapOptions "TT-RSS" {}; | ||
1152 | }; | ||
1153 | }; | ||
1154 | }; | ||
1155 | wallabag = mkOption { | ||
1156 | description = "Wallabag configuration"; | ||
1157 | type = submodule { | ||
1158 | options = { | ||
1159 | postgresql = mkPsqlOptions "Wallabag"; | ||
1160 | ldap = mkLdapOptions "Wallabag" { | ||
1161 | admin_filter = mkOption { type = str; description = "Admin users filter"; }; | ||
1162 | }; | ||
1163 | redis = mkRedisOptions "Wallabag"; | ||
1164 | secret = mkOption { type = str; description = "App secret"; }; | ||
1165 | }; | ||
1166 | }; | ||
1167 | }; | ||
1168 | webhooks = mkOption { | ||
1169 | type = attrsOf str; | ||
1170 | description = "Mapping 'name'.php => script for webhooks"; | ||
1171 | }; | ||
1172 | csp_reports = mkOption { | ||
1173 | description = "CSP report configuration"; | ||
1174 | type = submodule { | ||
1175 | options = { | ||
1176 | report_uri = mkOption { type = str; description = "URI to report CSP violations to"; }; | ||
1177 | policies = mkOption { type = attrsOf str; description = "CSP policies to apply"; }; | ||
1178 | postgresql = mkPsqlOptions "CSP reports"; | ||
1179 | }; | ||
1180 | }; | ||
1181 | }; | ||
1182 | commento = mkOption { | ||
1183 | description = "Commento configuration"; | ||
1184 | type = submodule { | ||
1185 | options = { | ||
1186 | listenPort = mkOption { type = port; description = "Port to listen to"; }; | ||
1187 | postgresql = mkPsqlOptions "Commento"; | ||
1188 | smtp = mkSmtpOptions "Commento"; | ||
1189 | }; | ||
1190 | }; | ||
1191 | }; | ||
1192 | cryptpad = mkOption { | ||
1193 | description = "Cryptpad configuration"; | ||
1194 | type = attrsOf (submodule { | ||
1195 | options = { | ||
1196 | email = mkOption { type = str; description = "Admin e-mail"; }; | ||
1197 | admins = mkOption { type = listOf str; description = "Instance admin public keys"; }; | ||
1198 | port = mkOption { type = port; description = "Port to listen to"; }; | ||
1199 | }; | ||
1200 | }); | ||
1201 | }; | ||
1202 | ympd = mkOption { | ||
1203 | description = "Ympd configuration"; | ||
1204 | type = submodule { | ||
1205 | options = { | ||
1206 | listenPort = mkOption { type = port; description = "Port to listen to"; }; | ||
1207 | mpd = mkOption { | ||
1208 | description = "MPD configuration"; | ||
1209 | type = submodule { | ||
1210 | options = { | ||
1211 | password = mkOption { type = str; description = "Password to access MPD host"; }; | ||
1212 | host = mkOption { type = str; description = "Host for MPD"; }; | ||
1213 | port = mkOption { type = port; description = "Port to access MPD host"; }; | ||
1214 | }; | ||
1215 | }; | ||
1216 | }; | ||
1217 | }; | ||
1218 | }; | ||
1219 | }; | ||
1220 | umami = mkOption { | ||
1221 | description = "Umami configuration"; | ||
1222 | type = submodule { | ||
1223 | options = { | ||
1224 | listenPort = mkOption { type = port; description = "Port to listen to"; }; | ||
1225 | postgresql = mkPsqlOptions "Umami"; | ||
1226 | hashSalt = mkOption { type = str; description = "Hash salt"; }; | ||
1227 | }; | ||
1228 | }; | ||
1229 | }; | ||
1230 | yourls = mkOption { | ||
1231 | description = "Yourls configuration"; | ||
1232 | type = submodule { | ||
1233 | options = { | ||
1234 | mysql = mkMysqlOptions "Yourls" {}; | ||
1235 | ldap = mkLdapOptions "Yourls" {}; | ||
1236 | cookieKey = mkOption { type = str; description = "Cookie key"; }; | ||
1237 | }; | ||
1238 | }; | ||
1239 | }; | ||
1240 | }; | ||
1241 | }; | ||
1242 | }; | ||
1243 | serverSpecific = mkOption { type = attrsOf unspecified; description = "Server specific configuration"; }; | ||
1244 | websites = mkOption { | ||
1245 | description = "Websites configurations"; | ||
1246 | type = submodule { | ||
1247 | options = { | ||
1248 | immae = mkOption { | ||
1249 | description = "Immae configuration by environment"; | ||
1250 | type = submodule { | ||
1251 | options = { | ||
1252 | temp = mkOption { | ||
1253 | description = "Temp configuration"; | ||
1254 | type = submodule { | ||
1255 | options = { | ||
1256 | ldap = mkLdapOptions "Immae temp" { | ||
1257 | filter = mkOption { type = str; description = "Filter for user access"; }; | ||
1258 | }; | ||
1259 | }; | ||
1260 | }; | ||
1261 | }; | ||
1262 | }; | ||
1263 | }; | ||
1264 | }; | ||
1265 | isabelle = mkOption { | ||
1266 | description = "Isabelle configurations by environment"; | ||
1267 | type = | ||
1268 | let | ||
1269 | atenSubmodule = mkOption { | ||
1270 | description = "environment configuration"; | ||
1271 | type = submodule { | ||
1272 | options = { | ||
1273 | environment = mkOption { type = str; description = "Symfony environment"; }; | ||
1274 | secret = mkOption { type = str; description = "Symfony App secret"; }; | ||
1275 | postgresql = mkPsqlOptions "Aten"; | ||
1276 | }; | ||
1277 | }; | ||
1278 | }; | ||
1279 | in | ||
1280 | submodule { | ||
1281 | options = { | ||
1282 | aten_production = atenSubmodule; | ||
1283 | aten_integration = atenSubmodule; | ||
1284 | iridologie = mkOption { | ||
1285 | description = "environment configuration"; | ||
1286 | type = submodule { | ||
1287 | options = { | ||
1288 | environment = mkOption { type = str; description = "SPIP environment"; }; | ||
1289 | mysql = mkMysqlOptions "Iridologie" {}; | ||
1290 | ldap = mkLdapOptions "Iridologie" {}; | ||
1291 | }; | ||
1292 | }; | ||
1293 | }; | ||
1294 | }; | ||
1295 | }; | ||
1296 | }; | ||
1297 | chloe = mkOption { | ||
1298 | description = "Chloe configurations by environment"; | ||
1299 | type = | ||
1300 | let | ||
1301 | chloeSubmodule = mkOption { | ||
1302 | description = "environment configuration"; | ||
1303 | type = submodule { | ||
1304 | options = { | ||
1305 | environment = mkOption { type = str; description = "SPIP environment"; }; | ||
1306 | mysql = mkMysqlOptions "Chloe" {}; | ||
1307 | ldap = mkLdapOptions "Chloe" {}; | ||
1308 | }; | ||
1309 | }; | ||
1310 | }; | ||
1311 | in | ||
1312 | submodule { | ||
1313 | options = { | ||
1314 | production = chloeSubmodule; | ||
1315 | integration = chloeSubmodule; | ||
1316 | }; | ||
1317 | }; | ||
1318 | }; | ||
1319 | connexionswing = mkOption { | ||
1320 | description = "Connexionswing configurations by environment"; | ||
1321 | type = | ||
1322 | let | ||
1323 | csSubmodule = mkOption { | ||
1324 | description = "environment configuration"; | ||
1325 | type = submodule { | ||
1326 | options = { | ||
1327 | environment = mkOption { type = str; description = "Symfony environment"; }; | ||
1328 | mysql = mkMysqlOptions "Connexionswing" {}; | ||
1329 | secret = mkOption { type = str; description = "Symfony App secret"; }; | ||
1330 | email = mkOption { type = str; description = "Symfony email notification"; }; | ||
1331 | }; | ||
1332 | }; | ||
1333 | }; | ||
1334 | in | ||
1335 | submodule { | ||
1336 | options = { | ||
1337 | production = csSubmodule; | ||
1338 | integration = csSubmodule; | ||
1339 | }; | ||
1340 | }; | ||
1341 | }; | ||
1342 | jerome = mkOption { | ||
1343 | description = "Naturaloutil configuration"; | ||
1344 | type = submodule { | ||
1345 | options = { | ||
1346 | mysql = mkMysqlOptions "Naturaloutil" {}; | ||
1347 | server_admin = mkOption { type = str; description = "Server admin e-mail"; }; | ||
1348 | }; | ||
1349 | }; | ||
1350 | }; | ||
1351 | telio_tortay = mkOption { | ||
1352 | description = "Telio Tortay configuration"; | ||
1353 | type = submodule { | ||
1354 | options = { | ||
1355 | server_admin = mkOption { type = str; description = "Server admin e-mail"; }; | ||
1356 | }; | ||
1357 | }; | ||
1358 | }; | ||
1359 | ludivine = mkOption { | ||
1360 | description = "Ludivinecassal configurations by environment"; | ||
1361 | type = | ||
1362 | let | ||
1363 | lcSubmodule = mkOption { | ||
1364 | description = "environment configuration"; | ||
1365 | type = submodule { | ||
1366 | options = { | ||
1367 | environment = mkOption { type = str; description = "Symfony environment"; }; | ||
1368 | mysql = mkMysqlOptions "LudivineCassal" {}; | ||
1369 | ldap = mkLdapOptions "LudivineCassal" {}; | ||
1370 | secret = mkOption { type = str; description = "Symfony App secret"; }; | ||
1371 | }; | ||
1372 | }; | ||
1373 | }; | ||
1374 | in | ||
1375 | submodule { | ||
1376 | options = { | ||
1377 | production = lcSubmodule; | ||
1378 | integration = lcSubmodule; | ||
1379 | }; | ||
1380 | }; | ||
1381 | }; | ||
1382 | emilia = mkOption { | ||
1383 | description = "Emilia configuration"; | ||
1384 | type = submodule { | ||
1385 | options = { | ||
1386 | postgresql = mkPsqlOptions "Emilia"; | ||
1387 | }; | ||
1388 | }; | ||
1389 | }; | ||
1390 | florian = mkOption { | ||
1391 | description = "Florian configuration"; | ||
1392 | type = submodule { | ||
1393 | options = { | ||
1394 | server_admin = mkOption { type = str; description = "Server admin e-mail"; }; | ||
1395 | }; | ||
1396 | }; | ||
1397 | }; | ||
1398 | nassime = mkOption { | ||
1399 | description = "Nassime configuration"; | ||
1400 | type = submodule { | ||
1401 | options = { | ||
1402 | server_admin = mkOption { type = str; description = "Server admin e-mail"; }; | ||
1403 | }; | ||
1404 | }; | ||
1405 | }; | ||
1406 | piedsjaloux = mkOption { | ||
1407 | description = "Piedsjaloux configurations by environment"; | ||
1408 | type = | ||
1409 | let | ||
1410 | pjSubmodule = mkOption { | ||
1411 | description = "environment configuration"; | ||
1412 | type = submodule { | ||
1413 | options = { | ||
1414 | environment = mkOption { type = str; description = "Symfony environment"; }; | ||
1415 | mysql = mkMysqlOptions "Piedsjaloux" {}; | ||
1416 | secret = mkOption { type = str; description = "Symfony App secret"; }; | ||
1417 | }; | ||
1418 | }; | ||
1419 | }; | ||
1420 | in | ||
1421 | submodule { | ||
1422 | options = { | ||
1423 | production = pjSubmodule; | ||
1424 | integration = pjSubmodule; | ||
1425 | }; | ||
1426 | }; | ||
1427 | }; | ||
1428 | richie = mkOption { | ||
1429 | description = "Europe Richie configurations by environment"; | ||
1430 | type = submodule { | ||
1431 | options = { | ||
1432 | mysql = mkMysqlOptions "Richie" {}; | ||
1433 | smtp_mailer = mkOption { | ||
1434 | description = "SMTP mailer configuration"; | ||
1435 | type = submodule { | ||
1436 | options = { | ||
1437 | user = mkOption { type = str; description = "Username"; }; | ||
1438 | password = mkOption { type = str; description = "Password"; }; | ||
1439 | }; | ||
1440 | }; | ||
1441 | }; | ||
1442 | }; | ||
1443 | }; | ||
1444 | }; | ||
1445 | caldance = mkOption { | ||
1446 | description = "Caldance configurations by environment"; | ||
1447 | type = submodule { | ||
1448 | options = { | ||
1449 | integration = mkOption { | ||
1450 | description = "environment configuration"; | ||
1451 | type = submodule { | ||
1452 | options = { | ||
1453 | password = mkOption { type = str; description = "Password file content for basic auth"; }; | ||
1454 | }; | ||
1455 | }; | ||
1456 | }; | ||
1457 | }; | ||
1458 | }; | ||
1459 | }; | ||
1460 | tellesflorian = mkOption { | ||
1461 | description = "Tellesflorian configurations by environment"; | ||
1462 | type = | ||
1463 | let | ||
1464 | tfSubmodule = mkOption { | ||
1465 | description = "environment configuration"; | ||
1466 | type = submodule { | ||
1467 | options = { | ||
1468 | environment = mkOption { type = str; description = "Symfony environment"; }; | ||
1469 | mysql = mkMysqlOptions "Tellesflorian" {}; | ||
1470 | secret = mkOption { type = str; description = "Symfony App secret"; }; | ||
1471 | invite_passwords = mkOption { type = str; description = "Password basic auth"; }; | ||
1472 | }; | ||
1473 | }; | ||
1474 | }; | ||
1475 | in | ||
1476 | submodule { | ||
1477 | options = { | ||
1478 | integration = tfSubmodule; | ||
1479 | }; | ||
1480 | }; | ||
1481 | }; | ||
1482 | }; | ||
1483 | }; | ||
1484 | }; | ||
1485 | }; | ||
1486 | options.hostEnv = mkOption { | ||
1487 | readOnly = true; | ||
1488 | type = hostEnv; | ||
1489 | default = config.myEnv.servers."${name}"; | ||
1490 | description = "Host environment"; | ||
1491 | }; | ||
1492 | } | ||