aboutsummaryrefslogtreecommitdiff
path: root/modules/private
diff options
context:
space:
mode:
authorIsmaël Bouya <ismael.bouya@normalesup.org>2019-12-12 00:24:23 +0100
committerIsmaël Bouya <ismael.bouya@normalesup.org>2019-12-20 04:12:27 +0100
commitab8f306d7c2c49b8116e1af7b355ed2384617ed9 (patch)
treed1061ec0436fd096de2332a892eb984c63cb125e /modules/private
parent4227853a03923e04daf3dd511a4b5a1ab5d527e7 (diff)
downloadNix-ab8f306d7c2c49b8116e1af7b355ed2384617ed9.tar.gz
Nix-ab8f306d7c2c49b8116e1af7b355ed2384617ed9.tar.zst
Nix-ab8f306d7c2c49b8116e1af7b355ed2384617ed9.zip
Add specification for the private config file as a module.
Diffstat (limited to 'modules/private')
-rw-r--r--modules/private/buildbot/default.nix24
-rw-r--r--modules/private/databases/default.nix40
-rw-r--r--modules/private/databases/openldap_replication.nix2
-rw-r--r--modules/private/databases/redis.nix8
-rw-r--r--modules/private/databases/redis_replication.nix6
-rw-r--r--modules/private/default.nix1
-rw-r--r--modules/private/dns.nix22
-rw-r--r--modules/private/environment.nix1148
-rw-r--r--modules/private/ftp.nix12
-rw-r--r--modules/private/gitolite/default.nix4
-rw-r--r--modules/private/mail/default.nix4
-rw-r--r--modules/private/mail/dovecot.nix22
-rw-r--r--modules/private/mail/milters.nix10
-rw-r--r--modules/private/mail/postfix.nix48
-rw-r--r--modules/private/mail/rspamd.nix14
-rw-r--r--modules/private/monitoring/default.nix12
-rw-r--r--modules/private/mpd.nix8
-rw-r--r--modules/private/pub/default.nix4
-rw-r--r--modules/private/ssh/default.nix4
-rw-r--r--modules/private/system.nix6
-rw-r--r--modules/private/system/backup-2.nix37
-rw-r--r--modules/private/system/eldiron.nix16
-rw-r--r--modules/private/tasks/default.nix6
-rw-r--r--modules/private/websites/aten/integration.nix13
-rw-r--r--modules/private/websites/aten/production.nix13
-rw-r--r--modules/private/websites/capitaines/production.nix4
-rw-r--r--modules/private/websites/chloe/builder.nix4
-rw-r--r--modules/private/websites/chloe/integration.nix4
-rw-r--r--modules/private/websites/chloe/production.nix4
-rw-r--r--modules/private/websites/connexionswing/integration.nix6
-rw-r--r--modules/private/websites/connexionswing/production.nix6
-rw-r--r--modules/private/websites/default.nix10
-rw-r--r--modules/private/websites/denisejerome/production.nix4
-rw-r--r--modules/private/websites/emilia/production.nix4
-rw-r--r--modules/private/websites/florian/app.nix6
-rw-r--r--modules/private/websites/florian/integration.nix4
-rw-r--r--modules/private/websites/florian/production.nix4
-rw-r--r--modules/private/websites/immae/production.nix4
-rw-r--r--modules/private/websites/immae/release.nix4
-rw-r--r--modules/private/websites/immae/temp.nix4
-rw-r--r--modules/private/websites/ludivinecassal/integration.nix8
-rw-r--r--modules/private/websites/ludivinecassal/production.nix8
-rw-r--r--modules/private/websites/nassime/production.nix4
-rw-r--r--modules/private/websites/naturaloutil/production.nix6
-rw-r--r--modules/private/websites/papa/surveillance.nix2
-rw-r--r--modules/private/websites/piedsjaloux/integration.nix6
-rw-r--r--modules/private/websites/piedsjaloux/production.nix6
-rw-r--r--modules/private/websites/teliotortay/production.nix4
-rw-r--r--modules/private/websites/tools/cloud/default.nix6
-rw-r--r--modules/private/websites/tools/dav/davical.nix12
-rw-r--r--modules/private/websites/tools/dav/default.nix4
-rw-r--r--modules/private/websites/tools/diaspora/default.nix14
-rw-r--r--modules/private/websites/tools/ether/default.nix12
-rw-r--r--modules/private/websites/tools/git/default.nix4
-rw-r--r--modules/private/websites/tools/git/mantisbt.nix8
-rw-r--r--modules/private/websites/tools/mail/default.nix4
-rw-r--r--modules/private/websites/tools/mail/mta-sts.nix4
-rw-r--r--modules/private/websites/tools/mail/roundcubemail.nix7
-rw-r--r--modules/private/websites/tools/mastodon/default.nix12
-rw-r--r--modules/private/websites/tools/mgoblin/default.nix25
-rw-r--r--modules/private/websites/tools/peertube/default.nix16
-rw-r--r--modules/private/websites/tools/tools/default.nix18
-rw-r--r--modules/private/websites/tools/tools/kanboard.nix4
-rw-r--r--modules/private/websites/tools/tools/shaarli.nix2
-rw-r--r--modules/private/websites/tools/tools/ttrss.nix8
-rw-r--r--modules/private/websites/tools/tools/wallabag.nix10
-rw-r--r--modules/private/websites/tools/tools/ympd.nix2
-rw-r--r--modules/private/websites/tools/tools/yourls.nix6
68 files changed, 1471 insertions, 307 deletions
diff --git a/modules/private/buildbot/default.nix b/modules/private/buildbot/default.nix
index 273ad70..d42f659 100644
--- a/modules/private/buildbot/default.nix
+++ b/modules/private/buildbot/default.nix
@@ -1,4 +1,4 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 varDir = "/var/lib/buildbot"; 3 varDir = "/var/lib/buildbot";
4 buildbot_common = pkgs.python3Packages.buildPythonPackage rec { 4 buildbot_common = pkgs.python3Packages.buildPythonPackage rec {
@@ -27,8 +27,8 @@ in
27 services.duplyBackup.profiles.buildbot = { 27 services.duplyBackup.profiles.buildbot = {
28 rootDir = varDir; 28 rootDir = varDir;
29 }; 29 };
30 ids.uids.buildbot = myconfig.env.buildbot.user.uid; 30 ids.uids.buildbot = config.myEnv.buildbot.user.uid;
31 ids.gids.buildbot = myconfig.env.buildbot.user.gid; 31 ids.gids.buildbot = config.myEnv.buildbot.user.gid;
32 32
33 users.groups.buildbot.gid = config.ids.gids.buildbot; 33 users.groups.buildbot.gid = config.ids.gids.buildbot;
34 users.users.buildbot = { 34 users.users.buildbot = {
@@ -42,7 +42,7 @@ in
42 42
43 services.websites.env.tools.watchPaths = lib.attrsets.mapAttrsToList 43 services.websites.env.tools.watchPaths = lib.attrsets.mapAttrsToList
44 (k: project: "/var/secrets/buildbot/${project.name}/webhook-httpd-include") 44 (k: project: "/var/secrets/buildbot/${project.name}/webhook-httpd-include")
45 myconfig.env.buildbot.projects; 45 config.myEnv.buildbot.projects;
46 46
47 services.websites.env.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: '' 47 services.websites.env.tools.vhostConfs.git.extraConfig = lib.attrsets.mapAttrsToList (k: project: ''
48 RedirectMatch permanent "^/buildbot/${project.name}$" "/buildbot/${project.name}/" 48 RedirectMatch permanent "^/buildbot/${project.name}$" "/buildbot/${project.name}/"
@@ -64,7 +64,7 @@ in
64 Include /var/secrets/buildbot/${project.name}/webhook-httpd-include 64 Include /var/secrets/buildbot/${project.name}/webhook-httpd-include
65 </RequireAny> 65 </RequireAny>
66 </Location> 66 </Location>
67 '') myconfig.env.buildbot.projects; 67 '') config.myEnv.buildbot.projects;
68 68
69 system.activationScripts = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" { 69 system.activationScripts = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
70 deps = [ "users" "wrappers" ]; 70 deps = [ "users" "wrappers" ];
@@ -73,7 +73,7 @@ in
73 73
74 ${project.activationScript} 74 ${project.activationScript}
75 ''; 75 '';
76 }) myconfig.env.buildbot.projects; 76 }) config.myEnv.buildbot.projects;
77 77
78 secrets.keys = ( 78 secrets.keys = (
79 lib.lists.flatten ( 79 lib.lists.flatten (
@@ -92,27 +92,27 @@ in
92 permissions = "0600"; 92 permissions = "0600";
93 user = "wwwrun"; 93 user = "wwwrun";
94 group = "wwwrun"; 94 group = "wwwrun";
95 text = lib.optionalString (lib.attrsets.hasAttr "webhookTokens" project) '' 95 text = lib.optionalString (project.webhookTokens != null) ''
96 Require expr "req('Access-Key') in { ${builtins.concatStringsSep ", " (map (x: "'${x}'") project.webhookTokens)} }" 96 Require expr "req('Access-Key') in { ${builtins.concatStringsSep ", " (map (x: "'${x}'") project.webhookTokens)} }"
97 ''; 97 '';
98 dest = "buildbot/${project.name}/webhook-httpd-include"; 98 dest = "buildbot/${project.name}/webhook-httpd-include";
99 } 99 }
100 ] 100 ]
101 ) myconfig.env.buildbot.projects 101 ) config.myEnv.buildbot.projects
102 ) 102 )
103 ) ++ [ 103 ) ++ [
104 { 104 {
105 permissions = "0600"; 105 permissions = "0600";
106 user = "buildbot"; 106 user = "buildbot";
107 group = "buildbot"; 107 group = "buildbot";
108 text = myconfig.env.buildbot.ldap.password; 108 text = config.myEnv.buildbot.ldap.password;
109 dest = "buildbot/ldap"; 109 dest = "buildbot/ldap";
110 } 110 }
111 { 111 {
112 permissions = "0600"; 112 permissions = "0600";
113 user = "buildbot"; 113 user = "buildbot";
114 group = "buildbot"; 114 group = "buildbot";
115 text = builtins.readFile "${myconfig.privateFiles}/buildbot_ssh_key"; 115 text = builtins.readFile "${config.myEnv.privateFiles}/buildbot_ssh_key";
116 dest = "buildbot/ssh_key"; 116 dest = "buildbot/ssh_key";
117 } 117 }
118 ]; 118 ];
@@ -123,7 +123,7 @@ in
123 "/var/secrets/buildbot/ldap" 123 "/var/secrets/buildbot/ldap"
124 "/var/secrets/buildbot/ssh_key" 124 "/var/secrets/buildbot/ssh_key"
125 ] ++ lib.attrsets.mapAttrsToList (k: v: "/var/secrets/buildbot/${project.name}/${k}") project.secrets; 125 ] ++ lib.attrsets.mapAttrsToList (k: v: "/var/secrets/buildbot/${project.name}/${k}") project.secrets;
126 }) myconfig.env.buildbot.projects; 126 }) config.myEnv.buildbot.projects;
127 127
128 systemd.services = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" { 128 systemd.services = lib.attrsets.mapAttrs' (k: project: lib.attrsets.nameValuePair "buildbot-${project.name}" {
129 description = "Buildbot Continuous Integration Server ${project.name}."; 129 description = "Buildbot Continuous Integration Server ${project.name}.";
@@ -214,6 +214,6 @@ in
214 WorkingDirectory = "${varDir}/${project.name}"; 214 WorkingDirectory = "${varDir}/${project.name}";
215 ExecStart = "${buildbot}/bin/buildbot start"; 215 ExecStart = "${buildbot}/bin/buildbot start";
216 }; 216 };
217 }) myconfig.env.buildbot.projects; 217 }) config.myEnv.buildbot.projects;
218 }; 218 };
219} 219}
diff --git a/modules/private/databases/default.nix b/modules/private/databases/default.nix
index 7371410..8c5eb9a 100644
--- a/modules/private/databases/default.nix
+++ b/modules/private/databases/default.nix
@@ -1,4 +1,4 @@
1{ lib, config, myconfig, nodes, ... }: 1{ lib, config, nodes, ... }:
2let 2let
3 cfg = config.myServices.databases; 3 cfg = config.myServices.databases;
4in 4in
@@ -18,49 +18,49 @@ in
18 mariadb = { 18 mariadb = {
19 enable = true; 19 enable = true;
20 ldapConfig = { 20 ldapConfig = {
21 inherit (myconfig.env.ldap) host base; 21 inherit (config.myEnv.ldap) host base;
22 inherit (myconfig.env.databases.mysql.pam) dn filter password; 22 inherit (config.myEnv.databases.mysql.pam) dn filter password;
23 }; 23 };
24 replicationLdapConfig = { 24 replicationLdapConfig = {
25 inherit (myconfig.env.ldap) host base; 25 inherit (config.myEnv.ldap) host base;
26 inherit (myconfig.env.ldap.eldiron) dn password; 26 inherit (config.myEnv.servers.eldiron.ldap) dn password;
27 }; 27 };
28 credentials.root = myconfig.env.databases.mysql.systemUsers.root; 28 credentials.root = config.myEnv.databases.mysql.systemUsers.root;
29 }; 29 };
30 30
31 openldap = { 31 openldap = {
32 accessFile = "${myconfig.privateFiles}/ldap.conf"; 32 accessFile = "${config.myEnv.privateFiles}/ldap.conf";
33 baseDn = myconfig.env.ldap.base; 33 baseDn = config.myEnv.ldap.base;
34 rootDn = myconfig.env.ldap.root_dn; 34 rootDn = config.myEnv.ldap.root_dn;
35 rootPw = myconfig.env.ldap.root_pw; 35 rootPw = config.myEnv.ldap.root_pw;
36 enable = true; 36 enable = true;
37 }; 37 };
38 38
39 postgresql = { 39 postgresql = {
40 ldapConfig = { 40 ldapConfig = {
41 inherit (myconfig.env.ldap) host base; 41 inherit (config.myEnv.ldap) host base;
42 inherit (myconfig.env.databases.postgresql.pam) dn filter password; 42 inherit (config.myEnv.databases.postgresql.pam) dn filter password;
43 }; 43 };
44 replicationLdapConfig = { 44 replicationLdapConfig = {
45 inherit (myconfig.env.ldap) host base; 45 inherit (config.myEnv.ldap) host base;
46 inherit (myconfig.env.ldap.eldiron) dn password; 46 inherit (config.myEnv.servers.eldiron.ldap) dn password;
47 }; 47 };
48 authorizedHosts = { 48 authorizedHosts = {
49 immaeEu = [{ 49 immaeEu = [{
50 ip4 = [ 50 ip4 = [
51 myconfig.env.servers.immaeEu.ips.main.ip4 51 config.myEnv.servers.immaeEu.ips.main.ip4
52 myconfig.env.servers.immaeEu.ips.alt.ip4 52 config.myEnv.servers.immaeEu.ips.alt.ip4
53 ]; 53 ];
54 }]; 54 }];
55 }; 55 };
56 replicationHosts = { 56 replicationHosts = {
57 backup-1 = { 57 backup-1 = {
58 ip4 = [myconfig.env.servers.backup-1.ips.main.ip4]; 58 ip4 = [config.myEnv.servers.backup-1.ips.main.ip4];
59 ip6 = myconfig.env.servers.backup-1.ips.main.ip6; 59 ip6 = config.myEnv.servers.backup-1.ips.main.ip6;
60 }; 60 };
61 backup-2 = { 61 backup-2 = {
62 ip4 = [myconfig.env.servers.backup-2.ips.main.ip4]; 62 ip4 = [config.myEnv.servers.backup-2.ips.main.ip4];
63 ip6 = myconfig.env.servers.backup-2.ips.main.ip6; 63 ip6 = config.myEnv.servers.backup-2.ips.main.ip6;
64 }; 64 };
65 }; 65 };
66 enable = true; 66 enable = true;
diff --git a/modules/private/databases/openldap_replication.nix b/modules/private/databases/openldap_replication.nix
index c0c16e6..7833e31 100644
--- a/modules/private/databases/openldap_replication.nix
+++ b/modules/private/databases/openldap_replication.nix
@@ -1,4 +1,4 @@
1{ pkgs, config, myconfig, lib, ... }: 1{ pkgs, config, lib, ... }:
2let 2let
3 cfg = config.myServices.databasesReplication.openldap; 3 cfg = config.myServices.databasesReplication.openldap;
4 eldiron_schemas = pkgs.callPackage ./openldap/eldiron_schemas.nix {}; 4 eldiron_schemas = pkgs.callPackage ./openldap/eldiron_schemas.nix {};
diff --git a/modules/private/databases/redis.nix b/modules/private/databases/redis.nix
index 693f402..4b26283 100644
--- a/modules/private/databases/redis.nix
+++ b/modules/private/databases/redis.nix
@@ -1,4 +1,4 @@
1{ lib, config, pkgs, myconfig, ... }: 1{ lib, config, pkgs, ... }:
2let 2let
3 cfg = config.myServices.databases.redis; 3 cfg = config.myServices.databases.redis;
4in { 4in {
@@ -96,7 +96,7 @@ in {
96 WorkerThreads 1 96 WorkerThreads 1
97 97
98 Authority { 98 Authority {
99 Auth "${myconfig.env.databases.redis.predixy.read}" { 99 Auth "${config.myEnv.databases.redis.predixy.read}" {
100 Mode read 100 Mode read
101 } 101 }
102 } 102 }
@@ -105,7 +105,7 @@ in {
105 Databases 16 105 Databases 16
106 RefreshMethod fixed 106 RefreshMethod fixed
107 Group shard001 { 107 Group shard001 {
108 + ${myconfig.env.databases.redis.socket} 108 + ${config.myEnv.databases.redis.socket}
109 } 109 }
110 } 110 }
111 ''; 111 '';
@@ -115,7 +115,7 @@ in {
115 user = "spiped"; 115 user = "spiped";
116 group = "spiped"; 116 group = "spiped";
117 permissions = "0400"; 117 permissions = "0400";
118 text = myconfig.env.databases.redis.spiped_key; 118 text = config.myEnv.databases.redis.spiped_key;
119 } 119 }
120 ]; 120 ];
121 121
diff --git a/modules/private/databases/redis_replication.nix b/modules/private/databases/redis_replication.nix
index cc626f5..6ec52c9 100644
--- a/modules/private/databases/redis_replication.nix
+++ b/modules/private/databases/redis_replication.nix
@@ -1,4 +1,4 @@
1{ pkgs, config, myconfig, lib, ... }: 1{ pkgs, config, lib, ... }:
2let 2let
3 cfg = config.myServices.databasesReplication.redis; 3 cfg = config.myServices.databasesReplication.redis;
4in 4in
@@ -63,7 +63,7 @@ in
63 config.redis = { 63 config.redis = {
64 encrypt = true; 64 encrypt = true;
65 source = "127.0.0.1:16379"; 65 source = "127.0.0.1:16379";
66 target = "${myconfig.env.servers.eldiron.ips.main.ip4}:16379"; 66 target = "${config.myEnv.servers.eldiron.ips.main.ip4}:16379";
67 keyfile = "${config.secrets.location}/redis/spiped_eldiron_keyfile"; 67 keyfile = "${config.secrets.location}/redis/spiped_eldiron_keyfile";
68 }; 68 };
69 }; 69 };
@@ -103,7 +103,7 @@ in
103 user = "spiped"; 103 user = "spiped";
104 group = "spiped"; 104 group = "spiped";
105 permissions = "0400"; 105 permissions = "0400";
106 text = myconfig.env.databases.redis.spiped_key; 106 text = config.myEnv.databases.redis.spiped_key;
107 } 107 }
108 ]; 108 ];
109 109
diff --git a/modules/private/default.nix b/modules/private/default.nix
index 29bf2af..57bad43 100644
--- a/modules/private/default.nix
+++ b/modules/private/default.nix
@@ -67,6 +67,7 @@ set = {
67 ssh = ./ssh; 67 ssh = ./ssh;
68 monitoring = ./monitoring; 68 monitoring = ./monitoring;
69 69
70 environment = ./environment.nix;
70 system = ./system.nix; 71 system = ./system.nix;
71}; 72};
72in 73in
diff --git a/modules/private/dns.nix b/modules/private/dns.nix
index b4772fc..fb90824 100644
--- a/modules/private/dns.nix
+++ b/modules/private/dns.nix
@@ -1,4 +1,4 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2{ 2{
3 options.myServices.dns.enable = lib.mkEnableOption "enable DNS resolver"; 3 options.myServices.dns.enable = lib.mkEnableOption "enable DNS resolver";
4 config = let 4 config = let
@@ -61,13 +61,13 @@
61 allow-recursion { 127.0.0.1; }; 61 allow-recursion { 127.0.0.1; };
62 allow-transfer { none; }; 62 allow-transfer { none; };
63 63
64 notify-source ${myconfig.env.servers.eldiron.ips.main.ip4}; 64 notify-source ${config.myEnv.servers.eldiron.ips.main.ip4};
65 notify-source-v6 ${lib.head myconfig.env.servers.eldiron.ips.main.ip6}; 65 notify-source-v6 ${lib.head config.myEnv.servers.eldiron.ips.main.ip6};
66 version none; 66 version none;
67 hostname none; 67 hostname none;
68 server-id none; 68 server-id none;
69 ''; 69 '';
70 zones = with myconfig.env.dns; 70 zones = with config.myEnv.dns;
71 assert (builtins.substring ((builtins.stringLength soa.email)-1) 1 soa.email) != "."; 71 assert (builtins.substring ((builtins.stringLength soa.email)-1) 1 soa.email) != ".";
72 assert (builtins.substring ((builtins.stringLength soa.primary)-1) 1 soa.primary) != "."; 72 assert (builtins.substring ((builtins.stringLength soa.primary)-1) 1 soa.primary) != ".";
73 (map (conf: { 73 (map (conf: {
@@ -94,10 +94,10 @@
94 ${conf.entries} 94 ${conf.entries}
95 95
96 ${if lib.attrsets.hasAttr "withEmail" conf && lib.lists.length conf.withEmail > 0 then '' 96 ${if lib.attrsets.hasAttr "withEmail" conf && lib.lists.length conf.withEmail > 0 then ''
97 mx-1 IN A ${myconfig.env.servers.eldiron.ips.main.ip4} 97 mx-1 IN A ${config.myEnv.servers.eldiron.ips.main.ip4}
98 mx-2 IN A ${myconfig.env.servers.immaeEu.ips.main.ip4} 98 mx-2 IN A ${config.myEnv.servers.immaeEu.ips.main.ip4}
99 ${builtins.concatStringsSep "\n" (map (i: "mx-1 IN AAAA ${i}") myconfig.env.servers.eldiron.ips.main.ip6)} 99 ${builtins.concatStringsSep "\n" (map (i: "mx-1 IN AAAA ${i}") config.myEnv.servers.eldiron.ips.main.ip6)}
100 ${builtins.concatStringsSep "\n" (map (i: "mx-2 IN AAAA ${i}") myconfig.env.servers.immaeEu.ips.main.ip6)} 100 ${builtins.concatStringsSep "\n" (map (i: "mx-2 IN AAAA ${i}") config.myEnv.servers.immaeEu.ips.main.ip6)}
101 ${lib.concatStringsSep "\n\n" (map (e: 101 ${lib.concatStringsSep "\n\n" (map (e:
102 let 102 let
103 n = if e.domain == "" then "@" else "${e.domain} "; 103 n = if e.domain == "" then "@" else "${e.domain} ";
@@ -122,8 +122,8 @@
122 ; https://support.google.com/a/answer/9261504 122 ; https://support.google.com/a/answer/9261504
123 _mta-sts${suffix} IN TXT "v=STSv1;id=20190630054629Z" 123 _mta-sts${suffix} IN TXT "v=STSv1;id=20190630054629Z"
124 _smtp._tls${suffix} IN TXT "v=TLSRPTv1;rua=mailto:postmaster+mta-sts@immae.eu" 124 _smtp._tls${suffix} IN TXT "v=TLSRPTv1;rua=mailto:postmaster+mta-sts@immae.eu"
125 mta-sts${suffix} IN A ${myconfig.env.servers.eldiron.ips.main.ip4} 125 mta-sts${suffix} IN A ${config.myEnv.servers.eldiron.ips.main.ip4}
126 ${builtins.concatStringsSep "\n" (map (i: "mta-sts${suffix} IN AAAA ${i}") myconfig.env.servers.eldiron.ips.main.ip6)} 126 ${builtins.concatStringsSep "\n" (map (i: "mta-sts${suffix} IN AAAA ${i}") config.myEnv.servers.eldiron.ips.main.ip6)}
127 127
128 ; Mail sender authentications 128 ; Mail sender authentications
129 ${n} IN TXT "v=spf1 mx ~all" 129 ${n} IN TXT "v=spf1 mx ~all"
@@ -132,7 +132,7 @@
132 immae_eu._domainkey${suffix} IN TXT ( "v=DKIM1; k=rsa; s=email; " 132 immae_eu._domainkey${suffix} IN TXT ( "v=DKIM1; k=rsa; s=email; "
133 "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzl3vLd8W5YAuumC5+ZT9OV7/14Pmh5JYtwyqKI3cfe9NnAqInt3xO4bZ7oqIxRKWN4SD39vm7O/QOvFdBt00ENOOzdP90s5gKw6eIP/4+vPTh0IWltAsmu9B2agzdtWUE7t2xFKIzEn8l9niRE2QYbVaqZv4sub98vY55fIgFoHtjkmNC7325S8fjDJGp6OPbyhAs6Xl5/adjF" 133 "p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzl3vLd8W5YAuumC5+ZT9OV7/14Pmh5JYtwyqKI3cfe9NnAqInt3xO4bZ7oqIxRKWN4SD39vm7O/QOvFdBt00ENOOzdP90s5gKw6eIP/4+vPTh0IWltAsmu9B2agzdtWUE7t2xFKIzEn8l9niRE2QYbVaqZv4sub98vY55fIgFoHtjkmNC7325S8fjDJGp6OPbyhAs6Xl5/adjF"
134 "0ko4Y2p6RaxLQfjlS0bxmK4Qg6C14pIXHtzVeqOuWrwApqt5+AULSn97iUtqV/IJlEEjC6DUR44t3C/G0G/k46iFclCqRRi0hdPrOHCtZDbtMubnTN9eaUiNpkXh1WnCflHwtjQwIDAQAB" ) 134 "0ko4Y2p6RaxLQfjlS0bxmK4Qg6C14pIXHtzVeqOuWrwApqt5+AULSn97iUtqV/IJlEEjC6DUR44t3C/G0G/k46iFclCqRRi0hdPrOHCtZDbtMubnTN9eaUiNpkXh1WnCflHwtjQwIDAQAB" )
135 eldiron._domainkey${suffix} IN TXT ${myconfig.env.mail.dkim.eldiron.public} 135 eldiron._domainkey${suffix} IN TXT ${config.myEnv.mail.dkim.eldiron.public}
136 '' else ""} 136 '' else ""}
137 '') conf.withEmail)} 137 '') conf.withEmail)}
138 '' + (if conf.name == "immae.eu" then '' 138 '' + (if conf.name == "immae.eu" then ''
diff --git a/modules/private/environment.nix b/modules/private/environment.nix
new file mode 100644
index 0000000..2aa8b5e
--- /dev/null
+++ b/modules/private/environment.nix
@@ -0,0 +1,1148 @@
1{ lib, ... }:
2with lib;
3with types;
4with lists;
5let
6 ldapOptions = {
7 base = mkOption { description = "Base of the LDAP tree"; type = str; };
8 host = mkOption { description = "Host to access LDAP"; type = str; };
9 root_dn = mkOption { description = "DN of the root user"; type = str; };
10 root_pw = mkOption { description = "Hashed password of the root user"; type = str; };
11 replication_dn = mkOption { description = "DN of the user allowed to replicate the LDAP directory"; type = str; };
12 replication_pw = mkOption { description = "Password of the user allowed to replicate the LDAP directory"; type = str; };
13 };
14 mkLdapOptions = name: more: mkOption {
15 description = "${name} LDAP configuration";
16 type = submodule {
17 options = ldapOptions // {
18 dn = mkOption { description = "DN of the ${name} user"; type = str; };
19 password = mkOption { description = "password of the ${name} user"; type = str; };
20 filter = mkOption { description = "Filter for ${name} users"; type = str; default = ""; };
21 } // more;
22 };
23 };
24 mysqlOptions = {
25 host = mkOption { description = "Host to access Mysql"; type = str; };
26 port = mkOption { description = "Port to access Mysql"; type = str; };
27 socket = mkOption { description = "Socket to access Mysql"; type = path; };
28 systemUsers = mkOption {
29 description = "Attrs of user-passwords allowed to access mysql";
30 type = attrsOf str;
31 };
32 pam = mkOption {
33 description = "PAM configuration for mysql";
34 type = submodule {
35 options = {
36 dn = mkOption { description = "DN to connect as to check users"; type = str; };
37 password = mkOption { description = "DN password to connect as to check users"; type = str; };
38 filter = mkOption { description = "filter to match users"; type = str; };
39 };
40 };
41 };
42 };
43 mkMysqlOptions = name: mkOption {
44 description = "${name} mysql configuration";
45 type = submodule {
46 options = mysqlOptions // {
47 database = mkOption { description = "${name} database"; type = str; };
48 user = mkOption { description = "${name} user"; type = str; };
49 password = mkOption { description = "mysql password of the ${name} user"; type = str; };
50 };
51 };
52 };
53 psqlOptions = {
54 host = mkOption { description = "Host to access Postgresql"; type = str; };
55 port = mkOption { description = "Port to access Postgresql"; type = str; };
56 socket = mkOption { description = "Socket to access Postgresql"; type = path; };
57 pam = mkOption {
58 description = "PAM configuration for psql";
59 type = submodule {
60 options = {
61 dn = mkOption { description = "DN to connect as to check users"; type = str; };
62 password = mkOption { description = "DN password to connect as to check users"; type = str; };
63 filter = mkOption { description = "filter to match users"; type = str; };
64 };
65 };
66 };
67 };
68 mkPsqlOptions = name: mkOption {
69 description = "${name} psql configuration";
70 type = submodule {
71 options = psqlOptions // {
72 database = mkOption { description = "${name} database"; type = str; };
73 schema = mkOption { description = "${name} schema"; type = nullOr str; default = null; };
74 user = mkOption { description = "${name} user"; type = str; };
75 password = mkOption { description = "psql password of the ${name} user"; type = str; };
76 };
77 };
78 };
79 redisOptions = {
80 host = mkOption { description = "Host to access Redis"; type = str; };
81 port = mkOption { description = "Port to access Redis"; type = str; };
82 socket = mkOption { description = "Socket to access Redis"; type = path; };
83 dbs = mkOption {
84 description = "Attrs of db number. Each number should be unique to avoid collision!";
85 type = attrsOf str;
86 };
87 spiped_key = mkOption {
88 type = str;
89 description = ''
90 Key to use with spiped to make a secure channel to replication
91 '';
92 };
93 predixy = mkOption {
94 description = "Predixy configuration. Unused yet";
95 type = submodule {
96 options = {
97 read = mkOption { type = str; description = "Read password"; };
98 };
99 };
100 };
101 };
102 mkRedisOptions = name: mkOption {
103 description = "${name} redis configuration";
104 type = submodule {
105 options = redisOptions // {
106 db = mkOption { description = "${name} database"; type = str; };
107 };
108 };
109 };
110in
111{
112 options.myEnv = {
113 servers = mkOption {
114 description = ''
115 Attrs of servers information in the cluster (not necessarily handled by nixops)
116 '';
117 default = {};
118 type = attrsOf (submodule {
119 options = {
120 ldap = mkOption {
121 description = ''
122 LDAP credentials for the host
123 '';
124 type = submodule {
125 options = {
126 password = mkOption { type = string; description = "Password for the LDAP connection"; };
127 dn = mkOption { type = string; description = "DN for the LDAP connection"; };
128 };
129 };
130 };
131 ips = mkOption {
132 description = ''
133 attrs of ip4/ip6 grouped by section
134 '';
135 type = attrsOf (submodule {
136 options = {
137 ip4 = mkOption {
138 type = string;
139 description = ''
140 ip4 address of the host
141 '';
142 };
143 ip6 = mkOption {
144 type = listOf string;
145 default = [];
146 description = ''
147 ip6 addresses of the host
148 '';
149 };
150 };
151 });
152 };
153 };
154 });
155 };
156 hetznerCloud = mkOption {
157 description = ''
158 Hetzner Cloud credential information
159 '';
160 type = submodule {
161 options = {
162 authToken = mkOption {
163 type = str;
164 description = ''
165 The API auth token.
166 '';
167 };
168 };
169 };
170 };
171 hetzner = mkOption {
172 description = ''
173 Hetzner credential information
174 '';
175 type = submodule {
176 options = {
177 user = mkOption { type = str; description = "User"; };
178 pass = mkOption { type = str; description = "Password"; };
179 };
180 };
181 };
182 sshd = mkOption {
183 description = ''
184 sshd service credential information
185 '';
186 type = submodule {
187 options = {
188 ldap = mkOption {
189 description = ''
190 LDAP credentials for cn=ssh,ou=services,dc=immae,dc=eu dn
191 '';
192 type = submodule {
193 options = {
194 password = mkOption { description = "Password"; type = str; };
195 };
196 };
197 };
198 };
199 };
200 };
201 ports = mkOption {
202 description = ''
203 non-standard reserved ports. Must be unique!
204 '';
205 type = attrsOf port;
206 default = {};
207 apply = let
208 noDupl = x: builtins.length (builtins.attrValues x) == builtins.length (unique (builtins.attrValues x));
209 in
210 x: if isAttrs x && noDupl x then x else throw "Non unique values for ports";
211 };
212 httpd = mkOption {
213 description = ''
214 httpd service credential information
215 '';
216 type = submodule {
217 options = {
218 ldap = mkOption {
219 description = ''
220 LDAP credentials for cn=httpd,ou=services,dc=immae,dc=eu dn
221 '';
222 type = submodule {
223 options = {
224 password = mkOption { description = "Password"; type = str; };
225 };
226 };
227 };
228 };
229 };
230 };
231 ldap = mkOption {
232 description = ''
233 LDAP server configuration
234 '';
235 type = submodule {
236 options = ldapOptions;
237 };
238 };
239 databases = mkOption {
240 description = "Databases configuration";
241 type = submodule {
242 options = {
243 mysql = mkOption {
244 type = submodule { options = mysqlOptions; };
245 description = "Mysql configuration";
246 };
247 redis = mkOption {
248 type = submodule { options = redisOptions; };
249 description = "Redis configuration";
250 };
251 postgresql = mkOption {
252 type = submodule { options = psqlOptions; };
253 description = "Postgresql configuration";
254 };
255 };
256 };
257 };
258 jabber = mkOption {
259 description = "Jabber configuration";
260 type = submodule {
261 options = {
262 ldap = mkLdapOptions "Jabber" {};
263 postgresql = mkPsqlOptions "Jabber";
264 };
265 };
266 };
267 users = mkOption {
268 description = "System and regular users uid/gid";
269 type = attrsOf (submodule {
270 options = {
271 uid = mkOption {
272 description = "user uid";
273 type = int;
274 };
275 gid = mkOption {
276 description = "user gid";
277 type = int;
278 };
279 };
280 });
281 };
282 dns = mkOption {
283 description = "DNS configuration";
284 type = submodule {
285 options = {
286 soa = mkOption {
287 description = "SOA information";
288 type = submodule {
289 options = {
290 serial = mkOption {
291 description = "Serial number. Should be incremented at each change and unique";
292 type = str;
293 };
294 refresh = mkOption {
295 description = "Refresh time";
296 type = str;
297 };
298 retry = mkOption {
299 description = "Retry time";
300 type = str;
301 };
302 expire = mkOption {
303 description = "Expire time";
304 type = str;
305 };
306 ttl = mkOption {
307 description = "Default TTL time";
308 type = str;
309 };
310 email = mkOption {
311 description = "hostmaster e-mail";
312 type = str;
313 };
314 primary = mkOption {
315 description = "Primary NS";
316 type = str;
317 };
318 };
319 };
320 };
321 ns = mkOption {
322 description = "Attrs of NS servers group";
323 example = {
324 foo = {
325 "ns1.foo.com" = [ "198.51.100.10" "2001:db8:abcd::1" ];
326 "ns2.foo.com" = [ "198.51.100.15" "2001:db8:1234::1" ];
327 };
328 };
329 type = attrsOf (attrsOf (listOf str));
330 };
331 slaveZones = mkOption {
332 description = "List of slave zones";
333 type = listOf (submodule {
334 options = {
335 name = mkOption { type = str; description = "zone name"; };
336 masters = mkOption {
337 description = "NS master groups of this zone";
338 type = listOf str;
339 };
340 };
341 });
342 };
343 masterZones = mkOption {
344 description = "List of master zones";
345 type = listOf (submodule {
346 options = {
347 name = mkOption { type = str; description = "zone name"; };
348 slaves = mkOption {
349 description = "NS slave groups of this zone";
350 type = listOf str;
351 };
352 ns = mkOption {
353 description = "groups names that should have their NS entries listed here";
354 type = listOf str;
355 };
356 extra = mkOption {
357 description = "Extra zone configuration for bind";
358 example = ''
359 notify yes;
360 '';
361 type = lines;
362 };
363 entries = mkOption { type = lines; description = "Regular entries of the NS zone"; };
364 withEmail = mkOption {
365 description = "List of domains that should have mail entries (MX, dkim, SPF, ...)";
366 default = [];
367 type = listOf (submodule {
368 options = {
369 domain = mkOption { type = str; description = "Which subdomain is concerned"; };
370 send = mkOption { type = bool; description = "Whether there can be e-mails originating from the subdomain"; };
371 receive = mkOption { type = bool; description = "Whether there can be e-mails arriving to the subdomain"; };
372 };
373 });
374 };
375 };
376 });
377 };
378 };
379 };
380 };
381 backup = mkOption {
382 description = ''
383 Remote backup with duplicity
384 '';
385 type = submodule {
386 options = {
387 password = mkOption { type = str; description = "Password for encrypting files"; };
388 remote = mkOption { type = str; description = "Remote url access"; };
389 accessKeyId = mkOption { type = str; description = "Remote access-key"; };
390 secretAccessKey = mkOption { type = str; description = "Remote access secret"; };
391 };
392 };
393 };
394 rsync_backup = mkOption {
395 description =''
396 Rsync backup configuration from controlled host
397 '';
398 type = submodule {
399 options = {
400 mailto = mkOption { type = str; description = "Where to e-mail on error"; };
401 ssh_key = mkOption {
402 description = "SSH key information";
403 type = submodule {
404 options = {
405 public = mkOption { type = str; description = "Public part of the key"; };
406 private = mkOption { type = lines; description = "Private part of the key"; };
407 };
408 };
409 };
410 profiles = mkOption {
411 description = "Attrs of profiles to backup";
412 type = attrsOf (submodule {
413 options = {
414 keep = mkOption { type = int; description = "Number of backups to keep"; };
415 login = mkOption { type = str; description = "Login to connect to host"; };
416 port = mkOption { type = str; default = "22"; description = "Port to connect to host"; };
417 host = mkOption { type = str; description = "Host to connect to"; };
418 host_key = mkOption { type = str; description = "Host key"; };
419 host_key_type = mkOption { type = str; description = "Host key type"; };
420 parts = mkOption {
421 description = "Parts to backup for this host";
422 type = attrsOf (submodule {
423 options = {
424 remote_folder = mkOption { type = path; description = "Remote folder to backup";};
425 exclude_from = mkOption {
426 type = listOf path;
427 default = [];
428 description = "List of folders/files to exclude from the backup";
429 };
430 files_from = mkOption {
431 type = listOf path;
432 default = [];
433 description = "List of folders/files to backup in the base folder";
434 };
435 args = mkOption {
436 type = nullOr str;
437 default = null;
438 description = "Extra arguments to pass to rsync";
439 };
440 };
441 });
442 };
443 };
444 });
445 };
446 };
447 };
448 };
449 monitoring = mkOption {
450 description = "Monitoring configuration";
451 type = submodule {
452 options = {
453 status_url = mkOption { type = str; description = "URL to push status to"; };
454 status_token = mkOption { type = str; description = "Token for the status url"; };
455 email = mkOption { type = str; description = "Admin E-mail"; };
456 };
457 };
458 };
459 mpd = mkOption {
460 description = "MPD configuration";
461 type = submodule {
462 options = {
463 folder = mkOption { type = str; description = "Folder to serve from the MPD instance"; };
464 password = mkOption { type = str; description = "Password to connect to the MPD instance"; };
465 host = mkOption { type = str; description = "Host to connect to the MPD instance"; };
466 port = mkOption { type = str; description = "Port to connect to the MPD instance"; };
467 };
468 };
469 };
470 ftp = mkOption {
471 description = "FTP configuration";
472 type = submodule {
473 options = {
474 ldap = mkLdapOptions "FTP" {};
475 };
476 };
477 };
478 mail = mkOption {
479 description = "Mail configuration";
480 type = submodule {
481 options = {
482 dmarc = mkOption {
483 description = "DMARC configuration";
484 type = submodule {
485 options = {
486 ignore_hosts = mkOption {
487 type = lines;
488 description = ''
489 Hosts to ignore when checking for dmarc
490 '';
491 };
492 };
493 };
494 };
495 dkim = mkOption {
496 description = "DKIM configuration";
497 type = attrsOf (submodule {
498 options = {
499 public = mkOption {
500 type = str;
501 example = ''
502 ( "v=DKIM1; k=rsa; "
503 "p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC3w1a2aMxWw9+hdcmbqX4UevcVqr204y0K73Wdc7MPZiOOlUJQYsMNSYR1Y/SC7jmPKeitpcJCpQgn/cveJZbuikjjPLsDReHyFEYmC278ZLRTELHx6f1IXM8WE08JIRT69CfZiMi1rVcOh9qRT4F93PyjCauU8Y5hJjtg9ThsWwIDAQAB" )
504 '';
505 description = "Public entry to put in DNS TXT field";
506 };
507 private = mkOption { type = str; description = "Private key"; };
508 };
509 });
510 };
511 postfix = mkOption {
512 description = "Postfix configuration";
513 type = submodule {
514 options = {
515 additional_mailbox_domains = mkOption {
516 description = ''
517 List of domains that are used as mailbox final destination, in addition to those defined in the DNS records
518 '';
519 type = listOf str;
520 };
521 mysql = mkMysqlOptions "Postfix";
522 backup_domains = mkOption {
523 description = ''
524 Domains that are accepted for relay as backup domain
525 '';
526 type = attrsOf (submodule {
527 options = {
528 domains = mkOption { type = listOf str; description = "Domains list"; };
529 relay_restrictions = mkOption {
530 type = lines;
531 description = ''
532 Restrictions for relaying the e-mails from the domains
533 '';
534 };
535 recipient_maps = mkOption {
536 description = ''
537 Recipient map to accept relay for.
538 Must be specified for domain, the rules apply to everyone!
539 '';
540 type = listOf (submodule {
541 options = {
542 type = mkOption {
543 type = enum [ "hash" ];
544 description = "Map type";
545 };
546 content = mkOption {
547 type = str;
548 description = "Map content";
549 };
550 };
551 });
552 };
553 };
554 });
555 };
556 };
557 };
558 };
559 dovecot = mkOption {
560 description = "Dovecot configuration";
561 type = submodule {
562 options = {
563 ldap = mkLdapOptions "Dovecot" {
564 pass_attrs = mkOption { type = str; description = "Password attribute in LDAP"; };
565 user_attrs = mkOption { type = str; description = "User attribute mapping in LDAP"; };
566 iterate_attrs = mkOption { type = str; description = "User attribute mapping for listing in LDAP"; };
567 iterate_filter = mkOption { type = str; description = "User attribute filter for listing in LDAP"; };
568 };
569 };
570 };
571 };
572 rspamd = mkOption {
573 description = "rspamd configuration";
574 type = submodule {
575 options = {
576 redis = mkRedisOptions "Redis";
577 read_password_hashed = mkOption { type = str; description = "Hashed read password for rspamd"; };
578 write_password_hashed = mkOption { type = str; description = "Hashed write password for rspamd"; };
579 read_password = mkOption {
580 type = str;
581 description = "Read password for rspamd. Unused";
582 apply = x: "";
583 };
584 write_password = mkOption {
585 type = str;
586 description = "Write password for rspamd. Unused";
587 apply = x: "";
588 };
589 };
590 };
591 };
592 scripts = mkOption {
593 description = "Mail script recipients";
594 type = attrsOf (submodule {
595 options = {
596 src = mkOption {
597 description = ''
598 git source to fetch the script from.
599 It must have a default.nix file as its root accepting a scriptEnv parameter
600 '';
601 type = submodule {
602 options = {
603 url = mkOption { type = str; description = "git url to fetch"; };
604 rev = mkOption { type = str; description = "git reference to fetch"; };
605 };
606 };
607 };
608 env = mkOption {
609 description = "Variables to pass to the script";
610 type = unspecified;
611 };
612 };
613 });
614 };
615 };
616 };
617 };
618 buildbot = mkOption {
619 description = "Buildbot configuration";
620 type = submodule {
621 options = {
622 user = mkOption {
623 description = "Buildbot user";
624 type = submodule {
625 options = {
626 uid = mkOption {
627 description = "user uid";
628 type = int;
629 };
630 gid = mkOption {
631 description = "user gid";
632 type = int;
633 };
634 };
635 };
636 };
637 ldap = mkOption {
638 description = "Ldap configuration for buildbot";
639 type = submodule {
640 options = {
641 password = mkOption { type = str; description = "Buildbot password"; };
642 };
643 };
644 };
645 projects = mkOption {
646 description = "Projects to make a buildbot for";
647 type = attrsOf (submodule {
648 options = {
649 name = mkOption { type = str; description = "Project name"; };
650 packages = mkOption {
651 type = unspecified;
652 example = literalExample ''
653 pkgs: [ pkgs.bash pkgs.git pkgs.gzip pkgs.openssh ];
654 '';
655 description = ''
656 Function.
657 Builds packages list to make available to buildbot project.
658 Takes pkgs as argument.
659 '';
660 };
661 pythonPackages = mkOption {
662 type = unspecified;
663 example = literalExample ''
664 p: pkgs: [ pkgs.python3Packages.pip ];
665 '';
666 description = ''
667 Function.
668 Builds python packages list to make available to buildbot project.
669 Takes buildbot python module as first argument and pkgs as second argument in order to augment the python modules list.
670 '';
671 };
672 pythonPathHome = mkOption { type = bool; description = "Whether to add project’s python home to python path"; };
673 secrets = mkOption {
674 type = attrsOf str;
675 description = "Secrets for the project to dump as files";
676 };
677 environment = mkOption {
678 type = attrsOf str;
679 description = ''
680 Environment variables for the project.
681 BUILDBOT_ is prefixed to the variable names
682 '';
683 };
684 activationScript = mkOption {
685 type = lines;
686 description = ''
687 Activation script to run during deployment
688 '';
689 };
690 builderPaths = mkOption {
691 type = attrsOf unspecified;
692 default = {};
693 description = ''
694 Attrs of functions to make accessible specifically per builder.
695 Takes pkgs as argument and should return a single path containing binaries.
696 This path will be accessible as BUILDBOT_PATH_<attrskey>
697 '';
698 };
699 webhookTokens = mkOption {
700 type = nullOr (listOf str);
701 default = null;
702 description = ''
703 List of tokens allowed to push to project’s change_hook/base endpoint
704 '';
705 };
706 };
707 });
708 };
709 };
710 };
711 };
712 tools = mkOption {
713 description = "Tools configurations";
714 type = submodule {
715 options = {
716 davical = mkOption {
717 description = "Davical configuration";
718 type = submodule {
719 options = {
720 postgresql = mkPsqlOptions "Davical";
721 ldap = mkLdapOptions "Davical" {};
722 };
723 };
724 };
725 diaspora = mkOption {
726 description = "Diaspora configuration";
727 type = submodule {
728 options = {
729 postgresql = mkPsqlOptions "Diaspora";
730 redis = mkRedisOptions "Diaspora";
731 ldap = mkLdapOptions "Diaspora" {};
732 secret_token = mkOption { type = str; description = "Secret token"; };
733 };
734 };
735 };
736 etherpad-lite = mkOption {
737 description = "Etherpad configuration";
738 type = submodule {
739 options = {
740 postgresql = mkPsqlOptions "Etherpad";
741 ldap = mkLdapOptions "Etherpad" {
742 group_filter = mkOption { type = str; description = "Filter for groups"; };
743 };
744 session_key = mkOption { type = str; description = "Session key"; };
745 api_key = mkOption { type = str; description = "API key"; };
746 redirects = mkOption { type = str; description = "Redirects for apache"; };
747 };
748 };
749 };
750 gitolite = mkOption {
751 description = "Gitolite configuration";
752 type = submodule {
753 options = {
754 ldap = mkLdapOptions "Gitolite" {};
755 };
756 };
757 };
758 kanboard = mkOption {
759 description = "Kanboard configuration";
760 type = submodule {
761 options = {
762 postgresql = mkPsqlOptions "Kanboard";
763 ldap = mkLdapOptions "Kanboard" {
764 admin_dn = mkOption { type = str; description = "Admin DN"; };
765 };
766 };
767 };
768 };
769 mantisbt = mkOption {
770 description = "Mantisbt configuration";
771 type = submodule {
772 options = {
773 postgresql = mkPsqlOptions "Mantisbt";
774 ldap = mkLdapOptions "Mantisbt" {};
775 master_salt = mkOption { type = str; description = "Master salt for password hash"; };
776 };
777 };
778 };
779 mastodon = mkOption {
780 description = "Mastodon configuration";
781 type = submodule {
782 options = {
783 postgresql = mkPsqlOptions "Mastodon";
784 redis = mkRedisOptions "Mastodon";
785 ldap = mkLdapOptions "Mastodon" {};
786 paperclip_secret = mkOption { type = str; description = "Paperclip secret"; };
787 otp_secret = mkOption { type = str; description = "OTP secret"; };
788 secret_key_base = mkOption { type = str; description = "Secret key base"; };
789 vapid = mkOption {
790 description = "vapid key";
791 type = submodule {
792 options = {
793 private = mkOption { type = str; description = "Private key"; };
794 public = mkOption { type = str; description = "Public key"; };
795 };
796 };
797 };
798 };
799 };
800 };
801 mediagoblin = mkOption {
802 description = "Mediagoblin configuration";
803 type = submodule {
804 options = {
805 postgresql = mkPsqlOptions "Mediagoblin";
806 redis = mkRedisOptions "Mediagoblin";
807 ldap = mkLdapOptions "Mediagoblin" {};
808 };
809 };
810 };
811 nextcloud = mkOption {
812 description = "Nextcloud configuration";
813 type = submodule {
814 options = {
815 postgresql = mkPsqlOptions "Peertube";
816 redis = mkRedisOptions "Peertube";
817 password_salt = mkOption { type = str; description = "Password salt"; };
818 instance_id = mkOption { type = str; description = "Instance ID"; };
819 secret = mkOption { type = str; description = "App secret"; };
820 };
821 };
822 };
823 peertube = mkOption {
824 description = "Peertube configuration";
825 type = submodule {
826 options = {
827 listenPort = mkOption { type = port; description = "Port to listen to"; };
828 postgresql = mkPsqlOptions "Peertube";
829 redis = mkRedisOptions "Peertube";
830 ldap = mkLdapOptions "Peertube" {};
831 };
832 };
833 };
834 phpldapadmin = mkOption {
835 description = "phpLdapAdmin configuration";
836 type = submodule {
837 options = {
838 ldap = mkLdapOptions "phpldapadmin" {};
839 };
840 };
841 };
842 rompr = mkOption {
843 description = "Rompr configuration";
844 type = submodule {
845 options = {
846 mpd = mkOption {
847 description = "MPD configuration";
848 type = submodule {
849 options = {
850 host = mkOption { type = str; description = "Host for MPD"; };
851 port = mkOption { type = port; description = "Port to access MPD host"; };
852 };
853 };
854 };
855 };
856 };
857 };
858 roundcubemail = mkOption {
859 description = "Roundcubemail configuration";
860 type = submodule {
861 options = {
862 postgresql = mkPsqlOptions "TT-RSS";
863 secret = mkOption { type = str; description = "Secret"; };
864 };
865 };
866 };
867 shaarli = mkOption {
868 description = "Shaarli configuration";
869 type = submodule {
870 options = {
871 ldap = mkLdapOptions "Shaarli" {};
872 };
873 };
874 };
875 task = mkOption {
876 description = "Taskwarrior configuration";
877 type = submodule {
878 options = {
879 ldap = mkLdapOptions "Taskwarrior" {};
880 taskwarrior-web = mkOption {
881 description = "taskwarrior-web profiles";
882 type = attrsOf (submodule {
883 options = {
884 uid = mkOption {
885 type = listOf str;
886 description = "List of ldap uids having access to this profile";
887 };
888 org = mkOption { type = str; description = "Taskd organisation"; };
889 key = mkOption { type = str; description = "Taskd key"; };
890 date = mkOption { type = str; description = "Preferred date format"; };
891 };
892 });
893 };
894 };
895 };
896 };
897 ttrss = mkOption {
898 description = "TT-RSS configuration";
899 type = submodule {
900 options = {
901 postgresql = mkPsqlOptions "TT-RSS";
902 ldap = mkLdapOptions "TT-RSS" {};
903 };
904 };
905 };
906 wallabag = mkOption {
907 description = "Wallabag configuration";
908 type = submodule {
909 options = {
910 postgresql = mkPsqlOptions "Wallabag";
911 ldap = mkLdapOptions "Wallabag" {
912 admin_filter = mkOption { type = str; description = "Admin users filter"; };
913 };
914 redis = mkRedisOptions "Wallabag";
915 secret = mkOption { type = str; description = "App secret"; };
916 };
917 };
918 };
919 ympd = mkOption {
920 description = "Ympd configuration";
921 type = submodule {
922 options = {
923 listenPort = mkOption { type = port; description = "Port to listen to"; };
924 mpd = mkOption {
925 description = "MPD configuration";
926 type = submodule {
927 options = {
928 password = mkOption { type = str; description = "Password to access MPD host"; };
929 host = mkOption { type = str; description = "Host for MPD"; };
930 port = mkOption { type = port; description = "Port to access MPD host"; };
931 };
932 };
933 };
934 };
935 };
936 };
937 yourls = mkOption {
938 description = "Yourls configuration";
939 type = submodule {
940 options = {
941 mysql = mkMysqlOptions "Yourls";
942 ldap = mkLdapOptions "Yourls" {};
943 cookieKey = mkOption { type = str; description = "Cookie key"; };
944 };
945 };
946 };
947 };
948 };
949 };
950 websites = mkOption {
951 description = "Websites configurations";
952 type = submodule {
953 options = {
954 aten = mkOption {
955 description = "Aten configurations by environment";
956 type =
957 let
958 atenSubmodule = mkOption {
959 description = "environment configuration";
960 type = submodule {
961 options = {
962 environment = mkOption { type = str; description = "Symfony environment"; };
963 secret = mkOption { type = str; description = "Symfony App secret"; };
964 postgresql = mkPsqlOptions "Aten";
965 };
966 };
967 };
968 in
969 submodule {
970 options = {
971 production = atenSubmodule;
972 integration = atenSubmodule;
973 };
974 };
975 };
976 chloe = mkOption {
977 description = "Chloe configurations by environment";
978 type =
979 let
980 chloeSubmodule = mkOption {
981 description = "environment configuration";
982 type = submodule {
983 options = {
984 environment = mkOption { type = str; description = "Symfony environment"; };
985 mysql = mkMysqlOptions "Chloe";
986 ldap = mkLdapOptions "Chloe" {};
987 };
988 };
989 };
990 in
991 submodule {
992 options = {
993 production = chloeSubmodule;
994 integration = chloeSubmodule;
995 };
996 };
997 };
998 connexionswing = mkOption {
999 description = "Connexionswing configurations by environment";
1000 type =
1001 let
1002 csSubmodule = mkOption {
1003 description = "environment configuration";
1004 type = submodule {
1005 options = {
1006 environment = mkOption { type = str; description = "Symfony environment"; };
1007 mysql = mkMysqlOptions "Connexionswing";
1008 secret = mkOption { type = str; description = "Symfony App secret"; };
1009 email = mkOption { type = str; description = "Symfony email notification"; };
1010 };
1011 };
1012 };
1013 in
1014 submodule {
1015 options = {
1016 production = csSubmodule;
1017 integration = csSubmodule;
1018 };
1019 };
1020 };
1021 jerome = mkOption {
1022 description = "Naturaloutil configuration";
1023 type = submodule {
1024 options = {
1025 mysql = mkMysqlOptions "Naturaloutil";
1026 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1027 };
1028 };
1029 };
1030 telioTortay = mkOption {
1031 description = "Telio Tortay configuration";
1032 type = submodule {
1033 options = {
1034 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1035 };
1036 };
1037 };
1038 ludivinecassal = mkOption {
1039 description = "Ludivinecassal configurations by environment";
1040 type =
1041 let
1042 lcSubmodule = mkOption {
1043 description = "environment configuration";
1044 type = submodule {
1045 options = {
1046 environment = mkOption { type = str; description = "Symfony environment"; };
1047 mysql = mkMysqlOptions "LudivineCassal";
1048 ldap = mkLdapOptions "LudivineCassal" {};
1049 secret = mkOption { type = str; description = "Symfony App secret"; };
1050 };
1051 };
1052 };
1053 in
1054 submodule {
1055 options = {
1056 production = lcSubmodule;
1057 integration = lcSubmodule;
1058 };
1059 };
1060 };
1061 emilia = mkOption {
1062 description = "Emilia configuration";
1063 type = submodule {
1064 options = {
1065 postgresql = mkPsqlOptions "Emilia";
1066 };
1067 };
1068 };
1069 florian = mkOption {
1070 description = "Florian configuration";
1071 type = submodule {
1072 options = {
1073 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1074 };
1075 };
1076 };
1077 nassime = mkOption {
1078 description = "Nassime configuration";
1079 type = submodule {
1080 options = {
1081 server_admin = mkOption { type = str; description = "Server admin e-mail"; };
1082 };
1083 };
1084 };
1085 piedsjaloux = mkOption {
1086 description = "Piedsjaloux configurations by environment";
1087 type =
1088 let
1089 pjSubmodule = mkOption {
1090 description = "environment configuration";
1091 type = submodule {
1092 options = {
1093 environment = mkOption { type = str; description = "Symfony environment"; };
1094 mysql = mkMysqlOptions "Piedsjaloux";
1095 secret = mkOption { type = str; description = "Symfony App secret"; };
1096 };
1097 };
1098 };
1099 in
1100 submodule {
1101 options = {
1102 production = pjSubmodule;
1103 integration = pjSubmodule;
1104 };
1105 };
1106 };
1107 tellesflorian = mkOption {
1108 description = "Tellesflorian configurations by environment";
1109 type =
1110 let
1111 tfSubmodule = mkOption {
1112 description = "environment configuration";
1113 type = submodule {
1114 options = {
1115 environment = mkOption { type = str; description = "Symfony environment"; };
1116 mysql = mkMysqlOptions "Tellesflorian";
1117 secret = mkOption { type = str; description = "Symfony App secret"; };
1118 invite_passwords = mkOption { type = str; description = "Password basic auth"; };
1119 };
1120 };
1121 };
1122 in
1123 submodule {
1124 options = {
1125 integration = tfSubmodule;
1126 };
1127 };
1128 };
1129 };
1130 };
1131 };
1132
1133 privateFiles = mkOption {
1134 type = path;
1135 description = ''
1136 Path to secret files to make available during build
1137 '';
1138 };
1139 };
1140 options.hostEnv = {
1141 FQDN = mkOption {
1142 type = string;
1143 description = ''
1144 FQDN of the current host.
1145 '';
1146 };
1147 };
1148}
diff --git a/modules/private/ftp.nix b/modules/private/ftp.nix
index 9b6a98f..e3c1f70 100644
--- a/modules/private/ftp.nix
+++ b/modules/private/ftp.nix
@@ -1,4 +1,4 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 package = pkgs.pure-ftpd.override { ldapFtpId = "immaeFtp"; }; 3 package = pkgs.pure-ftpd.override { ldapFtpId = "immaeFtp"; };
4in 4in
@@ -55,17 +55,17 @@ in
55 user = "ftp"; 55 user = "ftp";
56 group = "ftp"; 56 group = "ftp";
57 text = '' 57 text = ''
58 LDAPServer ${myconfig.env.ftp.ldap.host} 58 LDAPServer ${config.myEnv.ftp.ldap.host}
59 LDAPPort 389 59 LDAPPort 389
60 LDAPUseTLS True 60 LDAPUseTLS True
61 LDAPBaseDN ${myconfig.env.ftp.ldap.base} 61 LDAPBaseDN ${config.myEnv.ftp.ldap.base}
62 LDAPBindDN ${myconfig.env.ftp.ldap.dn} 62 LDAPBindDN ${config.myEnv.ftp.ldap.dn}
63 LDAPBindPW ${myconfig.env.ftp.ldap.password} 63 LDAPBindPW ${config.myEnv.ftp.ldap.password}
64 LDAPDefaultUID 500 64 LDAPDefaultUID 500
65 LDAPForceDefaultUID False 65 LDAPForceDefaultUID False
66 LDAPDefaultGID 100 66 LDAPDefaultGID 100
67 LDAPForceDefaultGID False 67 LDAPForceDefaultGID False
68 LDAPFilter ${myconfig.env.ftp.ldap.filter} 68 LDAPFilter ${config.myEnv.ftp.ldap.filter}
69 69
70 LDAPAuthMethod BIND 70 LDAPAuthMethod BIND
71 71
diff --git a/modules/private/gitolite/default.nix b/modules/private/gitolite/default.nix
index 658979d..9dfa04d 100644
--- a/modules/private/gitolite/default.nix
+++ b/modules/private/gitolite/default.nix
@@ -1,4 +1,4 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 cfg = config.myServices.gitolite; 3 cfg = config.myServices.gitolite;
4in { 4in {
@@ -32,7 +32,7 @@ in {
32 name = "gitolite_ldap_groups.sh"; 32 name = "gitolite_ldap_groups.sh";
33 file = ./gitolite_ldap_groups.sh; 33 file = ./gitolite_ldap_groups.sh;
34 vars = { 34 vars = {
35 LDAP_PASS = myconfig.env.tools.gitolite.ldap.password; 35 LDAP_PASS = config.myEnv.tools.gitolite.ldap.password;
36 }; 36 };
37 paths = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.coreutils ]; 37 paths = [ pkgs.openldap pkgs.stdenv.shellPackage pkgs.gnugrep pkgs.coreutils ];
38 }; 38 };
diff --git a/modules/private/mail/default.nix b/modules/private/mail/default.nix
index 8be21a1..839939c 100644
--- a/modules/private/mail/default.nix
+++ b/modules/private/mail/default.nix
@@ -1,4 +1,4 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2{ 2{
3 imports = [ 3 imports = [
4 ./milters.nix 4 ./milters.nix
@@ -14,7 +14,7 @@
14 extraDomains = let 14 extraDomains = let
15 zonesWithMx = builtins.filter (zone: 15 zonesWithMx = builtins.filter (zone:
16 lib.attrsets.hasAttr "withEmail" zone && lib.lists.length zone.withEmail > 0 16 lib.attrsets.hasAttr "withEmail" zone && lib.lists.length zone.withEmail > 0
17 ) myconfig.env.dns.masterZones; 17 ) config.myEnv.dns.masterZones;
18 mxs = map (zone: "mx-1.${zone.name}") zonesWithMx; 18 mxs = map (zone: "mx-1.${zone.name}") zonesWithMx;
19 in builtins.listToAttrs (map (mx: lib.attrsets.nameValuePair mx null) mxs); 19 in builtins.listToAttrs (map (mx: lib.attrsets.nameValuePair mx null) mxs);
20 }; 20 };
diff --git a/modules/private/mail/dovecot.nix b/modules/private/mail/dovecot.nix
index 470fc1a..16053ea 100644
--- a/modules/private/mail/dovecot.nix
+++ b/modules/private/mail/dovecot.nix
@@ -1,4 +1,4 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 sieve_bin = pkgs.runCommand "sieve_bin" { 3 sieve_bin = pkgs.runCommand "sieve_bin" {
4 buildInputs = [ pkgs.makeWrapper ]; 4 buildInputs = [ pkgs.makeWrapper ];
@@ -24,26 +24,26 @@ in
24 group = config.services.dovecot2.group; 24 group = config.services.dovecot2.group;
25 permissions = "0400"; 25 permissions = "0400";
26 text = '' 26 text = ''
27 hosts = ${myconfig.env.mail.dovecot.ldap.host} 27 hosts = ${config.myEnv.mail.dovecot.ldap.host}
28 tls = yes 28 tls = yes
29 29
30 dn = ${myconfig.env.mail.dovecot.ldap.dn} 30 dn = ${config.myEnv.mail.dovecot.ldap.dn}
31 dnpass = ${myconfig.env.mail.dovecot.ldap.password} 31 dnpass = ${config.myEnv.mail.dovecot.ldap.password}
32 32
33 auth_bind = yes 33 auth_bind = yes
34 34
35 ldap_version = 3 35 ldap_version = 3
36 36
37 base = ${myconfig.env.mail.dovecot.ldap.base} 37 base = ${config.myEnv.mail.dovecot.ldap.base}
38 scope = subtree 38 scope = subtree
39 39
40 pass_filter = ${myconfig.env.mail.dovecot.ldap.filter} 40 pass_filter = ${config.myEnv.mail.dovecot.ldap.filter}
41 pass_attrs = ${myconfig.env.mail.dovecot.ldap.pass_attrs} 41 pass_attrs = ${config.myEnv.mail.dovecot.ldap.pass_attrs}
42 42
43 user_attrs = ${myconfig.env.mail.dovecot.ldap.user_attrs} 43 user_attrs = ${config.myEnv.mail.dovecot.ldap.user_attrs}
44 user_filter = ${myconfig.env.mail.dovecot.ldap.filter} 44 user_filter = ${config.myEnv.mail.dovecot.ldap.filter}
45 iterate_attrs = ${myconfig.env.mail.dovecot.ldap.iterate_attrs} 45 iterate_attrs = ${config.myEnv.mail.dovecot.ldap.iterate_attrs}
46 iterate_filter = ${myconfig.env.mail.dovecot.ldap.iterate_filter} 46 iterate_filter = ${config.myEnv.mail.dovecot.ldap.iterate_filter}
47 ''; 47 '';
48 } 48 }
49 ]; 49 ];
diff --git a/modules/private/mail/milters.nix b/modules/private/mail/milters.nix
index 123af4a..6b033e8 100644
--- a/modules/private/mail/milters.nix
+++ b/modules/private/mail/milters.nix
@@ -1,4 +1,4 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2{ 2{
3 options.myServices.mail.milters.sockets = lib.mkOption { 3 options.myServices.mail.milters.sockets = lib.mkOption {
4 type = lib.types.attrsOf lib.types.path; 4 type = lib.types.attrsOf lib.types.path;
@@ -19,7 +19,7 @@
19 user = config.services.opendkim.user; 19 user = config.services.opendkim.user;
20 group = config.services.opendkim.group; 20 group = config.services.opendkim.group;
21 permissions = "0400"; 21 permissions = "0400";
22 text = myconfig.env.mail.dkim.eldiron.private; 22 text = config.myEnv.mail.dkim.eldiron.private;
23 } 23 }
24 { 24 {
25 dest = "opendkim/eldiron.txt"; 25 dest = "opendkim/eldiron.txt";
@@ -27,14 +27,14 @@
27 group = config.services.opendkim.group; 27 group = config.services.opendkim.group;
28 permissions = "0444"; 28 permissions = "0444";
29 text = '' 29 text = ''
30 eldiron._domainkey IN TXT ${myconfig.env.mail.dkim.eldiron.public}''; 30 eldiron._domainkey IN TXT ${config.myEnv.mail.dkim.eldiron.public}'';
31 } 31 }
32 { 32 {
33 dest = "opendmarc/ignore.hosts"; 33 dest = "opendmarc/ignore.hosts";
34 user = config.services.opendmarc.user; 34 user = config.services.opendmarc.user;
35 group = config.services.opendmarc.group; 35 group = config.services.opendmarc.group;
36 permissions = "0400"; 36 permissions = "0400";
37 text = myconfig.env.mail.dmarc.ignore_hosts; 37 text = config.myEnv.mail.dmarc.ignore_hosts;
38 } 38 }
39 ]; 39 ];
40 users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ]; 40 users.users."${config.services.opendkim.user}".extraGroups = [ "keys" ];
@@ -46,7 +46,7 @@
46 (e: "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}") 46 (e: "${e.domain}${lib.optionalString (e.domain != "") "."}${zone.name}")
47 (zone.withEmail or []) 47 (zone.withEmail or [])
48 ) 48 )
49 myconfig.env.dns.masterZones 49 config.myEnv.dns.masterZones
50 )); 50 ));
51 keyPath = "${config.secrets.location}/opendkim"; 51 keyPath = "${config.secrets.location}/opendkim";
52 selector = "eldiron"; 52 selector = "eldiron";
diff --git a/modules/private/mail/postfix.nix b/modules/private/mail/postfix.nix
index a679027..f8f86f6 100644
--- a/modules/private/mail/postfix.nix
+++ b/modules/private/mail/postfix.nix
@@ -1,4 +1,4 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2{ 2{
3 config = lib.mkIf config.myServices.mail.enable { 3 config = lib.mkIf config.myServices.mail.enable {
4 services.duplyBackup.profiles.mail.excludeFile = '' 4 services.duplyBackup.profiles.mail.excludeFile = ''
@@ -13,10 +13,10 @@
13 text = '' 13 text = ''
14 # We need to specify that option to trigger ssl connection 14 # We need to specify that option to trigger ssl connection
15 tls_ciphers = TLSv1.2 15 tls_ciphers = TLSv1.2
16 user = ${myconfig.env.mail.postfix.mysql.user} 16 user = ${config.myEnv.mail.postfix.mysql.user}
17 password = ${myconfig.env.mail.postfix.mysql.password} 17 password = ${config.myEnv.mail.postfix.mysql.password}
18 hosts = unix:${myconfig.env.mail.postfix.mysql.socket} 18 hosts = unix:${config.myEnv.mail.postfix.mysql.socket}
19 dbname = ${myconfig.env.mail.postfix.mysql.database} 19 dbname = ${config.myEnv.mail.postfix.mysql.database}
20 query = SELECT DISTINCT destination 20 query = SELECT DISTINCT destination
21 FROM forwardings_merge 21 FROM forwardings_merge
22 WHERE 22 WHERE
@@ -41,10 +41,10 @@
41 text = '' 41 text = ''
42 # We need to specify that option to trigger ssl connection 42 # We need to specify that option to trigger ssl connection
43 tls_ciphers = TLSv1.2 43 tls_ciphers = TLSv1.2
44 user = ${myconfig.env.mail.postfix.mysql.user} 44 user = ${config.myEnv.mail.postfix.mysql.user}
45 password = ${myconfig.env.mail.postfix.mysql.password} 45 password = ${config.myEnv.mail.postfix.mysql.password}
46 hosts = unix:${myconfig.env.mail.postfix.mysql.socket} 46 hosts = unix:${config.myEnv.mail.postfix.mysql.socket}
47 dbname = ${myconfig.env.mail.postfix.mysql.database} 47 dbname = ${config.myEnv.mail.postfix.mysql.database}
48 result_format = /%d/%u 48 result_format = /%d/%u
49 query = SELECT DISTINCT '%s' 49 query = SELECT DISTINCT '%s'
50 FROM mailboxes 50 FROM mailboxes
@@ -68,10 +68,10 @@
68 text = '' 68 text = ''
69 # We need to specify that option to trigger ssl connection 69 # We need to specify that option to trigger ssl connection
70 tls_ciphers = TLSv1.2 70 tls_ciphers = TLSv1.2
71 user = ${myconfig.env.mail.postfix.mysql.user} 71 user = ${config.myEnv.mail.postfix.mysql.user}
72 password = ${myconfig.env.mail.postfix.mysql.password} 72 password = ${config.myEnv.mail.postfix.mysql.password}
73 hosts = unix:${myconfig.env.mail.postfix.mysql.socket} 73 hosts = unix:${config.myEnv.mail.postfix.mysql.socket}
74 dbname = ${myconfig.env.mail.postfix.mysql.database} 74 dbname = ${config.myEnv.mail.postfix.mysql.database}
75 query = SELECT DISTINCT destination 75 query = SELECT DISTINCT destination
76 FROM forwardings_merge 76 FROM forwardings_merge
77 WHERE 77 WHERE
@@ -132,7 +132,7 @@
132 ''; 132 '';
133 scripts = lib.attrsets.mapAttrs (n: v: 133 scripts = lib.attrsets.mapAttrs (n: v:
134 toScript n (pkgs.callPackage (builtins.fetchGit { url = v.src.url; ref = "master"; rev = v.src.rev; }) { scriptEnv = v.env; }) 134 toScript n (pkgs.callPackage (builtins.fetchGit { url = v.src.url; ref = "master"; rev = v.src.rev; }) { scriptEnv = v.env; })
135 ) myconfig.env.mail.scripts; 135 ) config.myEnv.mail.scripts;
136 in builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: ''${n}: "|${v}"'') scripts); 136 in builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList (n: v: ''${n}: "|${v}"'') scripts);
137 mapFiles = let 137 mapFiles = let
138 recipient_maps = let 138 recipient_maps = let
@@ -145,7 +145,7 @@
145 pairs = n: v: lib.imap1 (i: m: pair n i m) v.recipient_maps; 145 pairs = n: v: lib.imap1 (i: m: pair n i m) v.recipient_maps;
146 in lib.attrsets.filterAttrs (k: v: v != null) ( 146 in lib.attrsets.filterAttrs (k: v: v != null) (
147 lib.attrsets.listToAttrs (lib.flatten ( 147 lib.attrsets.listToAttrs (lib.flatten (
148 lib.attrsets.mapAttrsToList pairs myconfig.env.mail.postfix.backup_domains 148 lib.attrsets.mapAttrsToList pairs config.myEnv.mail.postfix.backup_domains
149 )) 149 ))
150 ); 150 );
151 relay_restrictions = lib.attrsets.filterAttrs (k: v: v != null) ( 151 relay_restrictions = lib.attrsets.filterAttrs (k: v: v != null) (
@@ -155,7 +155,7 @@
155 then pkgs.writeText "recipient_access_${n}" v.relay_restrictions 155 then pkgs.writeText "recipient_access_${n}" v.relay_restrictions
156 else null 156 else null
157 ) 157 )
158 ) myconfig.env.mail.postfix.backup_domains 158 ) config.myEnv.mail.postfix.backup_domains
159 ); 159 );
160 virtual_map = { 160 virtual_map = {
161 virtual = pkgs.writeText "postfix-virtual" ( 161 virtual = pkgs.writeText "postfix-virtual" (
@@ -164,7 +164,7 @@
164 n: v: '' 164 n: v: ''
165 script_${n}@mail.immae.eu ${n}@localhost, scripts@mail.immae.eu 165 script_${n}@mail.immae.eu ${n}@localhost, scripts@mail.immae.eu
166 '' 166 ''
167 ) myconfig.env.mail.scripts 167 ) config.myEnv.mail.scripts
168 ) 168 )
169 ); 169 );
170 }; 170 };
@@ -183,7 +183,7 @@
183 183
184 ### Virtual mailboxes config 184 ### Virtual mailboxes config
185 virtual_alias_maps = "hash:/etc/postfix/virtual mysql:${config.secrets.fullPaths."postfix/mysql_alias_maps"}"; 185 virtual_alias_maps = "hash:/etc/postfix/virtual mysql:${config.secrets.fullPaths."postfix/mysql_alias_maps"}";
186 virtual_mailbox_domains = myconfig.env.mail.postfix.additional_mailbox_domains 186 virtual_mailbox_domains = config.myEnv.mail.postfix.additional_mailbox_domains
187 ++ lib.remove "localhost.immae.eu" (lib.remove null (lib.flatten (map 187 ++ lib.remove "localhost.immae.eu" (lib.remove null (lib.flatten (map
188 (zone: map 188 (zone: map
189 (e: if e.receive 189 (e: if e.receive
@@ -192,17 +192,17 @@
192 ) 192 )
193 (zone.withEmail or []) 193 (zone.withEmail or [])
194 ) 194 )
195 myconfig.env.dns.masterZones 195 config.myEnv.dns.masterZones
196 ))); 196 )));
197 virtual_mailbox_maps = "mysql:${config.secrets.fullPaths."postfix/mysql_mailbox_maps"}"; 197 virtual_mailbox_maps = "mysql:${config.secrets.fullPaths."postfix/mysql_mailbox_maps"}";
198 dovecot_destination_recipient_limit = "1"; 198 dovecot_destination_recipient_limit = "1";
199 virtual_transport = "dovecot"; 199 virtual_transport = "dovecot";
200 200
201 ### Relay domains 201 ### Relay domains
202 relay_domains = lib.flatten (lib.attrsets.mapAttrsToList (n: v: v.domains or []) myconfig.env.mail.postfix.backup_domains); 202 relay_domains = lib.flatten (lib.attrsets.mapAttrsToList (n: v: v.domains or []) config.myEnv.mail.postfix.backup_domains);
203 relay_recipient_maps = lib.flatten (lib.attrsets.mapAttrsToList (n: v: 203 relay_recipient_maps = lib.flatten (lib.attrsets.mapAttrsToList (n: v:
204 lib.imap1 (i: m: "${m.type}:/etc/postfix/relay_${n}_${toString i}") v.recipient_maps 204 lib.imap1 (i: m: "${m.type}:/etc/postfix/relay_${n}_${toString i}") v.recipient_maps
205 ) myconfig.env.mail.postfix.backup_domains); 205 ) config.myEnv.mail.postfix.backup_domains);
206 smtpd_relay_restrictions = [ 206 smtpd_relay_restrictions = [
207 "permit_mynetworks" 207 "permit_mynetworks"
208 "permit_sasl_authenticated" 208 "permit_sasl_authenticated"
@@ -211,7 +211,7 @@
211 if lib.attrsets.hasAttr "relay_restrictions" v 211 if lib.attrsets.hasAttr "relay_restrictions" v
212 then [ "check_recipient_access hash:/etc/postfix/recipient_access_${n}" ] 212 then [ "check_recipient_access hash:/etc/postfix/recipient_access_${n}" ]
213 else [] 213 else []
214 ) myconfig.env.mail.postfix.backup_domains); 214 ) config.myEnv.mail.postfix.backup_domains);
215 215
216 ### Additional smtpd configuration 216 ### Additional smtpd configuration
217 smtpd_tls_received_header = "yes"; 217 smtpd_tls_received_header = "yes";
@@ -222,8 +222,8 @@
222 smtp_tls_loglevel = "1"; 222 smtp_tls_loglevel = "1";
223 223
224 ### Force ip bind for smtp 224 ### Force ip bind for smtp
225 smtp_bind_address = myconfig.env.servers.eldiron.ips.main.ip4; 225 smtp_bind_address = config.myEnv.servers.eldiron.ips.main.ip4;
226 smtp_bind_address6 = builtins.head myconfig.env.servers.eldiron.ips.main.ip6; 226 smtp_bind_address6 = builtins.head config.myEnv.servers.eldiron.ips.main.ip6;
227 227
228 # #Unneeded if postfix can only send e-mail from "self" domains 228 # #Unneeded if postfix can only send e-mail from "self" domains
229 # #smtp_sasl_auth_enable = "yes"; 229 # #smtp_sasl_auth_enable = "yes";
diff --git a/modules/private/mail/rspamd.nix b/modules/private/mail/rspamd.nix
index b5f64d8..4d55fc2 100644
--- a/modules/private/mail/rspamd.nix
+++ b/modules/private/mail/rspamd.nix
@@ -1,4 +1,4 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2{ 2{
3 options.myServices.mail.rspamd.sockets = lib.mkOption { 3 options.myServices.mail.rspamd.sockets = lib.mkOption {
4 type = lib.types.attrsOf lib.types.path; 4 type = lib.types.attrsOf lib.types.path;
@@ -43,14 +43,14 @@
43 }; 43 };
44 locals = { 44 locals = {
45 "redis.conf".text = '' 45 "redis.conf".text = ''
46 servers = "${myconfig.env.mail.rspamd.redis.socket}"; 46 servers = "${config.myEnv.mail.rspamd.redis.socket}";
47 db = "${myconfig.env.mail.rspamd.redis.db}"; 47 db = "${config.myEnv.mail.rspamd.redis.db}";
48 ''; 48 '';
49 "classifier-bayes.conf".text = '' 49 "classifier-bayes.conf".text = ''
50 users_enabled = true; 50 users_enabled = true;
51 backend = "redis"; 51 backend = "redis";
52 servers = "${myconfig.env.mail.rspamd.redis.socket}"; 52 servers = "${config.myEnv.mail.rspamd.redis.socket}";
53 database = "${myconfig.env.mail.rspamd.redis.db}"; 53 database = "${config.myEnv.mail.rspamd.redis.db}";
54 autolearn = true; 54 autolearn = true;
55 cache { 55 cache {
56 backend = "redis"; 56 backend = "redis";
@@ -69,8 +69,8 @@
69 workers = { 69 workers = {
70 controller = { 70 controller = {
71 extraConfig = '' 71 extraConfig = ''
72 enable_password = "${myconfig.env.mail.rspamd.write_password_hashed}"; 72 enable_password = "${config.myEnv.mail.rspamd.write_password_hashed}";
73 password = "${myconfig.env.mail.rspamd.read_password_hashed}"; 73 password = "${config.myEnv.mail.rspamd.read_password_hashed}";
74 ''; 74 '';
75 bindSockets = [ { 75 bindSockets = [ {
76 socket = config.myServices.mail.rspamd.sockets.worker-controller; 76 socket = config.myServices.mail.rspamd.sockets.worker-controller;
diff --git a/modules/private/monitoring/default.nix b/modules/private/monitoring/default.nix
index e44b127..d6c91ac 100644
--- a/modules/private/monitoring/default.nix
+++ b/modules/private/monitoring/default.nix
@@ -1,4 +1,4 @@
1{ config, myconfig, pkgs, lib, name, hostFQDN, ... }: 1{ config, pkgs, lib, name, ... }:
2let 2let
3 myplugins = pkgs.runCommand "buildplugins" { 3 myplugins = pkgs.runCommand "buildplugins" {
4 buildInputs = [ pkgs.makeWrapper pkgs.perl ]; 4 buildInputs = [ pkgs.makeWrapper pkgs.perl ];
@@ -38,7 +38,7 @@ let
38 }; 38 };
39 }; 39 };
40 commonObjects = pkgs.callPackage ./objects_common.nix ({ 40 commonObjects = pkgs.callPackage ./objects_common.nix ({
41 inherit hostFQDN; 41 hostFQDN = config.hostEnv.FQDN;
42 sudo = "/run/wrappers/bin/sudo"; 42 sudo = "/run/wrappers/bin/sudo";
43 } // builtins.getAttr name commonConfig); 43 } // builtins.getAttr name commonConfig);
44 hostObjects = 44 hostObjects =
@@ -113,7 +113,7 @@ in
113 enable = true; 113 enable = true;
114 mode = "0644"; 114 mode = "0644";
115 user = "root"; 115 user = "root";
116 text = "MAILADDR ${myconfig.env.monitoring.email}"; 116 text = "MAILADDR ${config.myEnv.monitoring.email}";
117 }; 117 };
118 118
119 # needed since extraResource is not in the closure 119 # needed since extraResource is not in the closure
@@ -125,15 +125,15 @@ in
125 use_syslog=1 125 use_syslog=1
126 log_initial_states=1 126 log_initial_states=1
127 date_format=iso8601 127 date_format=iso8601
128 admin_email=${myconfig.env.monitoring.email} 128 admin_email=${config.myEnv.monitoring.email}
129 129
130 obsess_over_services=1 130 obsess_over_services=1
131 ocsp_command=notify-master 131 ocsp_command=notify-master
132 ''; 132 '';
133 extraResource = '' 133 extraResource = ''
134 $USER2$=${myplugins} 134 $USER2$=${myplugins}
135 $USER200$=${myconfig.env.monitoring.status_url} 135 $USER200$=${config.myEnv.monitoring.status_url}
136 $USER201$=${myconfig.env.monitoring.status_token} 136 $USER201$=${config.myEnv.monitoring.status_token}
137 ''; 137 '';
138 objectDefs = toObjects commonObjects + toObjects hostObjects; 138 objectDefs = toObjects commonObjects + toObjects hostObjects;
139 }; 139 };
diff --git a/modules/private/mpd.nix b/modules/private/mpd.nix
index c7e2486..1e6e666 100644
--- a/modules/private/mpd.nix
+++ b/modules/private/mpd.nix
@@ -1,4 +1,4 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2{ 2{
3 options.myServices.mpd.enable = lib.mkEnableOption "enable MPD"; 3 options.myServices.mpd.enable = lib.mkEnableOption "enable MPD";
4 config = lib.mkIf config.myServices.mpd.enable { 4 config = lib.mkIf config.myServices.mpd.enable {
@@ -9,7 +9,7 @@
9 { 9 {
10 dest = "mpd"; 10 dest = "mpd";
11 permissions = "0400"; 11 permissions = "0400";
12 text = myconfig.env.mpd.password; 12 text = config.myEnv.mpd.password;
13 } 13 }
14 { 14 {
15 dest = "mpd-config"; 15 dest = "mpd-config";
@@ -17,7 +17,7 @@
17 user = "mpd"; 17 user = "mpd";
18 group = "mpd"; 18 group = "mpd";
19 text = '' 19 text = ''
20 password "${myconfig.env.mpd.password}@read,add,control,admin" 20 password "${config.myEnv.mpd.password}@read,add,control,admin"
21 ''; 21 '';
22 } 22 }
23 ]; 23 ];
@@ -32,7 +32,7 @@
32 services.mpd = { 32 services.mpd = {
33 enable = true; 33 enable = true;
34 network.listenAddress = "any"; 34 network.listenAddress = "any";
35 musicDirectory = myconfig.env.mpd.folder; 35 musicDirectory = config.myEnv.mpd.folder;
36 extraConfig = '' 36 extraConfig = ''
37 include "/var/secrets/mpd-config" 37 include "/var/secrets/mpd-config"
38 audio_output { 38 audio_output {
diff --git a/modules/private/pub/default.nix b/modules/private/pub/default.nix
index 835bcec..790395c 100644
--- a/modules/private/pub/default.nix
+++ b/modules/private/pub/default.nix
@@ -1,4 +1,4 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2{ 2{
3 options = { 3 options = {
4 myServices.pub.enable = lib.mkOption { 4 myServices.pub.enable = lib.mkOption {
@@ -43,7 +43,7 @@
43 createHome = true; 43 createHome = true;
44 description = "Restricted shell user"; 44 description = "Restricted shell user";
45 home = "/var/lib/pub"; 45 home = "/var/lib/pub";
46 uid = myconfig.env.users.pub.uid; 46 uid = config.myEnv.users.pub.uid;
47 useDefaultShell = true; 47 useDefaultShell = true;
48 packages = [ 48 packages = [
49 restrict 49 restrict
diff --git a/modules/private/ssh/default.nix b/modules/private/ssh/default.nix
index d4c1ab3..1699104 100644
--- a/modules/private/ssh/default.nix
+++ b/modules/private/ssh/default.nix
@@ -1,4 +1,4 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 cfg = config.myServices.ssh; 3 cfg = config.myServices.ssh;
4in 4in
@@ -56,7 +56,7 @@ in
56 user = "nobody"; 56 user = "nobody";
57 group = "nogroup"; 57 group = "nogroup";
58 permissions = "0400"; 58 permissions = "0400";
59 text = myconfig.env.sshd.ldap.password; 59 text = config.myEnv.sshd.ldap.password;
60 }]; 60 }];
61 system.activationScripts.sshd = { 61 system.activationScripts.sshd = {
62 deps = [ "secrets" ]; 62 deps = [ "secrets" ];
diff --git a/modules/private/system.nix b/modules/private/system.nix
index 1ddfd2e..c0291b0 100644
--- a/modules/private/system.nix
+++ b/modules/private/system.nix
@@ -1,4 +1,4 @@
1{ pkgs, privateFiles, lib, ... }: 1{ pkgs, lib, ... }:
2{ 2{
3 config = { 3 config = {
4 services.duplyBackup.profiles.system = { 4 services.duplyBackup.profiles.system = {
@@ -16,10 +16,6 @@
16 _module.args = { 16 _module.args = {
17 pkgsNext = import <nixpkgsNext> {}; 17 pkgsNext = import <nixpkgsNext> {};
18 pkgsPrevious = import <nixpkgsPrevious> {}; 18 pkgsPrevious = import <nixpkgsPrevious> {};
19 myconfig = {
20 inherit privateFiles;
21 env = import "${privateFiles}/environment.nix";
22 };
23 }; 19 };
24 20
25 services.journald.extraConfig = '' 21 services.journald.extraConfig = ''
diff --git a/modules/private/system/backup-2.nix b/modules/private/system/backup-2.nix
index 5d692c6..84e52d5 100644
--- a/modules/private/system/backup-2.nix
+++ b/modules/private/system/backup-2.nix
@@ -1,15 +1,16 @@
1{ privateFiles }: 1{ privateFiles }:
2{ config, pkgs, myconfig, resources, ... }: 2{ config, pkgs, resources, ... }:
3{ 3{
4 boot.kernelPackages = pkgs.linuxPackages_latest; 4 boot.kernelPackages = pkgs.linuxPackages_latest;
5 _module.args.privateFiles = privateFiles; 5 myEnv = import "${privateFiles}/environment.nix" // { inherit privateFiles; };
6 _module.args.hostFQDN = "backup-2.v.immae.eu"; 6 hostEnv.FQDN = "backup-2.v.immae.eu";
7
7 imports = builtins.attrValues (import ../..); 8 imports = builtins.attrValues (import ../..);
8 9
9 deployment = { 10 deployment = {
10 targetEnv = "hetznerCloud"; 11 targetEnv = "hetznerCloud";
11 hetznerCloud = { 12 hetznerCloud = {
12 authToken = myconfig.env.hetznerCloud.authToken; 13 authToken = config.myEnv.hetznerCloud.authToken;
13 datacenter = "hel1-dc2"; 14 datacenter = "hel1-dc2";
14 location ="hel1"; 15 location ="hel1";
15 serverType = "cx11"; 16 serverType = "cx11";
@@ -27,10 +28,10 @@
27 firewall.enable = true; 28 firewall.enable = true;
28 interfaces."ens3".ipv4.addresses = pkgs.lib.attrsets.mapAttrsToList 29 interfaces."ens3".ipv4.addresses = pkgs.lib.attrsets.mapAttrsToList
29 (n: ips: { address = ips.ip4; prefixLength = 32; }) 30 (n: ips: { address = ips.ip4; prefixLength = 32; })
30 (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") myconfig.env.servers.backup-2.ips); 31 (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.myEnv.servers.backup-2.ips);
31 interfaces."ens3".ipv6.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList 32 interfaces."ens3".ipv6.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList
32 (n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or [])) 33 (n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or []))
33 myconfig.env.servers.backup-2.ips); 34 config.myEnv.servers.backup-2.ips);
34 35
35 defaultMailServer = { 36 defaultMailServer = {
36 directDelivery = true; 37 directDelivery = true;
@@ -48,10 +49,10 @@
48 49
49 services.rsyncBackup = { 50 services.rsyncBackup = {
50 mountpoint = "/backup2"; 51 mountpoint = "/backup2";
51 mailto = myconfig.env.rsync_backup.mailto; 52 mailto = config.myEnv.rsync_backup.mailto;
52 profiles = myconfig.env.rsync_backup.profiles; 53 profiles = config.myEnv.rsync_backup.profiles;
53 ssh_key_public = myconfig.env.rsync_backup.ssh_key.public; 54 ssh_key_public = config.myEnv.rsync_backup.ssh_key.public;
54 ssh_key_private = myconfig.env.rsync_backup.ssh_key.private; 55 ssh_key_private = config.myEnv.rsync_backup.ssh_key.private;
55 }; 56 };
56 57
57 myServices.monitoring.enable = true; 58 myServices.monitoring.enable = true;
@@ -62,7 +63,7 @@
62 hosts = { 63 hosts = {
63 eldiron = { 64 eldiron = {
64 slot = "backup_2"; 65 slot = "backup_2";
65 connection = "postgresql://backup-2:${myconfig.env.ldap.backup-2.password}@eldiron.immae.eu"; 66 connection = "postgresql://backup-2:${config.myEnv.servers.backup-2.ldap.password}@eldiron.immae.eu";
66 }; 67 };
67 }; 68 };
68 }; 69 };
@@ -73,12 +74,12 @@
73 eldiron = { 74 eldiron = {
74 serverId = 2; 75 serverId = 2;
75 # mysql resolves "backup-2" host and checks the ip, but uses /etc/hosts which only contains ip4 76 # mysql resolves "backup-2" host and checks the ip, but uses /etc/hosts which only contains ip4
76 host = myconfig.env.servers.eldiron.ips.main.ip4; 77 host = config.myEnv.servers.eldiron.ips.main.ip4;
77 port = "3306"; 78 port = "3306";
78 user = "backup-2"; 79 user = "backup-2";
79 password = myconfig.env.ldap.backup-2.password; 80 password = config.myEnv.servers.backup-2.ldap.password;
80 dumpUser = "root"; 81 dumpUser = "root";
81 dumpPassword = myconfig.env.databases.mysql.systemUsers.root; 82 dumpPassword = config.myEnv.databases.mysql.systemUsers.root;
82 }; 83 };
83 }; 84 };
84 }; 85 };
@@ -97,10 +98,10 @@
97 base = "/backup2"; 98 base = "/backup2";
98 hosts = { 99 hosts = {
99 eldiron = { 100 eldiron = {
100 url = "ldaps://${myconfig.env.ldap.host}:636"; 101 url = "ldaps://${config.myEnv.ldap.host}:636";
101 dn = myconfig.env.ldap.replication_dn; 102 dn = config.myEnv.ldap.replication_dn;
102 password = myconfig.env.ldap.replication_pw; 103 password = config.myEnv.ldap.replication_pw;
103 base = myconfig.env.ldap.base; 104 base = config.myEnv.ldap.base;
104 }; 105 };
105 }; 106 };
106 }; 107 };
diff --git a/modules/private/system/eldiron.nix b/modules/private/system/eldiron.nix
index bf4cefb..172e4be 100644
--- a/modules/private/system/eldiron.nix
+++ b/modules/private/system/eldiron.nix
@@ -1,19 +1,19 @@
1{ privateFiles }: 1{ privateFiles }:
2{ config, pkgs, myconfig, ... }: 2{ config, pkgs, ... }:
3{ 3{
4 boot.kernelPackages = pkgs.linuxPackages_latest; 4 boot.kernelPackages = pkgs.linuxPackages_latest;
5 _module.args.privateFiles = privateFiles; 5 myEnv = import "${privateFiles}/environment.nix" // { inherit privateFiles; };
6 _module.args.hostFQDN = "eldiron.immae.eu"; 6 hostEnv.FQDN = "eldiron.immae.eu";
7 7
8 networking = { 8 networking = {
9 firewall.enable = true; 9 firewall.enable = true;
10 # 176.9.151.89 declared in nixops -> infra / tools 10 # 176.9.151.89 declared in nixops -> infra / tools
11 interfaces."eth0".ipv4.addresses = pkgs.lib.attrsets.mapAttrsToList 11 interfaces."eth0".ipv4.addresses = pkgs.lib.attrsets.mapAttrsToList
12 (n: ips: { address = ips.ip4; prefixLength = 32; }) 12 (n: ips: { address = ips.ip4; prefixLength = 32; })
13 (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") myconfig.env.servers.eldiron.ips); 13 (pkgs.lib.attrsets.filterAttrs (n: v: n != "main") config.myEnv.servers.eldiron.ips);
14 interfaces."eth0".ipv6.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList 14 interfaces."eth0".ipv6.addresses = pkgs.lib.flatten (pkgs.lib.attrsets.mapAttrsToList
15 (n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or [])) 15 (n: ips: map (ip: { address = ip; prefixLength = (if n == "main" && ip == pkgs.lib.head ips.ip6 then 64 else 128); }) (ips.ip6 or []))
16 myconfig.env.servers.eldiron.ips); 16 config.myEnv.servers.eldiron.ips);
17 }; 17 };
18 18
19 imports = builtins.attrValues (import ../..); 19 imports = builtins.attrValues (import ../..);
@@ -40,9 +40,9 @@
40 deployment = { 40 deployment = {
41 targetEnv = "hetzner"; 41 targetEnv = "hetzner";
42 hetzner = { 42 hetzner = {
43 robotUser = myconfig.env.hetzner.user; 43 robotUser = config.myEnv.hetzner.user;
44 robotPass = myconfig.env.hetzner.pass; 44 robotPass = config.myEnv.hetzner.pass;
45 mainIPv4 = myconfig.env.servers.eldiron.ips.main.ip4; 45 mainIPv4 = config.myEnv.servers.eldiron.ips.main.ip4;
46 partitions = '' 46 partitions = ''
47 clearpart --all --initlabel --drives=sda,sdb 47 clearpart --all --initlabel --drives=sda,sdb
48 48
diff --git a/modules/private/tasks/default.nix b/modules/private/tasks/default.nix
index b345e5a..c4f065b 100644
--- a/modules/private/tasks/default.nix
+++ b/modules/private/tasks/default.nix
@@ -1,10 +1,10 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 cfg = config.myServices.tasks; 3 cfg = config.myServices.tasks;
4 server_vardir = config.services.taskserver.dataDir; 4 server_vardir = config.services.taskserver.dataDir;
5 fqdn = "task.immae.eu"; 5 fqdn = "task.immae.eu";
6 user = config.services.taskserver.user; 6 user = config.services.taskserver.user;
7 env = myconfig.env.tools.task; 7 env = config.myEnv.tools.task;
8 group = config.services.taskserver.group; 8 group = config.services.taskserver.group;
9 taskserver-user-certs = pkgs.runCommand "taskserver-user-certs" {} '' 9 taskserver-user-certs = pkgs.runCommand "taskserver-user-certs" {} ''
10 mkdir -p $out/bin 10 mkdir -p $out/bin
@@ -107,7 +107,7 @@ in {
107 SetEnv TASKD_LDAP_DN "${env.ldap.dn}" 107 SetEnv TASKD_LDAP_DN "${env.ldap.dn}"
108 SetEnv TASKD_LDAP_PASSWORD "${env.ldap.password}" 108 SetEnv TASKD_LDAP_PASSWORD "${env.ldap.password}"
109 SetEnv TASKD_LDAP_BASE "${env.ldap.base}" 109 SetEnv TASKD_LDAP_BASE "${env.ldap.base}"
110 SetEnv TASKD_LDAP_FILTER "${env.ldap.search}" 110 SetEnv TASKD_LDAP_FILTER "${env.ldap.filter}"
111 ''; 111 '';
112 }]; 112 }];
113 services.websites.env.tools.watchPaths = [ "/var/secrets/webapps/tools-taskwarrior-web" ]; 113 services.websites.env.tools.watchPaths = [ "/var/secrets/webapps/tools-taskwarrior-web" ];
diff --git a/modules/private/websites/aten/integration.nix b/modules/private/websites/aten/integration.nix
index 7aadf58..7e12b38 100644
--- a/modules/private/websites/aten/integration.nix
+++ b/modules/private/websites/aten/integration.nix
@@ -1,6 +1,6 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 secrets = myconfig.env.websites.aten.integration; 3 secrets = config.myEnv.websites.aten.integration;
4 app = pkgs.webapps.aten.override { environment = secrets.environment; }; 4 app = pkgs.webapps.aten.override { environment = secrets.environment; };
5 cfg = config.myServices.websites.aten.integration; 5 cfg = config.myServices.websites.aten.integration;
6 pcfg = config.services.phpApplication; 6 pcfg = config.services.phpApplication;
@@ -39,10 +39,15 @@ in {
39 user = config.services.httpd.Inte.user; 39 user = config.services.httpd.Inte.user;
40 group = config.services.httpd.Inte.group; 40 group = config.services.httpd.Inte.group;
41 permissions = "0400"; 41 permissions = "0400";
42 text = '' 42 text = let
43 # cf:
44 # https://secure.php.net/manual/fr/function.parse-url.php
45 # vendor/doctrine/dbal/lib/Doctrine/DBAL/DriverManager.php#parseDatabaseUrlQuery
46 psql_url = with secrets.postgresql; "pdo-pgsql://${user}:${password}@invalid:${port}/${database}?host=${socket}";
47 in ''
43 SetEnv APP_ENV "${app.environment}" 48 SetEnv APP_ENV "${app.environment}"
44 SetEnv APP_SECRET "${secrets.secret}" 49 SetEnv APP_SECRET "${secrets.secret}"
45 SetEnv DATABASE_URL "${secrets.psql_url}" 50 SetEnv DATABASE_URL "${psql_url}"
46 ''; 51 '';
47 }]; 52 }];
48 services.websites.env.integration.vhostConfs.aten_dev = { 53 services.websites.env.integration.vhostConfs.aten_dev = {
diff --git a/modules/private/websites/aten/production.nix b/modules/private/websites/aten/production.nix
index 16a909a..1f72e61 100644
--- a/modules/private/websites/aten/production.nix
+++ b/modules/private/websites/aten/production.nix
@@ -1,6 +1,6 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 secrets = myconfig.env.websites.aten.production; 3 secrets = config.myEnv.websites.aten.production;
4 app = pkgs.webapps.aten.override { environment = secrets.environment; }; 4 app = pkgs.webapps.aten.override { environment = secrets.environment; };
5 cfg = config.myServices.websites.aten.production; 5 cfg = config.myServices.websites.aten.production;
6 pcfg = config.services.phpApplication; 6 pcfg = config.services.phpApplication;
@@ -41,10 +41,15 @@ in {
41 user = config.services.httpd.Prod.user; 41 user = config.services.httpd.Prod.user;
42 group = config.services.httpd.Prod.group; 42 group = config.services.httpd.Prod.group;
43 permissions = "0400"; 43 permissions = "0400";
44 text = '' 44 text = let
45 # cf:
46 # https://secure.php.net/manual/fr/function.parse-url.php
47 # vendor/doctrine/dbal/lib/Doctrine/DBAL/DriverManager.php#parseDatabaseUrlQuery
48 psql_url = with secrets.postgresql; "pdo-pgsql://${user}:${password}@invalid:${port}/${database}?host=${socket}";
49 in ''
45 SetEnv APP_ENV "${app.environment}" 50 SetEnv APP_ENV "${app.environment}"
46 SetEnv APP_SECRET "${secrets.secret}" 51 SetEnv APP_SECRET "${secrets.secret}"
47 SetEnv DATABASE_URL "${secrets.psql_url}" 52 SetEnv DATABASE_URL "${psql_url}"
48 ''; 53 '';
49 }]; 54 }];
50 services.websites.env.production.vhostConfs.aten_prod = { 55 services.websites.env.production.vhostConfs.aten_prod = {
diff --git a/modules/private/websites/capitaines/production.nix b/modules/private/websites/capitaines/production.nix
index 995e2cc..044ff1d 100644
--- a/modules/private/websites/capitaines/production.nix
+++ b/modules/private/websites/capitaines/production.nix
@@ -1,7 +1,7 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 cfg = config.myServices.websites.capitaines.production; 3 cfg = config.myServices.websites.capitaines.production;
4 env = myconfig.env.websites.capitaines; 4 env = config.myEnv.websites.capitaines;
5 webappName = "capitaines_mastodon"; 5 webappName = "capitaines_mastodon";
6 root = "/run/current-system/webapps/${webappName}"; 6 root = "/run/current-system/webapps/${webappName}";
7 siteDir = ./mastodon_static; 7 siteDir = ./mastodon_static;
diff --git a/modules/private/websites/chloe/builder.nix b/modules/private/websites/chloe/builder.nix
index f65e9a9..f21caeb 100644
--- a/modules/private/websites/chloe/builder.nix
+++ b/modules/private/websites/chloe/builder.nix
@@ -39,10 +39,10 @@ rec {
39 SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu" 39 SetEnv SPIP_LDAP_HOST "ldaps://ldap.immae.eu"
40 SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}" 40 SetEnv SPIP_LDAP_SEARCH_DN "${config.ldap.dn}"
41 SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}" 41 SetEnv SPIP_LDAP_SEARCH_PW "${config.ldap.password}"
42 SetEnv SPIP_LDAP_SEARCH "${config.ldap.search}" 42 SetEnv SPIP_LDAP_SEARCH "${config.ldap.filter}"
43 SetEnv SPIP_MYSQL_HOST "${config.mysql.host}" 43 SetEnv SPIP_MYSQL_HOST "${config.mysql.host}"
44 SetEnv SPIP_MYSQL_PORT "${config.mysql.port}" 44 SetEnv SPIP_MYSQL_PORT "${config.mysql.port}"
45 SetEnv SPIP_MYSQL_DB "${config.mysql.name}" 45 SetEnv SPIP_MYSQL_DB "${config.mysql.database}"
46 SetEnv SPIP_MYSQL_USER "${config.mysql.user}" 46 SetEnv SPIP_MYSQL_USER "${config.mysql.user}"
47 SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}" 47 SetEnv SPIP_MYSQL_PASSWORD "${config.mysql.password}"
48 ''; 48 '';
diff --git a/modules/private/websites/chloe/integration.nix b/modules/private/websites/chloe/integration.nix
index 00c76a5..273d1fc 100644
--- a/modules/private/websites/chloe/integration.nix
+++ b/modules/private/websites/chloe/integration.nix
@@ -1,8 +1,8 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 chloe = pkgs.callPackage ./builder.nix { 3 chloe = pkgs.callPackage ./builder.nix {
4 inherit (pkgs.webapps) chloe; 4 inherit (pkgs.webapps) chloe;
5 config = myconfig.env.websites.chloe.integration; 5 config = config.myEnv.websites.chloe.integration;
6 apacheUser = config.services.httpd.Inte.user; 6 apacheUser = config.services.httpd.Inte.user;
7 apacheGroup = config.services.httpd.Inte.group; 7 apacheGroup = config.services.httpd.Inte.group;
8 }; 8 };
diff --git a/modules/private/websites/chloe/production.nix b/modules/private/websites/chloe/production.nix
index 0562de8..3d267f2 100644
--- a/modules/private/websites/chloe/production.nix
+++ b/modules/private/websites/chloe/production.nix
@@ -1,8 +1,8 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 chloe = pkgs.callPackage ./builder.nix { 3 chloe = pkgs.callPackage ./builder.nix {
4 inherit (pkgs.webapps) chloe; 4 inherit (pkgs.webapps) chloe;
5 config = myconfig.env.websites.chloe.production; 5 config = config.myEnv.websites.chloe.production;
6 apacheUser = config.services.httpd.Prod.user; 6 apacheUser = config.services.httpd.Prod.user;
7 apacheGroup = config.services.httpd.Prod.group; 7 apacheGroup = config.services.httpd.Prod.group;
8 }; 8 };
diff --git a/modules/private/websites/connexionswing/integration.nix b/modules/private/websites/connexionswing/integration.nix
index 54dbf54..c0f7445 100644
--- a/modules/private/websites/connexionswing/integration.nix
+++ b/modules/private/websites/connexionswing/integration.nix
@@ -1,6 +1,6 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 secrets = myconfig.env.websites.connexionswing.integration; 3 secrets = config.myEnv.websites.connexionswing.integration;
4 app = pkgs.webapps.connexionswing.override { environment = secrets.environment; }; 4 app = pkgs.webapps.connexionswing.override { environment = secrets.environment; };
5 cfg = config.myServices.websites.connexionswing.integration; 5 cfg = config.myServices.websites.connexionswing.integration;
6 pcfg = config.services.phpApplication; 6 pcfg = config.services.phpApplication;
@@ -50,7 +50,7 @@ in {
50 parameters: 50 parameters:
51 database_host: ${secrets.mysql.host} 51 database_host: ${secrets.mysql.host}
52 database_port: ${secrets.mysql.port} 52 database_port: ${secrets.mysql.port}
53 database_name: ${secrets.mysql.name} 53 database_name: ${secrets.mysql.database}
54 database_user: ${secrets.mysql.user} 54 database_user: ${secrets.mysql.user}
55 database_password: ${secrets.mysql.password} 55 database_password: ${secrets.mysql.password}
56 database_server_version: ${pkgs.mariadb.mysqlVersion} 56 database_server_version: ${pkgs.mariadb.mysqlVersion}
diff --git a/modules/private/websites/connexionswing/production.nix b/modules/private/websites/connexionswing/production.nix
index af37e29..fa31931 100644
--- a/modules/private/websites/connexionswing/production.nix
+++ b/modules/private/websites/connexionswing/production.nix
@@ -1,6 +1,6 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 secrets = myconfig.env.websites.connexionswing.production; 3 secrets = config.myEnv.websites.connexionswing.production;
4 app = pkgs.webapps.connexionswing.override { environment = secrets.environment; }; 4 app = pkgs.webapps.connexionswing.override { environment = secrets.environment; };
5 cfg = config.myServices.websites.connexionswing.production; 5 cfg = config.myServices.websites.connexionswing.production;
6 pcfg = config.services.phpApplication; 6 pcfg = config.services.phpApplication;
@@ -52,7 +52,7 @@ in {
52 parameters: 52 parameters:
53 database_host: ${secrets.mysql.host} 53 database_host: ${secrets.mysql.host}
54 database_port: ${secrets.mysql.port} 54 database_port: ${secrets.mysql.port}
55 database_name: ${secrets.mysql.name} 55 database_name: ${secrets.mysql.database}
56 database_user: ${secrets.mysql.user} 56 database_user: ${secrets.mysql.user}
57 database_password: ${secrets.mysql.password} 57 database_password: ${secrets.mysql.password}
58 database_server_version: ${pkgs.mariadb.mysqlVersion} 58 database_server_version: ${pkgs.mariadb.mysqlVersion}
diff --git a/modules/private/websites/default.nix b/modules/private/websites/default.nix
index 87fdd73..16f02a7 100644
--- a/modules/private/websites/default.nix
+++ b/modules/private/websites/default.nix
@@ -1,4 +1,4 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 www_root = "/run/current-system/webapps/_www"; 3 www_root = "/run/current-system/webapps/_www";
4 theme_root = "/run/current-system/webapps/_theme"; 4 theme_root = "/run/current-system/webapps/_theme";
@@ -114,7 +114,7 @@ in
114 <IfModule authnz_ldap_module> 114 <IfModule authnz_ldap_module>
115 AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS 115 AuthLDAPURL ldap://ldap.immae.eu:389/dc=immae,dc=eu STARTTLS
116 AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu 116 AuthLDAPBindDN cn=httpd,ou=services,dc=immae,dc=eu
117 AuthLDAPBindPassword "${myconfig.env.httpd.ldap.password}" 117 AuthLDAPBindPassword "${config.myEnv.httpd.ldap.password}"
118 AuthType Basic 118 AuthType Basic
119 AuthName "Authentification requise (Acces LDAP)" 119 AuthName "Authentification requise (Acces LDAP)"
120 AuthBasicProvider ldap 120 AuthBasicProvider ldap
@@ -154,7 +154,7 @@ in
154 adminAddr = "httpd@immae.eu"; 154 adminAddr = "httpd@immae.eu";
155 httpdName = "Prod"; 155 httpdName = "Prod";
156 ips = 156 ips =
157 let ips = myconfig.env.servers.eldiron.ips.production; 157 let ips = config.myEnv.servers.eldiron.ips.production;
158 in [ips.ip4] ++ (ips.ip6 or []); 158 in [ips.ip4] ++ (ips.ip6 or []);
159 modules = makeModules; 159 modules = makeModules;
160 extraConfig = makeExtraConfig; 160 extraConfig = makeExtraConfig;
@@ -171,7 +171,7 @@ in
171 adminAddr = "httpd@immae.eu"; 171 adminAddr = "httpd@immae.eu";
172 httpdName = "Inte"; 172 httpdName = "Inte";
173 ips = 173 ips =
174 let ips = myconfig.env.servers.eldiron.ips.integration; 174 let ips = config.myEnv.servers.eldiron.ips.integration;
175 in [ips.ip4] ++ (ips.ip6 or []); 175 in [ips.ip4] ++ (ips.ip6 or []);
176 modules = makeModules; 176 modules = makeModules;
177 extraConfig = makeExtraConfig; 177 extraConfig = makeExtraConfig;
@@ -188,7 +188,7 @@ in
188 adminAddr = "httpd@immae.eu"; 188 adminAddr = "httpd@immae.eu";
189 httpdName = "Tools"; 189 httpdName = "Tools";
190 ips = 190 ips =
191 let ips = myconfig.env.servers.eldiron.ips.main; 191 let ips = config.myEnv.servers.eldiron.ips.main;
192 in [ips.ip4] ++ (ips.ip6 or []); 192 in [ips.ip4] ++ (ips.ip6 or []);
193 modules = makeModules; 193 modules = makeModules;
194 extraConfig = makeExtraConfig ++ 194 extraConfig = makeExtraConfig ++
diff --git a/modules/private/websites/denisejerome/production.nix b/modules/private/websites/denisejerome/production.nix
index f93ad37..481df5b 100644
--- a/modules/private/websites/denisejerome/production.nix
+++ b/modules/private/websites/denisejerome/production.nix
@@ -1,8 +1,8 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 cfg = config.myServices.websites.denisejerome.production; 3 cfg = config.myServices.websites.denisejerome.production;
4 varDir = "/var/lib/ftp/denisejerome"; 4 varDir = "/var/lib/ftp/denisejerome";
5 env = myconfig.env.websites.denisejerome; 5 env = config.myEnv.websites.denisejerome;
6in { 6in {
7 options.myServices.websites.denisejerome.production.enable = lib.mkEnableOption "enable Denise Jerome's website"; 7 options.myServices.websites.denisejerome.production.enable = lib.mkEnableOption "enable Denise Jerome's website";
8 8
diff --git a/modules/private/websites/emilia/production.nix b/modules/private/websites/emilia/production.nix
index 5bf39c9..71b97dd 100644
--- a/modules/private/websites/emilia/production.nix
+++ b/modules/private/websites/emilia/production.nix
@@ -1,7 +1,7 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 cfg = config.myServices.websites.emilia.production; 3 cfg = config.myServices.websites.emilia.production;
4 env = myconfig.env.websites.emilia; 4 env = config.myEnv.websites.emilia;
5 varDir = "/var/lib/moodle"; 5 varDir = "/var/lib/moodle";
6 siteDir = ./moodle; 6 siteDir = ./moodle;
7 webappName = "emilia_moodle"; 7 webappName = "emilia_moodle";
diff --git a/modules/private/websites/florian/app.nix b/modules/private/websites/florian/app.nix
index e6e16fa..4e5f7d4 100644
--- a/modules/private/websites/florian/app.nix
+++ b/modules/private/websites/florian/app.nix
@@ -1,7 +1,7 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 adminer = pkgs.callPackage ../commons/adminer.nix {}; 3 adminer = pkgs.callPackage ../commons/adminer.nix {};
4 secrets = myconfig.env.websites.tellesflorian.integration; 4 secrets = config.myEnv.websites.tellesflorian.integration;
5 app = pkgs.webapps.tellesflorian.override { environment = secrets.environment; }; 5 app = pkgs.webapps.tellesflorian.override { environment = secrets.environment; };
6 cfg = config.myServices.websites.florian.app; 6 cfg = config.myServices.websites.florian.app;
7 pcfg = config.services.phpApplication; 7 pcfg = config.services.phpApplication;
@@ -58,7 +58,7 @@ in {
58 parameters: 58 parameters:
59 database_host: ${secrets.mysql.host} 59 database_host: ${secrets.mysql.host}
60 database_port: ${secrets.mysql.port} 60 database_port: ${secrets.mysql.port}
61 database_name: ${secrets.mysql.name} 61 database_name: ${secrets.mysql.database}
62 database_user: ${secrets.mysql.user} 62 database_user: ${secrets.mysql.user}
63 database_password: ${secrets.mysql.password} 63 database_password: ${secrets.mysql.password}
64 mailer_transport: smtp 64 mailer_transport: smtp
diff --git a/modules/private/websites/florian/integration.nix b/modules/private/websites/florian/integration.nix
index e444e69..00de761 100644
--- a/modules/private/websites/florian/integration.nix
+++ b/modules/private/websites/florian/integration.nix
@@ -1,9 +1,9 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 adminer = pkgs.callPackage ../commons/adminer.nix {}; 3 adminer = pkgs.callPackage ../commons/adminer.nix {};
4 cfg = config.myServices.websites.florian.integration; 4 cfg = config.myServices.websites.florian.integration;
5 varDir = "/var/lib/ftp/florian"; 5 varDir = "/var/lib/ftp/florian";
6 env = myconfig.env.websites.florian; 6 env = config.myEnv.websites.florian;
7in { 7in {
8 options.myServices.websites.florian.integration.enable = lib.mkEnableOption "enable Florian's website integration"; 8 options.myServices.websites.florian.integration.enable = lib.mkEnableOption "enable Florian's website integration";
9 9
diff --git a/modules/private/websites/florian/production.nix b/modules/private/websites/florian/production.nix
index 44a262e..8d3dfb0 100644
--- a/modules/private/websites/florian/production.nix
+++ b/modules/private/websites/florian/production.nix
@@ -1,9 +1,9 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 adminer = pkgs.callPackage ../commons/adminer.nix {}; 3 adminer = pkgs.callPackage ../commons/adminer.nix {};
4 cfg = config.myServices.websites.florian.production; 4 cfg = config.myServices.websites.florian.production;
5 varDir = "/var/lib/ftp/florian"; 5 varDir = "/var/lib/ftp/florian";
6 env = myconfig.env.websites.florian; 6 env = config.myEnv.websites.florian;
7in { 7in {
8 options.myServices.websites.florian.production.enable = lib.mkEnableOption "enable Florian's website production"; 8 options.myServices.websites.florian.production.enable = lib.mkEnableOption "enable Florian's website production";
9 9
diff --git a/modules/private/websites/immae/production.nix b/modules/private/websites/immae/production.nix
index 3b2301a..12d6ddb 100644
--- a/modules/private/websites/immae/production.nix
+++ b/modules/private/websites/immae/production.nix
@@ -1,10 +1,10 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 cfg = config.myServices.websites.immae.production; 3 cfg = config.myServices.websites.immae.production;
4 varDir = "/var/lib/buildbot/outputs/immaeEu"; 4 varDir = "/var/lib/buildbot/outputs/immaeEu";
5 coursDir = "/var/lib/buildbot/outputs/cours"; 5 coursDir = "/var/lib/buildbot/outputs/cours";
6 rechercheDir = "/var/lib/buildbot/outputs/recherche"; 6 rechercheDir = "/var/lib/buildbot/outputs/recherche";
7 env = myconfig.env.websites.immae; 7 env = config.myEnv.websites.immae;
8in { 8in {
9 options.myServices.websites.immae.production.enable = lib.mkEnableOption "enable Immae's website"; 9 options.myServices.websites.immae.production.enable = lib.mkEnableOption "enable Immae's website";
10 10
diff --git a/modules/private/websites/immae/release.nix b/modules/private/websites/immae/release.nix
index 5cc35ee..a503c90 100644
--- a/modules/private/websites/immae/release.nix
+++ b/modules/private/websites/immae/release.nix
@@ -1,8 +1,8 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 cfg = config.myServices.websites.immae.release; 3 cfg = config.myServices.websites.immae.release;
4 varDir = "/var/lib/ftp/release.immae.eu"; 4 varDir = "/var/lib/ftp/release.immae.eu";
5 env = myconfig.env.websites.release; 5 env = config.myEnv.websites.release;
6in { 6in {
7 options.myServices.websites.immae.release.enable = lib.mkEnableOption "enable Release' website"; 7 options.myServices.websites.immae.release.enable = lib.mkEnableOption "enable Release' website";
8 8
diff --git a/modules/private/websites/immae/temp.nix b/modules/private/websites/immae/temp.nix
index 288c8cc..b3b28cc 100644
--- a/modules/private/websites/immae/temp.nix
+++ b/modules/private/websites/immae/temp.nix
@@ -1,8 +1,8 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 cfg = config.myServices.websites.immae.temp; 3 cfg = config.myServices.websites.immae.temp;
4 varDir = "/var/lib/ftp/temp.immae.eu"; 4 varDir = "/var/lib/ftp/temp.immae.eu";
5 env = myconfig.env.websites.temp; 5 env = config.myEnv.websites.temp;
6in { 6in {
7 options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website"; 7 options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website";
8 8
diff --git a/modules/private/websites/ludivinecassal/integration.nix b/modules/private/websites/ludivinecassal/integration.nix
index 5d9afc1..d6459b0 100644
--- a/modules/private/websites/ludivinecassal/integration.nix
+++ b/modules/private/websites/ludivinecassal/integration.nix
@@ -1,6 +1,6 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 secrets = myconfig.env.websites.ludivinecassal.integration; 3 secrets = config.myEnv.websites.ludivinecassal.integration;
4 app = pkgs.webapps.ludivinecassal.override { environment = secrets.environment; }; 4 app = pkgs.webapps.ludivinecassal.override { environment = secrets.environment; };
5 cfg = config.myServices.websites.ludivinecassal.integration; 5 cfg = config.myServices.websites.ludivinecassal.integration;
6 pcfg = config.services.phpApplication; 6 pcfg = config.services.phpApplication;
@@ -48,7 +48,7 @@ in {
48 parameters: 48 parameters:
49 database_host: ${secrets.mysql.host} 49 database_host: ${secrets.mysql.host}
50 database_port: ${secrets.mysql.port} 50 database_port: ${secrets.mysql.port}
51 database_name: ${secrets.mysql.name} 51 database_name: ${secrets.mysql.database}
52 database_user: ${secrets.mysql.user} 52 database_user: ${secrets.mysql.user}
53 database_password: ${secrets.mysql.password} 53 database_password: ${secrets.mysql.password}
54 database_server_version: ${pkgs.mariadb.mysqlVersion} 54 database_server_version: ${pkgs.mariadb.mysqlVersion}
@@ -66,7 +66,7 @@ in {
66 ldap_base_dn: 'dc=immae,dc=eu' 66 ldap_base_dn: 'dc=immae,dc=eu'
67 ldap_search_dn: '${secrets.ldap.dn}' 67 ldap_search_dn: '${secrets.ldap.dn}'
68 ldap_search_password: '${secrets.ldap.password}' 68 ldap_search_password: '${secrets.ldap.password}'
69 ldap_search_filter: '${secrets.ldap.search}' 69 ldap_search_filter: '${secrets.ldap.filter}'
70 leapt_im: 70 leapt_im:
71 binary_path: ${pkgs.imagemagick}/bin 71 binary_path: ${pkgs.imagemagick}/bin
72 assetic: 72 assetic:
diff --git a/modules/private/websites/ludivinecassal/production.nix b/modules/private/websites/ludivinecassal/production.nix
index 1a8b958..c6f0cf3 100644
--- a/modules/private/websites/ludivinecassal/production.nix
+++ b/modules/private/websites/ludivinecassal/production.nix
@@ -1,6 +1,6 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 secrets = myconfig.env.websites.ludivinecassal.production; 3 secrets = config.myEnv.websites.ludivinecassal.production;
4 app = pkgs.webapps.ludivinecassal.override { environment = secrets.environment; }; 4 app = pkgs.webapps.ludivinecassal.override { environment = secrets.environment; };
5 pcfg = config.services.phpApplication; 5 pcfg = config.services.phpApplication;
6 cfg = config.myServices.websites.ludivinecassal.production; 6 cfg = config.myServices.websites.ludivinecassal.production;
@@ -50,7 +50,7 @@ in {
50 parameters: 50 parameters:
51 database_host: ${secrets.mysql.host} 51 database_host: ${secrets.mysql.host}
52 database_port: ${secrets.mysql.port} 52 database_port: ${secrets.mysql.port}
53 database_name: ${secrets.mysql.name} 53 database_name: ${secrets.mysql.database}
54 database_user: ${secrets.mysql.user} 54 database_user: ${secrets.mysql.user}
55 database_password: ${secrets.mysql.password} 55 database_password: ${secrets.mysql.password}
56 database_server_version: ${pkgs.mariadb.mysqlVersion} 56 database_server_version: ${pkgs.mariadb.mysqlVersion}
@@ -68,7 +68,7 @@ in {
68 ldap_base_dn: 'dc=immae,dc=eu' 68 ldap_base_dn: 'dc=immae,dc=eu'
69 ldap_search_dn: '${secrets.ldap.dn}' 69 ldap_search_dn: '${secrets.ldap.dn}'
70 ldap_search_password: '${secrets.ldap.password}' 70 ldap_search_password: '${secrets.ldap.password}'
71 ldap_search_filter: '${secrets.ldap.search}' 71 ldap_search_filter: '${secrets.ldap.filter}'
72 leapt_im: 72 leapt_im:
73 binary_path: ${pkgs.imagemagick}/bin 73 binary_path: ${pkgs.imagemagick}/bin
74 assetic: 74 assetic:
diff --git a/modules/private/websites/nassime/production.nix b/modules/private/websites/nassime/production.nix
index f2a4142..f9468f9 100644
--- a/modules/private/websites/nassime/production.nix
+++ b/modules/private/websites/nassime/production.nix
@@ -1,8 +1,8 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 cfg = config.myServices.websites.nassime.production; 3 cfg = config.myServices.websites.nassime.production;
4 varDir = "/var/lib/ftp/nassime"; 4 varDir = "/var/lib/ftp/nassime";
5 env = myconfig.env.websites.nassime; 5 env = config.myEnv.websites.nassime;
6in { 6in {
7 options.myServices.websites.nassime.production.enable = lib.mkEnableOption "enable Nassime's website"; 7 options.myServices.websites.nassime.production.enable = lib.mkEnableOption "enable Nassime's website";
8 8
diff --git a/modules/private/websites/naturaloutil/production.nix b/modules/private/websites/naturaloutil/production.nix
index 93940d5..628e129 100644
--- a/modules/private/websites/naturaloutil/production.nix
+++ b/modules/private/websites/naturaloutil/production.nix
@@ -1,9 +1,9 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 adminer = pkgs.callPackage ../commons/adminer.nix {}; 3 adminer = pkgs.callPackage ../commons/adminer.nix {};
4 cfg = config.myServices.websites.naturaloutil.production; 4 cfg = config.myServices.websites.naturaloutil.production;
5 varDir = "/var/lib/ftp/jerome"; 5 varDir = "/var/lib/ftp/jerome";
6 env = myconfig.env.websites.jerome; 6 env = config.myEnv.websites.jerome;
7in { 7in {
8 options.myServices.websites.naturaloutil.production.enable = lib.mkEnableOption "enable Naturaloutil's website"; 8 options.myServices.websites.naturaloutil.production.enable = lib.mkEnableOption "enable Naturaloutil's website";
9 9
@@ -21,7 +21,7 @@ in {
21 <?php 21 <?php
22 $mysql_user = '${env.mysql.user}' ; 22 $mysql_user = '${env.mysql.user}' ;
23 $mysql_server = '${env.mysql.host}' ; 23 $mysql_server = '${env.mysql.host}' ;
24 $mysql_base = '${env.mysql.name}' ; 24 $mysql_base = '${env.mysql.database}' ;
25 $mysql_password = '${env.mysql.password}' ; 25 $mysql_password = '${env.mysql.password}' ;
26 //connect to db 26 //connect to db
27 $db = mysqli_init(); 27 $db = mysqli_init();
diff --git a/modules/private/websites/papa/surveillance.nix b/modules/private/websites/papa/surveillance.nix
index ca6bf9e..1bb6ac8 100644
--- a/modules/private/websites/papa/surveillance.nix
+++ b/modules/private/websites/papa/surveillance.nix
@@ -1,4 +1,4 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 cfg = config.myServices.websites.papa.surveillance; 3 cfg = config.myServices.websites.papa.surveillance;
4 varDir = "/var/lib/ftp/papa"; 4 varDir = "/var/lib/ftp/papa";
diff --git a/modules/private/websites/piedsjaloux/integration.nix b/modules/private/websites/piedsjaloux/integration.nix
index 8d7cf3a..5568c60 100644
--- a/modules/private/websites/piedsjaloux/integration.nix
+++ b/modules/private/websites/piedsjaloux/integration.nix
@@ -1,6 +1,6 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 secrets = myconfig.env.websites.piedsjaloux.integration; 3 secrets = config.myEnv.websites.piedsjaloux.integration;
4 app = pkgs.webapps.piedsjaloux.override { environment = secrets.environment; }; 4 app = pkgs.webapps.piedsjaloux.override { environment = secrets.environment; };
5 cfg = config.myServices.websites.piedsjaloux.integration; 5 cfg = config.myServices.websites.piedsjaloux.integration;
6 pcfg = config.services.phpApplication; 6 pcfg = config.services.phpApplication;
@@ -49,7 +49,7 @@ in {
49 parameters: 49 parameters:
50 database_host: ${secrets.mysql.host} 50 database_host: ${secrets.mysql.host}
51 database_port: ${secrets.mysql.port} 51 database_port: ${secrets.mysql.port}
52 database_name: ${secrets.mysql.name} 52 database_name: ${secrets.mysql.database}
53 database_user: ${secrets.mysql.user} 53 database_user: ${secrets.mysql.user}
54 database_password: ${secrets.mysql.password} 54 database_password: ${secrets.mysql.password}
55 database_server_version: ${pkgs.mariadb.mysqlVersion} 55 database_server_version: ${pkgs.mariadb.mysqlVersion}
diff --git a/modules/private/websites/piedsjaloux/production.nix b/modules/private/websites/piedsjaloux/production.nix
index 2267e03..28f85eb 100644
--- a/modules/private/websites/piedsjaloux/production.nix
+++ b/modules/private/websites/piedsjaloux/production.nix
@@ -1,6 +1,6 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 secrets = myconfig.env.websites.piedsjaloux.production; 3 secrets = config.myEnv.websites.piedsjaloux.production;
4 app = pkgs.webapps.piedsjaloux.override { environment = secrets.environment; }; 4 app = pkgs.webapps.piedsjaloux.override { environment = secrets.environment; };
5 cfg = config.myServices.websites.piedsjaloux.production; 5 cfg = config.myServices.websites.piedsjaloux.production;
6 pcfg = config.services.phpApplication; 6 pcfg = config.services.phpApplication;
@@ -51,7 +51,7 @@ in {
51 parameters: 51 parameters:
52 database_host: ${secrets.mysql.host} 52 database_host: ${secrets.mysql.host}
53 database_port: ${secrets.mysql.port} 53 database_port: ${secrets.mysql.port}
54 database_name: ${secrets.mysql.name} 54 database_name: ${secrets.mysql.database}
55 database_user: ${secrets.mysql.user} 55 database_user: ${secrets.mysql.user}
56 database_password: ${secrets.mysql.password} 56 database_password: ${secrets.mysql.password}
57 database_server_version: ${pkgs.mariadb.mysqlVersion} 57 database_server_version: ${pkgs.mariadb.mysqlVersion}
diff --git a/modules/private/websites/teliotortay/production.nix b/modules/private/websites/teliotortay/production.nix
index 445117d..b0544ee 100644
--- a/modules/private/websites/teliotortay/production.nix
+++ b/modules/private/websites/teliotortay/production.nix
@@ -1,9 +1,9 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 adminer = pkgs.callPackage ../commons/adminer.nix {}; 3 adminer = pkgs.callPackage ../commons/adminer.nix {};
4 cfg = config.myServices.websites.telioTortay.production; 4 cfg = config.myServices.websites.telioTortay.production;
5 varDir = "/var/lib/ftp/telio_tortay"; 5 varDir = "/var/lib/ftp/telio_tortay";
6 env = myconfig.env.websites.telioTortay; 6 env = config.myEnv.websites.telioTortay;
7in { 7in {
8 options.myServices.websites.telioTortay.production.enable = lib.mkEnableOption "enable Telio Tortay's website"; 8 options.myServices.websites.telioTortay.production.enable = lib.mkEnableOption "enable Telio Tortay's website";
9 9
diff --git a/modules/private/websites/tools/cloud/default.nix b/modules/private/websites/tools/cloud/default.nix
index 3aabde8..4785074 100644
--- a/modules/private/websites/tools/cloud/default.nix
+++ b/modules/private/websites/tools/cloud/default.nix
@@ -1,7 +1,7 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 nextcloud = pkgs.webapps.nextcloud.withApps (builtins.attrValues pkgs.webapps.nextcloud-apps); 3 nextcloud = pkgs.webapps.nextcloud.withApps (builtins.attrValues pkgs.webapps.nextcloud-apps);
4 env = myconfig.env.tools.nextcloud; 4 env = config.myEnv.tools.nextcloud;
5 varDir = "/var/lib/nextcloud"; 5 varDir = "/var/lib/nextcloud";
6 webappName = "tools_nextcloud"; 6 webappName = "tools_nextcloud";
7 apacheRoot = "/run/current-system/webapps/${webappName}"; 7 apacheRoot = "/run/current-system/webapps/${webappName}";
@@ -129,7 +129,7 @@ in {
129 array ( 129 array (
130 'host' => '${env.redis.socket}', 130 'host' => '${env.redis.socket}',
131 'port' => 0, 131 'port' => 0,
132 'dbindex' => ${env.redis.db_index}, 132 'dbindex' => ${env.redis.db},
133 ), 133 ),
134 'overwrite.cli.url' => 'https://cloud.immae.eu', 134 'overwrite.cli.url' => 'https://cloud.immae.eu',
135 'ldapIgnoreNamingRules' => false, 135 'ldapIgnoreNamingRules' => false,
diff --git a/modules/private/websites/tools/dav/davical.nix b/modules/private/websites/tools/dav/davical.nix
index 98cebee..2a02f5e 100644
--- a/modules/private/websites/tools/dav/davical.nix
+++ b/modules/private/websites/tools/dav/davical.nix
@@ -32,16 +32,16 @@ rec {
32 $c->authenticate_hook['optional'] = false; 32 $c->authenticate_hook['optional'] = false;
33 $c->authenticate_hook['call'] = 'LDAP_check'; 33 $c->authenticate_hook['call'] = 'LDAP_check';
34 $c->authenticate_hook['config'] = array( 34 $c->authenticate_hook['config'] = array(
35 'host' => 'ldap.immae.eu', 35 'host' => '${env.ldap.host}',
36 'port' => '389', 36 'port' => '389',
37 'startTLS' => 'yes', 37 'startTLS' => 'yes',
38 'bindDN'=> 'cn=davical,ou=services,dc=immae,dc=eu', 38 'bindDN'=> '${env.ldap.dn}',
39 'passDN'=> '${env.ldap.password}', 39 'passDN'=> '${env.ldap.password}',
40 'protocolVersion' => '3', 40 'protocolVersion' => '3',
41 'baseDNUsers'=> array('ou=users,dc=immae,dc=eu', 'ou=group_users,dc=immae,dc=eu'), 41 'baseDNUsers'=> array('ou=users,${env.ldap.base}', 'ou=group_users,${env.ldap.base}'),
42 'filterUsers' => 'memberOf=cn=users,cn=davical,ou=services,dc=immae,dc=eu', 42 'filterUsers' => '${env.ldap.filter}',
43 'baseDNGroups' => 'ou=groups,dc=immae,dc=eu', 43 'baseDNGroups' => 'ou=groups,${env.ldap.base}',
44 'filterGroups' => 'memberOf=cn=groups,cn=davical,ou=services,dc=immae,dc=eu', 44 'filterGroups' => 'memberOf=cn=groups,${env.ldap.dn}',
45 'mapping_field' => array( 45 'mapping_field' => array(
46 "username" => "uid", 46 "username" => "uid",
47 "fullname" => "cn", 47 "fullname" => "cn",
diff --git a/modules/private/websites/tools/dav/default.nix b/modules/private/websites/tools/dav/default.nix
index 5a0f470..d30c04a 100644
--- a/modules/private/websites/tools/dav/default.nix
+++ b/modules/private/websites/tools/dav/default.nix
@@ -1,4 +1,4 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 infcloud = rec { 3 infcloud = rec {
4 webappName = "tools_infcloud"; 4 webappName = "tools_infcloud";
@@ -16,7 +16,7 @@ let
16 ''; 16 '';
17 }; 17 };
18 davical = pkgs.callPackage ./davical.nix { 18 davical = pkgs.callPackage ./davical.nix {
19 env = myconfig.env.tools.davical; 19 env = config.myEnv.tools.davical;
20 inherit (pkgs.webapps) davical awl; 20 inherit (pkgs.webapps) davical awl;
21 }; 21 };
22 22
diff --git a/modules/private/websites/tools/diaspora/default.nix b/modules/private/websites/tools/diaspora/default.nix
index 20ae055..4fe4115 100644
--- a/modules/private/websites/tools/diaspora/default.nix
+++ b/modules/private/websites/tools/diaspora/default.nix
@@ -1,6 +1,6 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 env = myconfig.env.tools.diaspora; 3 env = config.myEnv.tools.diaspora;
4 root = "/run/current-system/webapps/tools_diaspora"; 4 root = "/run/current-system/webapps/tools_diaspora";
5 cfg = config.myServices.websites.tools.diaspora; 5 cfg = config.myServices.websites.tools.diaspora;
6 dcfg = config.services.diaspora; 6 dcfg = config.services.diaspora;
@@ -26,7 +26,7 @@ in {
26 environment: 26 environment:
27 url: "https://diaspora.immae.eu/" 27 url: "https://diaspora.immae.eu/"
28 certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt' 28 certificate_authorities: '${pkgs.cacert}/etc/ssl/certs/ca-bundle.crt'
29 redis: '${env.redis_url}' 29 redis: 'redis://${env.redis.host}:${env.redis.port}/${env.redis.db}'
30 sidekiq: 30 sidekiq:
31 s3: 31 s3:
32 assets: 32 assets:
@@ -79,16 +79,16 @@ in {
79 inbound: 79 inbound:
80 ldap: 80 ldap:
81 enable: true 81 enable: true
82 host: ldap.immae.eu 82 host: ${env.ldap.host}
83 port: 636 83 port: 636
84 only_ldap: true 84 only_ldap: true
85 mail_attribute: mail 85 mail_attribute: mail
86 skip_email_confirmation: true 86 skip_email_confirmation: true
87 use_bind_dn: true 87 use_bind_dn: true
88 bind_dn: "cn=diaspora,ou=services,dc=immae,dc=eu" 88 bind_dn: "${env.ldap.dn}"
89 bind_pw: "${env.ldap.password}" 89 bind_pw: "${env.ldap.password}"
90 search_base: "dc=immae,dc=eu" 90 search_base: "${env.ldap.base}"
91 search_filter: "(&(memberOf=cn=users,cn=diaspora,ou=services,dc=immae,dc=eu)(uid=%{username}))" 91 search_filter: "${env.ldap.filter}"
92 production: 92 production:
93 environment: 93 environment:
94 development: 94 development:
diff --git a/modules/private/websites/tools/ether/default.nix b/modules/private/websites/tools/ether/default.nix
index 62a1691..1c56ed7 100644
--- a/modules/private/websites/tools/ether/default.nix
+++ b/modules/private/websites/tools/ether/default.nix
@@ -1,6 +1,6 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 env = myconfig.env.tools.etherpad-lite; 3 env = config.myEnv.tools.etherpad-lite;
4 cfg = config.myServices.websites.tools.etherpad-lite; 4 cfg = config.myServices.websites.tools.etherpad-lite;
5 # Make sure we’re not rebuilding whole libreoffice just because of a 5 # Make sure we’re not rebuilding whole libreoffice just because of a
6 # dependency 6 # dependency
@@ -89,15 +89,15 @@ in {
89 "ldapauth": { 89 "ldapauth": {
90 "url": "ldaps://${env.ldap.host}", 90 "url": "ldaps://${env.ldap.host}",
91 "accountBase": "${env.ldap.base}", 91 "accountBase": "${env.ldap.base}",
92 "accountPattern": "(&(memberOf=cn=users,cn=etherpad,ou=services,dc=immae,dc=eu)(uid={{username}}))", 92 "accountPattern": "${env.ldap.filter}",
93 "displayNameAttribute": "cn", 93 "displayNameAttribute": "cn",
94 "searchDN": "cn=etherpad,ou=services,dc=immae,dc=eu", 94 "searchDN": "${env.ldap.dn}",
95 "searchPWD": "${env.ldap.password}", 95 "searchPWD": "${env.ldap.password}",
96 "groupSearchBase": "${env.ldap.base}", 96 "groupSearchBase": "${env.ldap.base}",
97 "groupAttribute": "member", 97 "groupAttribute": "member",
98 "groupAttributeIsDN": true, 98 "groupAttributeIsDN": true,
99 "searchScope": "sub", 99 "searchScope": "sub",
100 "groupSearch": "(memberOf=cn=groups,cn=etherpad,ou=services,dc=immae,dc=eu)", 100 "groupSearch": "${env.ldap.group_filter}",
101 "anonymousReadonly": false 101 "anonymousReadonly": false
102 } 102 }
103 }, 103 },
@@ -155,7 +155,7 @@ in {
155 155
156 RewriteEngine On 156 RewriteEngine On
157 157
158 RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" myconfig.env.tools.etherpad-lite.redirects}" 158 RewriteMap redirects "txt:${pkgs.writeText "redirects.txt" config.myEnv.tools.etherpad-lite.redirects}"
159 RewriteCond %{QUERY_STRING} "!noredirect" 159 RewriteCond %{QUERY_STRING} "!noredirect"
160 RewriteCond %{REQUEST_URI} "^(.*)$" 160 RewriteCond %{REQUEST_URI} "^(.*)$"
161 RewriteCond ''${redirects:$1|Unknown} "!Unknown" 161 RewriteCond ''${redirects:$1|Unknown} "!Unknown"
diff --git a/modules/private/websites/tools/git/default.nix b/modules/private/websites/tools/git/default.nix
index d66d151..a5f525b 100644
--- a/modules/private/websites/tools/git/default.nix
+++ b/modules/private/websites/tools/git/default.nix
@@ -1,8 +1,8 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 mantisbt = pkgs.callPackage ./mantisbt.nix { 3 mantisbt = pkgs.callPackage ./mantisbt.nix {
4 inherit (pkgs.webapps) mantisbt_2 mantisbt_2-plugins; 4 inherit (pkgs.webapps) mantisbt_2 mantisbt_2-plugins;
5 env = myconfig.env.tools.mantisbt; 5 env = config.myEnv.tools.mantisbt;
6 }; 6 };
7 gitweb = pkgs.callPackage ./gitweb.nix { 7 gitweb = pkgs.callPackage ./gitweb.nix {
8 gitoliteDir = config.myServices.gitolite.gitoliteDir; 8 gitoliteDir = config.myServices.gitolite.gitoliteDir;
diff --git a/modules/private/websites/tools/git/mantisbt.nix b/modules/private/websites/tools/git/mantisbt.nix
index a1b830e..d0d7a98 100644
--- a/modules/private/websites/tools/git/mantisbt.nix
+++ b/modules/private/websites/tools/git/mantisbt.nix
@@ -35,15 +35,15 @@ rec {
35 # --- LDAP --- 35 # --- LDAP ---
36 $g_login_method = LDAP; 36 $g_login_method = LDAP;
37 $g_ldap_protocol_version = 3; 37 $g_ldap_protocol_version = 3;
38 $g_ldap_server = 'ldaps://ldap.immae.eu:636'; 38 $g_ldap_server = 'ldaps://${env.ldap.host}:636';
39 $g_ldap_root_dn = 'ou=users,dc=immae,dc=eu'; 39 $g_ldap_root_dn = 'ou=users,${env.ldap.base}';
40 $g_ldap_bind_dn = 'cn=mantisbt,ou=services,dc=immae,dc=eu'; 40 $g_ldap_bind_dn = '${env.ldap.dn}';
41 $g_ldap_bind_passwd = '${env.ldap.password}'; 41 $g_ldap_bind_passwd = '${env.ldap.password}';
42 $g_use_ldap_email = ON; 42 $g_use_ldap_email = ON;
43 $g_use_ldap_realname = ON; 43 $g_use_ldap_realname = ON;
44 $g_ldap_uid_field = 'uid'; 44 $g_ldap_uid_field = 'uid';
45 $g_ldap_realname_field = 'cn'; 45 $g_ldap_realname_field = 'cn';
46 $g_ldap_organization = '(memberOf=cn=users,cn=mantisbt,ou=services,dc=immae,dc=eu)'; 46 $g_ldap_organization = '${env.ldap.filter}';
47 ''; 47 '';
48 }]; 48 }];
49 webRoot = (mantisbt_2.override { mantis_config = "/var/secrets/webapps/tools-mantisbt"; }).withPlugins (builtins.attrValues mantisbt_2-plugins); 49 webRoot = (mantisbt_2.override { mantis_config = "/var/secrets/webapps/tools-mantisbt"; }).withPlugins (builtins.attrValues mantisbt_2-plugins);
diff --git a/modules/private/websites/tools/mail/default.nix b/modules/private/websites/tools/mail/default.nix
index 218c3a5..6342694 100644
--- a/modules/private/websites/tools/mail/default.nix
+++ b/modules/private/websites/tools/mail/default.nix
@@ -1,8 +1,8 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 roundcubemail = pkgs.callPackage ./roundcubemail.nix { 3 roundcubemail = pkgs.callPackage ./roundcubemail.nix {
4 inherit (pkgs.webapps) roundcubemail roundcubemail-plugins roundcubemail-skins; 4 inherit (pkgs.webapps) roundcubemail roundcubemail-plugins roundcubemail-skins;
5 env = myconfig.env.tools.roundcubemail; 5 env = config.myEnv.tools.roundcubemail;
6 }; 6 };
7 rainloop = pkgs.callPackage ./rainloop.nix {}; 7 rainloop = pkgs.callPackage ./rainloop.nix {};
8 cfg = config.myServices.websites.tools.email; 8 cfg = config.myServices.websites.tools.email;
diff --git a/modules/private/websites/tools/mail/mta-sts.nix b/modules/private/websites/tools/mail/mta-sts.nix
index d443f55..a401b41 100644
--- a/modules/private/websites/tools/mail/mta-sts.nix
+++ b/modules/private/websites/tools/mail/mta-sts.nix
@@ -1,4 +1,4 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 domains = (lib.remove null (lib.flatten (map 3 domains = (lib.remove null (lib.flatten (map
4 (zone: map 4 (zone: map
@@ -11,7 +11,7 @@ let
11 ) 11 )
12 (zone.withEmail or []) 12 (zone.withEmail or [])
13 ) 13 )
14 myconfig.env.dns.masterZones 14 config.myEnv.dns.masterZones
15 ))); 15 )));
16 # FIXME: increase the id number in modules/private/dns.nix when this 16 # FIXME: increase the id number in modules/private/dns.nix when this
17 # file change (date -u +'%Y%m%d%H%M%S'Z) 17 # file change (date -u +'%Y%m%d%H%M%S'Z)
diff --git a/modules/private/websites/tools/mail/roundcubemail.nix b/modules/private/websites/tools/mail/roundcubemail.nix
index 8bb60d6..35de312 100644
--- a/modules/private/websites/tools/mail/roundcubemail.nix
+++ b/modules/private/websites/tools/mail/roundcubemail.nix
@@ -14,9 +14,12 @@ rec {
14 user = apache.user; 14 user = apache.user;
15 group = apache.group; 15 group = apache.group;
16 permissions = "0400"; 16 permissions = "0400";
17 text = '' 17 text =
18 let
19 psql_url = with env.postgresql; "pgsql://${user}:${password}@unix(${socket}:${port})/${database}";
20 in ''
18 <?php 21 <?php
19 $config['db_dsnw'] = '${env.psql_url}'; 22 $config['db_dsnw'] = '${psql_url}';
20 $config['default_host'] = 'ssl://imap.immae.eu'; 23 $config['default_host'] = 'ssl://imap.immae.eu';
21 $config['username_domain'] = array( 24 $config['username_domain'] = array(
22 "imap.immae.eu" => "mail.immae.eu" 25 "imap.immae.eu" => "mail.immae.eu"
diff --git a/modules/private/websites/tools/mastodon/default.nix b/modules/private/websites/tools/mastodon/default.nix
index 97f2452..80d7431 100644
--- a/modules/private/websites/tools/mastodon/default.nix
+++ b/modules/private/websites/tools/mastodon/default.nix
@@ -1,6 +1,6 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 env = myconfig.env.tools.mastodon; 3 env = config.myEnv.tools.mastodon;
4 root = "/run/current-system/webapps/tools_mastodon"; 4 root = "/run/current-system/webapps/tools_mastodon";
5 cfg = config.myServices.websites.tools.mastodon; 5 cfg = config.myServices.websites.tools.mastodon;
6 mcfg = config.services.mastodon; 6 mcfg = config.services.mastodon;
@@ -50,14 +50,14 @@ in {
50 50
51 # LDAP authentication (optional) 51 # LDAP authentication (optional)
52 LDAP_ENABLED=true 52 LDAP_ENABLED=true
53 LDAP_HOST=ldap.immae.eu 53 LDAP_HOST=${env.ldap.host}
54 LDAP_PORT=636 54 LDAP_PORT=636
55 LDAP_METHOD=simple_tls 55 LDAP_METHOD=simple_tls
56 LDAP_BASE="dc=immae,dc=eu" 56 LDAP_BASE="${env.ldap.base}"
57 LDAP_BIND_DN="cn=mastodon,ou=services,dc=immae,dc=eu" 57 LDAP_BIND_DN="${env.ldap.dn}"
58 LDAP_PASSWORD="${env.ldap.password}" 58 LDAP_PASSWORD="${env.ldap.password}"
59 LDAP_UID="uid" 59 LDAP_UID="uid"
60 LDAP_SEARCH_FILTER="(&(%{uid}=%{email})(memberOf=cn=users,cn=mastodon,ou=services,dc=immae,dc=eu))" 60 LDAP_SEARCH_FILTER="${env.ldap.filter}"
61 ''; 61 '';
62 }]; 62 }];
63 services.mastodon = { 63 services.mastodon = {
diff --git a/modules/private/websites/tools/mgoblin/default.nix b/modules/private/websites/tools/mgoblin/default.nix
index aeae893..5224a0d 100644
--- a/modules/private/websites/tools/mgoblin/default.nix
+++ b/modules/private/websites/tools/mgoblin/default.nix
@@ -1,6 +1,6 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 env = myconfig.env.tools.mediagoblin; 3 env = config.myEnv.tools.mediagoblin;
4 cfg = config.myServices.websites.tools.mediagoblin; 4 cfg = config.myServices.websites.tools.mediagoblin;
5 mcfg = config.services.mediagoblin; 5 mcfg = config.services.mediagoblin;
6in { 6in {
@@ -17,7 +17,12 @@ in {
17 user = "mediagoblin"; 17 user = "mediagoblin";
18 group = "mediagoblin"; 18 group = "mediagoblin";
19 permissions = "0400"; 19 permissions = "0400";
20 text = '' 20 text =
21 let
22 psql_url = with env.postgresql; "postgresql://${user}:${password}@:${port}/${database}?host=${socket}";
23 redis_url = with env.redis; "redis+socket://${socket}?virtual_host=${db}";
24 in
25 ''
21 [DEFAULT] 26 [DEFAULT]
22 data_basedir = "${mcfg.dataDir}" 27 data_basedir = "${mcfg.dataDir}"
23 28
@@ -26,7 +31,7 @@ in {
26 email_sender_address = "mediagoblin@tools.immae.eu" 31 email_sender_address = "mediagoblin@tools.immae.eu"
27 32
28 #sql_engine = sqlite:///%(data_basedir)s/mediagoblin.db 33 #sql_engine = sqlite:///%(data_basedir)s/mediagoblin.db
29 sql_engine = ${env.psql_url} 34 sql_engine = ${psql_url}
30 35
31 email_debug_mode = false 36 email_debug_mode = false
32 allow_registration = false 37 allow_registration = false
@@ -52,19 +57,19 @@ in {
52 base_url = /mgoblin_media/ 57 base_url = /mgoblin_media/
53 58
54 [celery] 59 [celery]
55 CELERY_RESULT_DBURI = ${env.redis_url} 60 CELERY_RESULT_DBURI = ${redis_url}
56 BROKER_URL = ${env.redis_url} 61 BROKER_URL = ${redis_url}
57 CELERYD_CONCURRENCY = 1 62 CELERYD_CONCURRENCY = 1
58 63
59 [plugins] 64 [plugins]
60 [[mediagoblin.plugins.geolocation]] 65 [[mediagoblin.plugins.geolocation]]
61 [[mediagoblin.plugins.ldap]] 66 [[mediagoblin.plugins.ldap]]
62 [[[immae.eu]]] 67 [[[immae.eu]]]
63 LDAP_SERVER_URI = 'ldaps://ldap.immae.eu:636' 68 LDAP_SERVER_URI = 'ldaps://${env.ldap.host}:636'
64 LDAP_SEARCH_BASE = 'dc=immae,dc=eu' 69 LDAP_SEARCH_BASE = '${env.ldap.base}'
65 LDAP_BIND_DN = 'cn=mediagoblin,ou=services,dc=immae,dc=eu' 70 LDAP_BIND_DN = '${env.ldap.dn}'
66 LDAP_BIND_PW = '${env.ldap.password}' 71 LDAP_BIND_PW = '${env.ldap.password}'
67 LDAP_SEARCH_FILTER = '(&(memberOf=cn=users,cn=mediagoblin,ou=services,dc=immae,dc=eu)(uid={username}))' 72 LDAP_SEARCH_FILTER = '${env.ldap.filter}'
68 EMAIL_SEARCH_FIELD = 'mail' 73 EMAIL_SEARCH_FIELD = 'mail'
69 [[mediagoblin.plugins.basicsearch]] 74 [[mediagoblin.plugins.basicsearch]]
70 [[mediagoblin.plugins.piwigo]] 75 [[mediagoblin.plugins.piwigo]]
diff --git a/modules/private/websites/tools/peertube/default.nix b/modules/private/websites/tools/peertube/default.nix
index 6739641..0bacfd1 100644
--- a/modules/private/websites/tools/peertube/default.nix
+++ b/modules/private/websites/tools/peertube/default.nix
@@ -1,6 +1,6 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 env = myconfig.env.tools.peertube; 3 env = config.myEnv.tools.peertube;
4 cfg = config.myServices.websites.tools.peertube; 4 cfg = config.myServices.websites.tools.peertube;
5 pcfg = config.services.peertube; 5 pcfg = config.services.peertube;
6in { 6in {
@@ -27,7 +27,7 @@ in {
27 text = '' 27 text = ''
28 listen: 28 listen:
29 hostname: 'localhost' 29 hostname: 'localhost'
30 port: ${env.listenPort} 30 port: ${toString config.myEnv.ports.peertube}
31 webserver: 31 webserver:
32 https: true 32 https: true
33 hostname: 'peertube.immae.eu' 33 hostname: 'peertube.immae.eu'
@@ -45,7 +45,7 @@ in {
45 redis: 45 redis:
46 socket: '${env.redis.socket}' 46 socket: '${env.redis.socket}'
47 auth: null 47 auth: null
48 db: ${env.redis.db_index} 48 db: ${env.redis.db}
49 ldap: 49 ldap:
50 enable: true 50 enable: true
51 ldap_only: false 51 ldap_only: false
@@ -171,13 +171,13 @@ in {
171 171
172 RewriteCond %{REQUEST_URI} ^/socket.io [NC] 172 RewriteCond %{REQUEST_URI} ^/socket.io [NC]
173 RewriteCond %{QUERY_STRING} transport=websocket [NC] 173 RewriteCond %{QUERY_STRING} transport=websocket [NC]
174 RewriteRule /(.*) ws://localhost:${env.listenPort}/$1 [P,NE,QSA,L] 174 RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
175 175
176 RewriteCond %{REQUEST_URI} ^/tracker/socket [NC] 176 RewriteCond %{REQUEST_URI} ^/tracker/socket [NC]
177 RewriteRule /(.*) ws://localhost:${env.listenPort}/$1 [P,NE,QSA,L] 177 RewriteRule /(.*) ws://localhost:${toString env.listenPort}/$1 [P,NE,QSA,L]
178 178
179 ProxyPass / http://localhost:${env.listenPort}/ 179 ProxyPass / http://localhost:${toString env.listenPort}/
180 ProxyPassReverse / http://localhost:${env.listenPort}/ 180 ProxyPassReverse / http://localhost:${toString env.listenPort}/
181 181
182 ProxyPreserveHost On 182 ProxyPreserveHost On
183 RequestHeader set X-Real-IP %{REMOTE_ADDR}s 183 RequestHeader set X-Real-IP %{REMOTE_ADDR}s
diff --git a/modules/private/websites/tools/tools/default.nix b/modules/private/websites/tools/tools/default.nix
index 3cf3e8e..5a0c196 100644
--- a/modules/private/websites/tools/tools/default.nix
+++ b/modules/private/websites/tools/tools/default.nix
@@ -1,39 +1,39 @@
1{ lib, pkgs, config, myconfig, ... }: 1{ lib, pkgs, config, ... }:
2let 2let
3 adminer = pkgs.callPackage ./adminer.nix { 3 adminer = pkgs.callPackage ./adminer.nix {
4 inherit (pkgs.webapps) adminer; 4 inherit (pkgs.webapps) adminer;
5 }; 5 };
6 ympd = pkgs.callPackage ./ympd.nix { 6 ympd = pkgs.callPackage ./ympd.nix {
7 env = myconfig.env.tools.ympd; 7 env = config.myEnv.tools.ympd;
8 }; 8 };
9 ttrss = pkgs.callPackage ./ttrss.nix { 9 ttrss = pkgs.callPackage ./ttrss.nix {
10 inherit (pkgs.webapps) ttrss ttrss-plugins; 10 inherit (pkgs.webapps) ttrss ttrss-plugins;
11 env = myconfig.env.tools.ttrss; 11 env = config.myEnv.tools.ttrss;
12 }; 12 };
13 kanboard = pkgs.callPackage ./kanboard.nix { 13 kanboard = pkgs.callPackage ./kanboard.nix {
14 env = myconfig.env.tools.kanboard; 14 env = config.myEnv.tools.kanboard;
15 }; 15 };
16 wallabag = pkgs.callPackage ./wallabag.nix { 16 wallabag = pkgs.callPackage ./wallabag.nix {
17 inherit (pkgs.webapps) wallabag; 17 inherit (pkgs.webapps) wallabag;
18 env = myconfig.env.tools.wallabag; 18 env = config.myEnv.tools.wallabag;
19 }; 19 };
20 yourls = pkgs.callPackage ./yourls.nix { 20 yourls = pkgs.callPackage ./yourls.nix {
21 inherit (pkgs.webapps) yourls yourls-plugins; 21 inherit (pkgs.webapps) yourls yourls-plugins;
22 env = myconfig.env.tools.yourls; 22 env = config.myEnv.tools.yourls;
23 }; 23 };
24 rompr = pkgs.callPackage ./rompr.nix { 24 rompr = pkgs.callPackage ./rompr.nix {
25 inherit (pkgs.webapps) rompr; 25 inherit (pkgs.webapps) rompr;
26 env = myconfig.env.tools.rompr; 26 env = config.myEnv.tools.rompr;
27 }; 27 };
28 shaarli = pkgs.callPackage ./shaarli.nix { 28 shaarli = pkgs.callPackage ./shaarli.nix {
29 env = myconfig.env.tools.shaarli; 29 env = config.myEnv.tools.shaarli;
30 }; 30 };
31 dokuwiki = pkgs.callPackage ./dokuwiki.nix { 31 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
32 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins; 32 inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
33 }; 33 };
34 ldap = pkgs.callPackage ./ldap.nix { 34 ldap = pkgs.callPackage ./ldap.nix {
35 inherit (pkgs.webapps) phpldapadmin; 35 inherit (pkgs.webapps) phpldapadmin;
36 env = myconfig.env.tools.phpldapadmin; 36 env = config.myEnv.tools.phpldapadmin;
37 }; 37 };
38 38
39 cfg = config.myServices.websites.tools.tools; 39 cfg = config.myServices.websites.tools.tools;
diff --git a/modules/private/websites/tools/tools/kanboard.nix b/modules/private/websites/tools/tools/kanboard.nix
index 68c3a10..36a949c 100644
--- a/modules/private/websites/tools/tools/kanboard.nix
+++ b/modules/private/websites/tools/tools/kanboard.nix
@@ -37,8 +37,8 @@ rec {
37 define('LDAP_USERNAME', '${env.ldap.dn}'); 37 define('LDAP_USERNAME', '${env.ldap.dn}');
38 define('LDAP_PASSWORD', '${env.ldap.password}'); 38 define('LDAP_PASSWORD', '${env.ldap.password}');
39 define('LDAP_USER_BASE_DN', '${env.ldap.base}'); 39 define('LDAP_USER_BASE_DN', '${env.ldap.base}');
40 define('LDAP_USER_FILTER', '(&(memberOf=cn=users,cn=kanboard,ou=services,dc=immae,dc=eu)(uid=%s))'); 40 define('LDAP_USER_FILTER', '${env.ldap.filter}');
41 define('LDAP_GROUP_ADMIN_DN', 'cn=admins,cn=kanboard,ou=services,dc=immae,dc=eu'); 41 define('LDAP_GROUP_ADMIN_DN', '${env.ldap.admin_dn}');
42 ?> 42 ?>
43 ''; 43 '';
44 }]; 44 }];
diff --git a/modules/private/websites/tools/tools/shaarli.nix b/modules/private/websites/tools/tools/shaarli.nix
index 28041ba..0f1ae7b 100644
--- a/modules/private/websites/tools/tools/shaarli.nix
+++ b/modules/private/websites/tools/tools/shaarli.nix
@@ -42,7 +42,7 @@ in rec {
42 SetEnv SHAARLI_LDAP_DN "${env.ldap.dn}" 42 SetEnv SHAARLI_LDAP_DN "${env.ldap.dn}"
43 SetEnv SHAARLI_LDAP_HOST "ldaps://${env.ldap.host}" 43 SetEnv SHAARLI_LDAP_HOST "ldaps://${env.ldap.host}"
44 SetEnv SHAARLI_LDAP_BASE "${env.ldap.base}" 44 SetEnv SHAARLI_LDAP_BASE "${env.ldap.base}"
45 SetEnv SHAARLI_LDAP_FILTER "${env.ldap.search}" 45 SetEnv SHAARLI_LDAP_FILTER "${env.ldap.filter}"
46 ''; 46 '';
47 }]; 47 }];
48 phpFpm = rec { 48 phpFpm = rec {
diff --git a/modules/private/websites/tools/tools/ttrss.nix b/modules/private/websites/tools/tools/ttrss.nix
index 598cc3a..4a9b8ca 100644
--- a/modules/private/websites/tools/tools/ttrss.nix
+++ b/modules/private/websites/tools/tools/ttrss.nix
@@ -73,14 +73,14 @@ rec {
73 define('SMTP_FROM_ADDRESS', 'ttrss@tools.immae.eu'); 73 define('SMTP_FROM_ADDRESS', 'ttrss@tools.immae.eu');
74 define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours'); 74 define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');
75 75
76 define('LDAP_AUTH_SERVER_URI', 'ldap://ldap.immae.eu:389/'); 76 define('LDAP_AUTH_SERVER_URI', 'ldap://${env.ldap.host}:389/');
77 define('LDAP_AUTH_USETLS', TRUE); 77 define('LDAP_AUTH_USETLS', TRUE);
78 define('LDAP_AUTH_ALLOW_UNTRUSTED_CERT', TRUE); 78 define('LDAP_AUTH_ALLOW_UNTRUSTED_CERT', TRUE);
79 define('LDAP_AUTH_BASEDN', 'dc=immae,dc=eu'); 79 define('LDAP_AUTH_BASEDN', '${env.ldap.base}');
80 define('LDAP_AUTH_ANONYMOUSBEFOREBIND', FALSE); 80 define('LDAP_AUTH_ANONYMOUSBEFOREBIND', FALSE);
81 define('LDAP_AUTH_SEARCHFILTER', '(&(memberOf=cn=users,cn=ttrss,ou=services,dc=immae,dc=eu)(|(cn=???)(uid=???)(&(uid:dn:=???)(ou=ttrss))))'); 81 define('LDAP_AUTH_SEARCHFILTER', '${env.ldap.filter}');
82 82
83 define('LDAP_AUTH_BINDDN', 'cn=ttrss,ou=services,dc=immae,dc=eu'); 83 define('LDAP_AUTH_BINDDN', '${env.ldap.dn}');
84 define('LDAP_AUTH_BINDPW', '${env.ldap.password}'); 84 define('LDAP_AUTH_BINDPW', '${env.ldap.password}');
85 define('LDAP_AUTH_LOGIN_ATTRIB', 'immaeTtrssLogin'); 85 define('LDAP_AUTH_LOGIN_ATTRIB', 'immaeTtrssLogin');
86 86
diff --git a/modules/private/websites/tools/tools/wallabag.nix b/modules/private/websites/tools/tools/wallabag.nix
index 8572d64..2d152b2 100644
--- a/modules/private/websites/tools/tools/wallabag.nix
+++ b/modules/private/websites/tools/tools/wallabag.nix
@@ -48,16 +48,16 @@ rec {
48 redis_password: null 48 redis_password: null
49 sites_credentials: { } 49 sites_credentials: { }
50 ldap_enabled: true 50 ldap_enabled: true
51 ldap_host: ldap.immae.eu 51 ldap_host: ${env.ldap.host}
52 ldap_port: 636 52 ldap_port: 636
53 ldap_tls: false 53 ldap_tls: false
54 ldap_ssl: true 54 ldap_ssl: true
55 ldap_bind_requires_dn: true 55 ldap_bind_requires_dn: true
56 ldap_base: 'dc=immae,dc=eu' 56 ldap_base: '${env.ldap.base}'
57 ldap_manager_dn: 'cn=wallabag,ou=services,dc=immae,dc=eu' 57 ldap_manager_dn: '${env.ldap.dn}'
58 ldap_manager_pw: ${env.ldap.password} 58 ldap_manager_pw: ${env.ldap.password}
59 ldap_filter: '(&(memberOf=cn=users,cn=wallabag,ou=services,dc=immae,dc=eu))' 59 ldap_filter: '${env.ldap.filter}'
60 ldap_admin_filter: '(&(memberOf=cn=admins,cn=wallabag,ou=services,dc=immae,dc=eu)(uid=%s))' 60 ldap_admin_filter: '${env.ldap.admin_filter}'
61 ldap_username_attribute: uid 61 ldap_username_attribute: uid
62 ldap_email_attribute: mail 62 ldap_email_attribute: mail
63 ldap_name_attribute: cn 63 ldap_name_attribute: cn
diff --git a/modules/private/websites/tools/tools/ympd.nix b/modules/private/websites/tools/tools/ympd.nix
index b54c486..72d45d4 100644
--- a/modules/private/websites/tools/tools/ympd.nix
+++ b/modules/private/websites/tools/tools/ympd.nix
@@ -2,7 +2,7 @@
2let 2let
3 ympd = rec { 3 ympd = rec {
4 config = { 4 config = {
5 webPort = "localhost:${env.listenPort}"; 5 webPort = "localhost:${toString env.listenPort}";
6 host = env.mpd.host; 6 host = env.mpd.host;
7 port = env.mpd.port; 7 port = env.mpd.port;
8 }; 8 };
diff --git a/modules/private/websites/tools/tools/yourls.nix b/modules/private/websites/tools/tools/yourls.nix
index 0a8e837..6280e78 100644
--- a/modules/private/websites/tools/tools/yourls.nix
+++ b/modules/private/websites/tools/tools/yourls.nix
@@ -28,10 +28,10 @@ rec {
28 define( 'YOURLS_DEBUG', false ); 28 define( 'YOURLS_DEBUG', false );
29 define( 'YOURLS_URL_CONVERT', 36 ); 29 define( 'YOURLS_URL_CONVERT', 36 );
30 $yourls_reserved_URL = array(); 30 $yourls_reserved_URL = array();
31 define( 'LDAPAUTH_HOST', 'ldaps://ldap.immae.eu' ); 31 define( 'LDAPAUTH_HOST', 'ldaps://${env.ldap.host}' );
32 define( 'LDAPAUTH_PORT', '636' ); 32 define( 'LDAPAUTH_PORT', '636' );
33 define( 'LDAPAUTH_BASE', 'dc=immae,dc=eu' ); 33 define( 'LDAPAUTH_BASE', '${env.ldap.base}' );
34 define( 'LDAPAUTH_SEARCH_USER', 'cn=yourls,ou=services,dc=immae,dc=eu' ); 34 define( 'LDAPAUTH_SEARCH_USER', '${env.ldap.dn}' );
35 define( 'LDAPAUTH_SEARCH_PASS', '${env.ldap.password}' ); 35 define( 'LDAPAUTH_SEARCH_PASS', '${env.ldap.password}' );
36 36
37 define( 'LDAPAUTH_GROUP_ATTR', 'memberof' ); 37 define( 'LDAPAUTH_GROUP_ATTR', 'memberof' );
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-03 09:14:28 +0000