[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix

{ lib, pkgs, config, ... }:
let
  flakeCompat = import ../../../../../lib/flake-compat.nix;

  adminer = pkgs.callPackage ./adminer.nix {};
  ympd = pkgs.callPackage ./ympd.nix {
    env = config.myEnv.tools.ympd;
  };
  ttrss = pkgs.callPackage ./ttrss.nix {
    inherit (pkgs.webapps) ttrss ttrss-plugins;
    env = config.myEnv.tools.ttrss;
    php = pkgs.php72;
    inherit config;
  };
  kanboard = pkgs.callPackage ./kanboard.nix  {
    inherit config;
    env = config.myEnv.tools.kanboard;
  };
  wallabag = pkgs.callPackage ./wallabag.nix {
    wallabag = pkgs.webapps.wallabag.override {
      composerEnv = pkgs.composerEnv.override {
        php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
      };
    };
    env = config.myEnv.tools.wallabag;
    inherit config;
  };
  yourls = pkgs.callPackage ./yourls.nix {
    inherit (pkgs.webapps) yourls yourls-plugins;
    env = config.myEnv.tools.yourls;
    inherit config;
  };
  rompr = pkgs.callPackage ./rompr.nix {
    inherit (pkgs.webapps) rompr;
    env = config.myEnv.tools.rompr;
  };
  shaarli = pkgs.callPackage ./shaarli.nix {
    env = config.myEnv.tools.shaarli;
    inherit config;
  };
  dokuwiki = pkgs.callPackage ./dokuwiki.nix {
    inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
  };
  ldap = pkgs.callPackage ./ldap.nix {
    inherit (pkgs.webapps) phpldapadmin;
    env = config.myEnv.tools.phpldapadmin;
    inherit config;
  };
  grocy = pkgs.callPackage ./grocy.nix {
    grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
  };
  phpbb = pkgs.callPackage ./phpbb.nix {
    phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
      e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
      e.empteintesduweb.monitoranswers e.lr94.autosubscribe
      e.phpbbmodders.adduser ]);
  };
  webhooks = pkgs.callPackage ./webhooks.nix {
    env = config.myEnv.tools.webhooks;
  };
  dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
    env = config.myEnv.tools.dmarc_reports;
    inherit config;
  };

  landing = pkgs.callPackage ./landing.nix {};

  cfg = config.myServices.websites.tools.tools;
  pcfg = config.services.phpfpm.pools;
in {
  imports =
    builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;

  options.myServices.websites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    secrets.keys =
      kanboard.keys
      // ldap.keys
      // shaarli.keys
      // ttrss.keys
      // wallabag.keys
      // yourls.keys
      // dmarc-reports.keys
      // webhooks.keys;

    services.websites.env.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ dmarc-reports.apache.modules
      ++ phpbb.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.websites.env.integration.vhostConfs.devtools = {
      certName     = "integration";
      certMainHost = "tools.immae.dev";
      addToCerts   = true;
      hosts        = [ "tools.immae.dev" ];
      root         = "/var/lib/ftp/immae/devtools";
      extraConfig  = [
        ''
          Use Apaxy "/var/lib/ftp/immae/devtools" "title"
          Timeout 600
          ProxyTimeout 600
          Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
          <Directory "/var/lib/ftp/immae/devtools">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
      ];
    };

    services.websites.env.tools.vhostConfs.tools = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = ["tools.immae.eu" ];
      root        = landing;
      extraConfig = [
        ''
          RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1
          RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1
          RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

          <Directory "${landing}">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted

            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        (adminer.apache.vhostConf pcfg.adminer.socket)
        ympd.apache.vhostConf
        (ttrss.apache.vhostConf pcfg.ttrss.socket)
        (wallabag.apache.vhostConf pcfg.wallabag.socket)
        (yourls.apache.vhostConf pcfg.yourls.socket)
        (rompr.apache.vhostConf pcfg.rompr.socket)
        (shaarli.apache.vhostConf pcfg.shaarli.socket)
        (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
        (ldap.apache.vhostConf pcfg.ldap.socket)
        (kanboard.apache.vhostConf pcfg.kanboard.socket)
        (grocy.apache.vhostConf pcfg.grocy.socket)
        (phpbb.apache.vhostConf pcfg.phpbb.socket)
        (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
        ''
          <Location "/paste/">
            ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPreserveHost on
          </Location>
          <Location "/paste">
            ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPreserveHost on
          </Location>

          Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
          <Directory "/var/lib/buildbot/outputs/immae/bip39">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted
          </Directory>

          Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
          <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
            Options -Indexes
            DirectoryIndex index.php
            Require all granted
            AllowOverride None
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
        ''
      ];
    };

    services.websites.env.tools.vhostConfs.outils = {
      certName   = "eldiron";
      addToCerts = true;
      hosts      = [ "outils.immae.eu" ];
      root       = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1

        RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

        RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    systemd.services = {
      phpfpm-dokuwiki = {
        after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
        wants = dokuwiki.phpFpm.serviceDeps;
      };
      phpfpm-phpbb = {
        after = lib.mkAfter phpbb.phpFpm.serviceDeps;
        wants = phpbb.phpFpm.serviceDeps;
      };
      phpfpm-kanboard = {
        after = lib.mkAfter kanboard.phpFpm.serviceDeps;
        wants = kanboard.phpFpm.serviceDeps;
      };
      phpfpm-ldap = {
        after = lib.mkAfter ldap.phpFpm.serviceDeps;
        wants = ldap.phpFpm.serviceDeps;
      };
      phpfpm-shaarli = {
        after = lib.mkAfter shaarli.phpFpm.serviceDeps;
        wants = shaarli.phpFpm.serviceDeps;
      };
      phpfpm-ttrss = {
        after = lib.mkAfter ttrss.phpFpm.serviceDeps;
        wants = ttrss.phpFpm.serviceDeps;
      };
      phpfpm-wallabag = {
        after = lib.mkAfter wallabag.phpFpm.serviceDeps;
        wants = wallabag.phpFpm.serviceDeps;
        preStart = lib.mkAfter wallabag.phpFpm.preStart;
      };
      phpfpm-yourls = {
        after = lib.mkAfter yourls.phpFpm.serviceDeps;
        wants = yourls.phpFpm.serviceDeps;
      };
      ympd = {
        description = "Standalone MPD Web GUI written in C";
        wantedBy = [ "multi-user.target" ];
        script = ''
          export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
          ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
          '';
      };
      tt-rss = {
        description = "Tiny Tiny RSS feeds update daemon";
        serviceConfig = {
          User = "wwwrun";
          ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
          StandardOutput = "syslog";
          StandardError = "syslog";
          PermissionsStartOnly = true;
        };

        wantedBy = [ "multi-user.target" ];
        requires = ["postgresql.service"];
        after = ["network.target" "postgresql.service"];
      };
    };

    services.filesWatcher.ympd = {
      restart = true;
      paths = [ config.secrets.fullPaths."mpd" ];
    };

    services.phpfpm.pools = {
      tools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          # Needed to avoid clashes in browser cookies (same domain)
          "php_value[session.name]" = "ToolsPHPSESSID";
          "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
            "/run/wrappers/bin/sendmail" landing "/tmp"
            config.secrets.fullPaths."webapps/webhooks"
          ];
        };
        phpEnv = {
          CONTACT_EMAIL = config.myEnv.tools.contact;
        };
        phpPackage = pkgs.php72;
      };
      devtools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
        };
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
      };
      adminer = adminer.phpFpm;
      ttrss = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ttrss.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      wallabag = {
        user = "wwwrun";
        group = "wwwrun";
        settings = wallabag.phpFpm.pool;
        phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
      };
      yourls = {
        user = "wwwrun";
        group = "wwwrun";
        settings = yourls.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      rompr = {
        user = "wwwrun";
        group = "wwwrun";
        settings = rompr.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      shaarli = {
        user = "wwwrun";
        group = "wwwrun";
        settings = shaarli.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      dmarc-reports = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dmarc-reports.phpFpm.pool;
        phpEnv = dmarc-reports.phpFpm.phpEnv;
        phpPackage = pkgs.php72;
      };
      dokuwiki = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dokuwiki.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      phpbb = {
        user = "wwwrun";
        group = "wwwrun";
        settings = phpbb.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      ldap = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ldap.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      kanboard = {
        user = "wwwrun";
        group = "wwwrun";
        settings = kanboard.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      grocy = {
        user = "wwwrun";
        group = "wwwrun";
        settings = grocy.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
    };

    system.activationScripts = {
      adminer = adminer.activationScript;
      grocy = grocy.activationScript;
      ttrss = ttrss.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      phpbb = phpbb.activationScript;
      kanboard = kanboard.activationScript;
      ldap = ldap.activationScript;
    };

    services.websites.env.tools.watchPaths = [
      config.secrets.fullPaths."webapps/tools-shaarli"
    ];
    services.filesWatcher.phpfpm-wallabag = {
      restart = true;
      paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
    };

  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
10889174	2	let
a9f52ec5 IB	3	flakeCompat = import ../../../../../lib/flake-compat.nix;
a9f52ec5 IB	4
750fe5a4	5	adminer = pkgs.callPackage ./adminer.nix {};
4288c2f2	6	ympd = pkgs.callPackage ./ympd.nix {
ab8f306d	7	env = config.myEnv.tools.ympd;
4288c2f2 IB	8	};
	9	ttrss = pkgs.callPackage ./ttrss.nix {
	10	inherit (pkgs.webapps) ttrss ttrss-plugins;
ab8f306d	11	env = config.myEnv.tools.ttrss;
dcac3ec7	12	php = pkgs.php72;
da30ae4f	13	inherit config;
4288c2f2	14	};
4288c2f2	15	kanboard = pkgs.callPackage ./kanboard.nix {
da30ae4f	16	inherit config;
ab8f306d	17	env = config.myEnv.tools.kanboard;
4288c2f2 IB	18	};
4288c2f2 IB	19	wallabag = pkgs.callPackage ./wallabag.nix {
46c99b57 IB	20	wallabag = pkgs.webapps.wallabag.override {
46c99b57 IB	21	composerEnv = pkgs.composerEnv.override {
2053ddac	22	php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
46c99b57 IB	23	};
46c99b57 IB	24	};
ab8f306d	25	env = config.myEnv.tools.wallabag;
da30ae4f	26	inherit config;
4288c2f2 IB	27	};
	28	yourls = pkgs.callPackage ./yourls.nix {
	29	inherit (pkgs.webapps) yourls yourls-plugins;
ab8f306d	30	env = config.myEnv.tools.yourls;
da30ae4f	31	inherit config;
4288c2f2 IB	32	};
	33	rompr = pkgs.callPackage ./rompr.nix {
	34	inherit (pkgs.webapps) rompr;
ab8f306d	35	env = config.myEnv.tools.rompr;
4288c2f2 IB	36	};
4288c2f2 IB	37	shaarli = pkgs.callPackage ./shaarli.nix {
ab8f306d	38	env = config.myEnv.tools.shaarli;
da30ae4f	39	inherit config;
4288c2f2 IB	40	};
	41	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	42	inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
	43	};
	44	ldap = pkgs.callPackage ./ldap.nix {
	45	inherit (pkgs.webapps) phpldapadmin;
ab8f306d	46	env = config.myEnv.tools.phpldapadmin;
da30ae4f	47	inherit config;
4288c2f2	48	};
c7627e14	49	grocy = pkgs.callPackage ./grocy.nix {
dcac3ec7	50	grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
c7627e14	51	};
a8ef1adb IB	52	phpbb = pkgs.callPackage ./phpbb.nix {
	53	phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
	54	e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
	55	e.empteintesduweb.monitoranswers e.lr94.autosubscribe
	56	e.phpbbmodders.adduser ]);
	57	};
251c0a13 IB	58	webhooks = pkgs.callPackage ./webhooks.nix {
	59	env = config.myEnv.tools.webhooks;
	60	};
7df5e532 IB	61	dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
7df5e532 IB	62	env = config.myEnv.tools.dmarc_reports;
da30ae4f	63	inherit config;
7df5e532	64	};
251c0a13 IB	65
251c0a13 IB	66	landing = pkgs.callPackage ./landing.nix {};
10889174	67
4288c2f2	68	cfg = config.myServices.websites.tools.tools;
5400b9b6	69	pcfg = config.services.phpfpm.pools;
10889174	70	in {
a9f52ec5 IB	71	imports =
	72	builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;
	73
4288c2f2	74	options.myServices.websites.tools.tools = {
10889174 IB	75	enable = lib.mkEnableOption "enable tools website";
	76	};
	77
	78	config = lib.mkIf cfg.enable {
1a718805	79	secrets.keys =
a840a21c	80	kanboard.keys
4c4652aa IB	81	// ldap.keys
	82	// shaarli.keys
	83	// ttrss.keys
	84	// wallabag.keys
	85	// yourls.keys
	86	// dmarc-reports.keys
4c4652aa	87	// webhooks.keys;
98163486	88
29f8cb85	89	services.websites.env.tools.modules =
1922655a IB	90	[ "proxy_fcgi" ]
1922655a IB	91	++ adminer.apache.modules
10889174 IB	92	++ ympd.apache.modules
10889174 IB	93	++ ttrss.apache.modules
133ebaee	94	++ wallabag.apache.modules
bfe3c9c9	95	++ yourls.apache.modules
95b20e17	96	++ rompr.apache.modules
b892dcbe	97	++ shaarli.apache.modules
f80772dc	98	++ dokuwiki.apache.modules
7df5e532	99	++ dmarc-reports.apache.modules
a8ef1adb	100	++ phpbb.apache.modules
d4ed0eff IB	101	++ ldap.apache.modules
d4ed0eff IB	102	++ kanboard.apache.modules;
10889174	103
29f8cb85	104	services.websites.env.integration.vhostConfs.devtools = {
0f71cd76	105	certName = "integration";
7c5e6fe8	106	certMainHost = "tools.immae.dev";
0f71cd76	107	addToCerts = true;
7c5e6fe8	108	hosts = [ "tools.immae.dev" ];
41cce84a	109	root = "/var/lib/ftp/immae/devtools";
0f71cd76	110	extraConfig = [
0aae0181	111	''
41cce84a	112	Use Apaxy "/var/lib/ftp/immae/devtools" "title"
9338c832 IB	113	Timeout 600
9338c832 IB	114	ProxyTimeout 600
68c45ad5	115	Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
41cce84a	116	<Directory "/var/lib/ftp/immae/devtools">
0aae0181 IB	117	DirectoryIndex index.php index.htm index.html
	118	AllowOverride all
	119	Require all granted
	120	<FilesMatch "\.php$">
5400b9b6	121	SetHandler "proxy:unix:${pcfg.devtools.socket}\|fcgi://localhost"
0aae0181 IB	122	</FilesMatch>
	123	</Directory>
	124	''
46f30ecc IB	125	];
	126	};
	127
29f8cb85	128	services.websites.env.tools.vhostConfs.tools = {
10889174	129	certName = "eldiron";
7df420c2	130	addToCerts = true;
10889174	131	hosts = ["tools.immae.eu" ];
a8ef1adb	132	root = landing;
10889174	133	extraConfig = [
1922655a	134	''
ea9c6fe8	135	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
afcc5de0	136	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
3f453c7d	137	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
afcc5de0	138
251c0a13 IB	139	<Directory "${landing}">
	140	DirectoryIndex index.html
	141	AllowOverride None
	142	Require all granted
	143
	144	<FilesMatch "\.php$">
	145	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	146	</FilesMatch>
	147	</Directory>
1922655a	148	''
5400b9b6	149	(adminer.apache.vhostConf pcfg.adminer.socket)
10889174	150	ympd.apache.vhostConf
5400b9b6 IB	151	(ttrss.apache.vhostConf pcfg.ttrss.socket)
	152	(wallabag.apache.vhostConf pcfg.wallabag.socket)
	153	(yourls.apache.vhostConf pcfg.yourls.socket)
	154	(rompr.apache.vhostConf pcfg.rompr.socket)
	155	(shaarli.apache.vhostConf pcfg.shaarli.socket)
	156	(dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
	157	(ldap.apache.vhostConf pcfg.ldap.socket)
	158	(kanboard.apache.vhostConf pcfg.kanboard.socket)
	159	(grocy.apache.vhostConf pcfg.grocy.socket)
a8ef1adb	160	(phpbb.apache.vhostConf pcfg.phpbb.socket)
7df5e532	161	(dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
ea3b46ee	162	''
a9f52ec5 IB	163	<Location "/paste/">
	164	ProxyPass unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	165	ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	166	ProxyPreserveHost on
	167	</Location>
	168	<Location "/paste">
	169	ProxyPass unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	170	ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	171	ProxyPreserveHost on
	172	</Location>
251c0a13	173
cb589b2e IB	174	Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
cb589b2e IB	175	<Directory "/var/lib/buildbot/outputs/immae/bip39">
251c0a13 IB	176	DirectoryIndex index.html
	177	AllowOverride None
	178	Require all granted
	179	</Directory>
	180
da30ae4f IB	181	Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
da30ae4f IB	182	<Directory "${config.secrets.fullPaths."webapps/webhooks"}">
251c0a13	183	Options -Indexes
2be8c2e6	184	DirectoryIndex index.php
251c0a13 IB	185	Require all granted
	186	AllowOverride None
	187	<FilesMatch "\.php$">
	188	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	189	</FilesMatch>
	190	</Directory>
ea3b46ee	191	''
10889174 IB	192	];
	193	};
	194
29f8cb85	195	services.websites.env.tools.vhostConfs.outils = {
7df420c2 IB	196	certName = "eldiron";
7df420c2 IB	197	addToCerts = true;
0f71cd76	198	hosts = [ "outils.immae.eu" ];
7df420c2	199	root = null;
70606070 IB	200	extraConfig = [
	201	''
	202	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	203
	204	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	205
	206	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	207	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	208
	209	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	210	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	211	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	212	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	213
	214	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	215
afcc5de0 IB	216	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
afcc5de0 IB	217
3f453c7d IB	218	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
3f453c7d IB	219
ea9c6fe8 IB	220	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
ea9c6fe8 IB	221
70606070 IB	222	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	223	''
	224	];
	225	};
	226
f40f5b23 IB	227	systemd.services = {
	228	phpfpm-dokuwiki = {
	229	after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
	230	wants = dokuwiki.phpFpm.serviceDeps;
	231	};
a8ef1adb IB	232	phpfpm-phpbb = {
	233	after = lib.mkAfter phpbb.phpFpm.serviceDeps;
	234	wants = phpbb.phpFpm.serviceDeps;
	235	};
f40f5b23 IB	236	phpfpm-kanboard = {
	237	after = lib.mkAfter kanboard.phpFpm.serviceDeps;
	238	wants = kanboard.phpFpm.serviceDeps;
	239	};
	240	phpfpm-ldap = {
	241	after = lib.mkAfter ldap.phpFpm.serviceDeps;
	242	wants = ldap.phpFpm.serviceDeps;
	243	};
f40f5b23 IB	244	phpfpm-shaarli = {
	245	after = lib.mkAfter shaarli.phpFpm.serviceDeps;
	246	wants = shaarli.phpFpm.serviceDeps;
	247	};
	248	phpfpm-ttrss = {
	249	after = lib.mkAfter ttrss.phpFpm.serviceDeps;
	250	wants = ttrss.phpFpm.serviceDeps;
	251	};
	252	phpfpm-wallabag = {
	253	after = lib.mkAfter wallabag.phpFpm.serviceDeps;
	254	wants = wallabag.phpFpm.serviceDeps;
	255	preStart = lib.mkAfter wallabag.phpFpm.preStart;
	256	};
	257	phpfpm-yourls = {
	258	after = lib.mkAfter yourls.phpFpm.serviceDeps;
	259	wants = yourls.phpFpm.serviceDeps;
	260	};
	261	ympd = {
	262	description = "Standalone MPD Web GUI written in C";
	263	wantedBy = [ "multi-user.target" ];
	264	script = ''
da30ae4f	265	export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
f40f5b23 IB	266	${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
	267	'';
	268	};
	269	tt-rss = {
	270	description = "Tiny Tiny RSS feeds update daemon";
	271	serviceConfig = {
	272	User = "wwwrun";
dcac3ec7	273	ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
f40f5b23 IB	274	StandardOutput = "syslog";
	275	StandardError = "syslog";
	276	PermissionsStartOnly = true;
	277	};
	278
	279	wantedBy = [ "multi-user.target" ];
	280	requires = ["postgresql.service"];
	281	after = ["network.target" "postgresql.service"];
	282	};
	283	};
	284
17f6eae9 IB	285	services.filesWatcher.ympd = {
17f6eae9 IB	286	restart = true;
da30ae4f	287	paths = [ config.secrets.fullPaths."mpd" ];
17f6eae9 IB	288	};
17f6eae9 IB	289
441da8aa IB	290	services.phpfpm.pools = {
441da8aa IB	291	tools = {
5400b9b6 IB	292	user = "wwwrun";
	293	group = "wwwrun";
	294	settings = {
	295	"listen.owner" = "wwwrun";
	296	"listen.group" = "wwwrun";
	297	"pm" = "dynamic";
	298	"pm.max_children" = "60";
	299	"pm.start_servers" = "2";
	300	"pm.min_spare_servers" = "1";
	301	"pm.max_spare_servers" = "10";
f40f5b23	302
5400b9b6 IB	303	# Needed to avoid clashes in browser cookies (same domain)
5400b9b6 IB	304	"php_value[session.name]" = "ToolsPHPSESSID";
251c0a13	305	"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
a8ef1adb	306	"/run/wrappers/bin/sendmail" landing "/tmp"
da30ae4f	307	config.secrets.fullPaths."webapps/webhooks"
251c0a13 IB	308	];
	309	};
	310	phpEnv = {
	311	CONTACT_EMAIL = config.myEnv.tools.contact;
5400b9b6	312	};
dcac3ec7	313	phpPackage = pkgs.php72;
441da8aa IB	314	};
441da8aa IB	315	devtools = {
5400b9b6 IB	316	user = "wwwrun";
	317	group = "wwwrun";
	318	settings = {
	319	"listen.owner" = "wwwrun";
	320	"listen.group" = "wwwrun";
	321	"pm" = "dynamic";
	322	"pm.max_children" = "60";
	323	"pm.start_servers" = "2";
	324	"pm.min_spare_servers" = "1";
	325	"pm.max_spare_servers" = "10";
1922655a	326
41cce84a	327	"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
5400b9b6	328	};
2053ddac	329	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
441da8aa	330	};
5400b9b6	331	adminer = adminer.phpFpm;
441da8aa	332	ttrss = {
5400b9b6 IB	333	user = "wwwrun";
	334	group = "wwwrun";
	335	settings = ttrss.phpFpm.pool;
dcac3ec7	336	phpPackage = pkgs.php72;
441da8aa IB	337	};
441da8aa IB	338	wallabag = {
5400b9b6 IB	339	user = "wwwrun";
	340	group = "wwwrun";
	341	settings = wallabag.phpFpm.pool;
2053ddac	342	phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
441da8aa IB	343	};
441da8aa IB	344	yourls = {
5400b9b6 IB	345	user = "wwwrun";
	346	group = "wwwrun";
	347	settings = yourls.phpFpm.pool;
dcac3ec7	348	phpPackage = pkgs.php72;
441da8aa IB	349	};
441da8aa IB	350	rompr = {
5400b9b6 IB	351	user = "wwwrun";
	352	group = "wwwrun";
	353	settings = rompr.phpFpm.pool;
dcac3ec7	354	phpPackage = pkgs.php72;
441da8aa IB	355	};
441da8aa IB	356	shaarli = {
5400b9b6 IB	357	user = "wwwrun";
	358	group = "wwwrun";
	359	settings = shaarli.phpFpm.pool;
dcac3ec7	360	phpPackage = pkgs.php72;
441da8aa	361	};
7df5e532 IB	362	dmarc-reports = {
	363	user = "wwwrun";
	364	group = "wwwrun";
	365	settings = dmarc-reports.phpFpm.pool;
	366	phpEnv = dmarc-reports.phpFpm.phpEnv;
dcac3ec7	367	phpPackage = pkgs.php72;
7df5e532	368	};
441da8aa	369	dokuwiki = {
5400b9b6 IB	370	user = "wwwrun";
	371	group = "wwwrun";
	372	settings = dokuwiki.phpFpm.pool;
dcac3ec7	373	phpPackage = pkgs.php72;
441da8aa	374	};
a8ef1adb IB	375	phpbb = {
	376	user = "wwwrun";
	377	group = "wwwrun";
	378	settings = phpbb.phpFpm.pool;
dcac3ec7	379	phpPackage = pkgs.php72;
a8ef1adb	380	};
441da8aa	381	ldap = {
5400b9b6 IB	382	user = "wwwrun";
	383	group = "wwwrun";
	384	settings = ldap.phpFpm.pool;
64608496	385	phpPackage = pkgs.php72;
441da8aa IB	386	};
441da8aa IB	387	kanboard = {
5400b9b6 IB	388	user = "wwwrun";
	389	group = "wwwrun";
	390	settings = kanboard.phpFpm.pool;
dcac3ec7	391	phpPackage = pkgs.php72;
441da8aa IB	392	};
441da8aa IB	393	grocy = {
5400b9b6 IB	394	user = "wwwrun";
	395	group = "wwwrun";
	396	settings = grocy.phpFpm.pool;
dcac3ec7	397	phpPackage = pkgs.php72;
441da8aa	398	};
10889174 IB	399	};
	400
	401	system.activationScripts = {
4288c2f2	402	adminer = adminer.activationScript;
c7627e14	403	grocy = grocy.activationScript;
10889174	404	ttrss = ttrss.activationScript;
aebd817b	405	wallabag = wallabag.activationScript;
133ebaee	406	yourls = yourls.activationScript;
bfe3c9c9	407	rompr = rompr.activationScript;
95b20e17	408	shaarli = shaarli.activationScript;
b892dcbe	409	dokuwiki = dokuwiki.activationScript;
a8ef1adb	410	phpbb = phpbb.activationScript;
d4ed0eff	411	kanboard = kanboard.activationScript;
4288c2f2	412	ldap = ldap.activationScript;
10889174 IB	413	};
10889174 IB	414
29f8cb85	415	services.websites.env.tools.watchPaths = [
da30ae4f	416	config.secrets.fullPaths."webapps/tools-shaarli"
17f6eae9 IB	417	];
	418	services.filesWatcher.phpfpm-wallabag = {
	419	restart = true;
da30ae4f	420	paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
17f6eae9	421	};
ea3b46ee	422
10889174 IB	423	};
	424	}
	425