]>
Commit | Line | Data |
---|---|---|
ab8f306d | 1 | { lib, pkgs, config, ... }: |
10889174 | 2 | let |
a9f52ec5 IB |
3 | flakeCompat = import ../../../../../lib/flake-compat.nix; |
4 | ||
750fe5a4 | 5 | adminer = pkgs.callPackage ./adminer.nix {}; |
4288c2f2 | 6 | ympd = pkgs.callPackage ./ympd.nix { |
ab8f306d | 7 | env = config.myEnv.tools.ympd; |
4288c2f2 IB |
8 | }; |
9 | ttrss = pkgs.callPackage ./ttrss.nix { | |
10 | inherit (pkgs.webapps) ttrss ttrss-plugins; | |
ab8f306d | 11 | env = config.myEnv.tools.ttrss; |
dcac3ec7 | 12 | php = pkgs.php72; |
da30ae4f | 13 | inherit config; |
4288c2f2 | 14 | }; |
4288c2f2 | 15 | kanboard = pkgs.callPackage ./kanboard.nix { |
da30ae4f | 16 | inherit config; |
ab8f306d | 17 | env = config.myEnv.tools.kanboard; |
4288c2f2 IB |
18 | }; |
19 | wallabag = pkgs.callPackage ./wallabag.nix { | |
46c99b57 IB |
20 | wallabag = pkgs.webapps.wallabag.override { |
21 | composerEnv = pkgs.composerEnv.override { | |
2053ddac | 22 | php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]); |
46c99b57 IB |
23 | }; |
24 | }; | |
ab8f306d | 25 | env = config.myEnv.tools.wallabag; |
da30ae4f | 26 | inherit config; |
4288c2f2 IB |
27 | }; |
28 | yourls = pkgs.callPackage ./yourls.nix { | |
29 | inherit (pkgs.webapps) yourls yourls-plugins; | |
ab8f306d | 30 | env = config.myEnv.tools.yourls; |
da30ae4f | 31 | inherit config; |
4288c2f2 IB |
32 | }; |
33 | rompr = pkgs.callPackage ./rompr.nix { | |
34 | inherit (pkgs.webapps) rompr; | |
ab8f306d | 35 | env = config.myEnv.tools.rompr; |
4288c2f2 IB |
36 | }; |
37 | shaarli = pkgs.callPackage ./shaarli.nix { | |
ab8f306d | 38 | env = config.myEnv.tools.shaarli; |
da30ae4f | 39 | inherit config; |
4288c2f2 IB |
40 | }; |
41 | dokuwiki = pkgs.callPackage ./dokuwiki.nix { | |
42 | inherit (pkgs.webapps) dokuwiki dokuwiki-plugins; | |
43 | }; | |
44 | ldap = pkgs.callPackage ./ldap.nix { | |
45 | inherit (pkgs.webapps) phpldapadmin; | |
ab8f306d | 46 | env = config.myEnv.tools.phpldapadmin; |
da30ae4f | 47 | inherit config; |
4288c2f2 | 48 | }; |
c7627e14 | 49 | grocy = pkgs.callPackage ./grocy.nix { |
dcac3ec7 | 50 | grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; }; |
c7627e14 | 51 | }; |
a8ef1adb IB |
52 | phpbb = pkgs.callPackage ./phpbb.nix { |
53 | phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [ | |
54 | e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat | |
55 | e.empteintesduweb.monitoranswers e.lr94.autosubscribe | |
56 | e.phpbbmodders.adduser ]); | |
57 | }; | |
251c0a13 IB |
58 | webhooks = pkgs.callPackage ./webhooks.nix { |
59 | env = config.myEnv.tools.webhooks; | |
60 | }; | |
7df5e532 IB |
61 | dmarc-reports = pkgs.callPackage ./dmarc_reports.nix { |
62 | env = config.myEnv.tools.dmarc_reports; | |
da30ae4f | 63 | inherit config; |
7df5e532 | 64 | }; |
251c0a13 IB |
65 | |
66 | landing = pkgs.callPackage ./landing.nix {}; | |
10889174 | 67 | |
4288c2f2 | 68 | cfg = config.myServices.websites.tools.tools; |
5400b9b6 | 69 | pcfg = config.services.phpfpm.pools; |
10889174 | 70 | in { |
a9f52ec5 IB |
71 | imports = |
72 | builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules; | |
73 | ||
4288c2f2 | 74 | options.myServices.websites.tools.tools = { |
10889174 IB |
75 | enable = lib.mkEnableOption "enable tools website"; |
76 | }; | |
77 | ||
78 | config = lib.mkIf cfg.enable { | |
1a718805 | 79 | secrets.keys = |
a840a21c | 80 | kanboard.keys |
4c4652aa IB |
81 | // ldap.keys |
82 | // shaarli.keys | |
83 | // ttrss.keys | |
84 | // wallabag.keys | |
85 | // yourls.keys | |
86 | // dmarc-reports.keys | |
4c4652aa | 87 | // webhooks.keys; |
98163486 | 88 | |
29f8cb85 | 89 | services.websites.env.tools.modules = |
1922655a IB |
90 | [ "proxy_fcgi" ] |
91 | ++ adminer.apache.modules | |
10889174 IB |
92 | ++ ympd.apache.modules |
93 | ++ ttrss.apache.modules | |
133ebaee | 94 | ++ wallabag.apache.modules |
bfe3c9c9 | 95 | ++ yourls.apache.modules |
95b20e17 | 96 | ++ rompr.apache.modules |
b892dcbe | 97 | ++ shaarli.apache.modules |
f80772dc | 98 | ++ dokuwiki.apache.modules |
7df5e532 | 99 | ++ dmarc-reports.apache.modules |
a8ef1adb | 100 | ++ phpbb.apache.modules |
d4ed0eff IB |
101 | ++ ldap.apache.modules |
102 | ++ kanboard.apache.modules; | |
10889174 | 103 | |
29f8cb85 | 104 | services.websites.env.integration.vhostConfs.devtools = { |
0f71cd76 | 105 | certName = "integration"; |
7c5e6fe8 | 106 | certMainHost = "tools.immae.dev"; |
0f71cd76 | 107 | addToCerts = true; |
7c5e6fe8 | 108 | hosts = [ "tools.immae.dev" ]; |
41cce84a | 109 | root = "/var/lib/ftp/immae/devtools"; |
0f71cd76 | 110 | extraConfig = [ |
0aae0181 | 111 | '' |
41cce84a | 112 | Use Apaxy "/var/lib/ftp/immae/devtools" "title" |
9338c832 IB |
113 | Timeout 600 |
114 | ProxyTimeout 600 | |
68c45ad5 | 115 | Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}" |
41cce84a | 116 | <Directory "/var/lib/ftp/immae/devtools"> |
0aae0181 IB |
117 | DirectoryIndex index.php index.htm index.html |
118 | AllowOverride all | |
119 | Require all granted | |
120 | <FilesMatch "\.php$"> | |
5400b9b6 | 121 | SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost" |
0aae0181 IB |
122 | </FilesMatch> |
123 | </Directory> | |
124 | '' | |
46f30ecc IB |
125 | ]; |
126 | }; | |
127 | ||
29f8cb85 | 128 | services.websites.env.tools.vhostConfs.tools = { |
10889174 | 129 | certName = "eldiron"; |
7df420c2 | 130 | addToCerts = true; |
10889174 | 131 | hosts = ["tools.immae.eu" ]; |
a8ef1adb | 132 | root = landing; |
10889174 | 133 | extraConfig = [ |
1922655a | 134 | '' |
ea9c6fe8 | 135 | RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1 |
afcc5de0 | 136 | RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1 |
3f453c7d | 137 | RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse |
afcc5de0 | 138 | |
251c0a13 IB |
139 | <Directory "${landing}"> |
140 | DirectoryIndex index.html | |
141 | AllowOverride None | |
142 | Require all granted | |
143 | ||
144 | <FilesMatch "\.php$"> | |
145 | SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost" | |
146 | </FilesMatch> | |
147 | </Directory> | |
1922655a | 148 | '' |
5400b9b6 | 149 | (adminer.apache.vhostConf pcfg.adminer.socket) |
10889174 | 150 | ympd.apache.vhostConf |
5400b9b6 IB |
151 | (ttrss.apache.vhostConf pcfg.ttrss.socket) |
152 | (wallabag.apache.vhostConf pcfg.wallabag.socket) | |
153 | (yourls.apache.vhostConf pcfg.yourls.socket) | |
154 | (rompr.apache.vhostConf pcfg.rompr.socket) | |
155 | (shaarli.apache.vhostConf pcfg.shaarli.socket) | |
156 | (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket) | |
157 | (ldap.apache.vhostConf pcfg.ldap.socket) | |
158 | (kanboard.apache.vhostConf pcfg.kanboard.socket) | |
159 | (grocy.apache.vhostConf pcfg.grocy.socket) | |
a8ef1adb | 160 | (phpbb.apache.vhostConf pcfg.phpbb.socket) |
7df5e532 | 161 | (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket) |
ea3b46ee | 162 | '' |
a9f52ec5 IB |
163 | <Location "/paste/"> |
164 | ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/ | |
165 | ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/ | |
166 | ProxyPreserveHost on | |
167 | </Location> | |
168 | <Location "/paste"> | |
169 | ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/ | |
170 | ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/ | |
171 | ProxyPreserveHost on | |
172 | </Location> | |
251c0a13 | 173 | |
cb589b2e IB |
174 | Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39 |
175 | <Directory "/var/lib/buildbot/outputs/immae/bip39"> | |
251c0a13 IB |
176 | DirectoryIndex index.html |
177 | AllowOverride None | |
178 | Require all granted | |
179 | </Directory> | |
180 | ||
da30ae4f IB |
181 | Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"} |
182 | <Directory "${config.secrets.fullPaths."webapps/webhooks"}"> | |
251c0a13 | 183 | Options -Indexes |
2be8c2e6 | 184 | DirectoryIndex index.php |
251c0a13 IB |
185 | Require all granted |
186 | AllowOverride None | |
187 | <FilesMatch "\.php$"> | |
188 | SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost" | |
189 | </FilesMatch> | |
190 | </Directory> | |
ea3b46ee | 191 | '' |
10889174 IB |
192 | ]; |
193 | }; | |
194 | ||
29f8cb85 | 195 | services.websites.env.tools.vhostConfs.outils = { |
7df420c2 IB |
196 | certName = "eldiron"; |
197 | addToCerts = true; | |
0f71cd76 | 198 | hosts = [ "outils.immae.eu" ]; |
7df420c2 | 199 | root = null; |
70606070 IB |
200 | extraConfig = [ |
201 | '' | |
202 | RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1 | |
203 | ||
204 | RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1 | |
205 | ||
206 | RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1 | |
207 | RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1 | |
208 | ||
209 | RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1 | |
210 | RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1 | |
211 | RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1 | |
212 | RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1 | |
213 | ||
214 | RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1 | |
215 | ||
afcc5de0 IB |
216 | RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1 |
217 | ||
3f453c7d IB |
218 | RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse |
219 | ||
ea9c6fe8 IB |
220 | RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1 |
221 | ||
70606070 IB |
222 | RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1 |
223 | '' | |
224 | ]; | |
225 | }; | |
226 | ||
f40f5b23 IB |
227 | systemd.services = { |
228 | phpfpm-dokuwiki = { | |
229 | after = lib.mkAfter dokuwiki.phpFpm.serviceDeps; | |
230 | wants = dokuwiki.phpFpm.serviceDeps; | |
231 | }; | |
a8ef1adb IB |
232 | phpfpm-phpbb = { |
233 | after = lib.mkAfter phpbb.phpFpm.serviceDeps; | |
234 | wants = phpbb.phpFpm.serviceDeps; | |
235 | }; | |
f40f5b23 IB |
236 | phpfpm-kanboard = { |
237 | after = lib.mkAfter kanboard.phpFpm.serviceDeps; | |
238 | wants = kanboard.phpFpm.serviceDeps; | |
239 | }; | |
240 | phpfpm-ldap = { | |
241 | after = lib.mkAfter ldap.phpFpm.serviceDeps; | |
242 | wants = ldap.phpFpm.serviceDeps; | |
243 | }; | |
f40f5b23 IB |
244 | phpfpm-shaarli = { |
245 | after = lib.mkAfter shaarli.phpFpm.serviceDeps; | |
246 | wants = shaarli.phpFpm.serviceDeps; | |
247 | }; | |
248 | phpfpm-ttrss = { | |
249 | after = lib.mkAfter ttrss.phpFpm.serviceDeps; | |
250 | wants = ttrss.phpFpm.serviceDeps; | |
251 | }; | |
252 | phpfpm-wallabag = { | |
253 | after = lib.mkAfter wallabag.phpFpm.serviceDeps; | |
254 | wants = wallabag.phpFpm.serviceDeps; | |
255 | preStart = lib.mkAfter wallabag.phpFpm.preStart; | |
256 | }; | |
257 | phpfpm-yourls = { | |
258 | after = lib.mkAfter yourls.phpFpm.serviceDeps; | |
259 | wants = yourls.phpFpm.serviceDeps; | |
260 | }; | |
261 | ympd = { | |
262 | description = "Standalone MPD Web GUI written in C"; | |
263 | wantedBy = [ "multi-user.target" ]; | |
264 | script = '' | |
da30ae4f | 265 | export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"}) |
f40f5b23 IB |
266 | ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody |
267 | ''; | |
268 | }; | |
269 | tt-rss = { | |
270 | description = "Tiny Tiny RSS feeds update daemon"; | |
271 | serviceConfig = { | |
272 | User = "wwwrun"; | |
dcac3ec7 | 273 | ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon"; |
f40f5b23 IB |
274 | StandardOutput = "syslog"; |
275 | StandardError = "syslog"; | |
276 | PermissionsStartOnly = true; | |
277 | }; | |
278 | ||
279 | wantedBy = [ "multi-user.target" ]; | |
280 | requires = ["postgresql.service"]; | |
281 | after = ["network.target" "postgresql.service"]; | |
282 | }; | |
283 | }; | |
284 | ||
17f6eae9 IB |
285 | services.filesWatcher.ympd = { |
286 | restart = true; | |
da30ae4f | 287 | paths = [ config.secrets.fullPaths."mpd" ]; |
17f6eae9 IB |
288 | }; |
289 | ||
441da8aa IB |
290 | services.phpfpm.pools = { |
291 | tools = { | |
5400b9b6 IB |
292 | user = "wwwrun"; |
293 | group = "wwwrun"; | |
294 | settings = { | |
295 | "listen.owner" = "wwwrun"; | |
296 | "listen.group" = "wwwrun"; | |
297 | "pm" = "dynamic"; | |
298 | "pm.max_children" = "60"; | |
299 | "pm.start_servers" = "2"; | |
300 | "pm.min_spare_servers" = "1"; | |
301 | "pm.max_spare_servers" = "10"; | |
f40f5b23 | 302 | |
5400b9b6 IB |
303 | # Needed to avoid clashes in browser cookies (same domain) |
304 | "php_value[session.name]" = "ToolsPHPSESSID"; | |
251c0a13 | 305 | "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [ |
a8ef1adb | 306 | "/run/wrappers/bin/sendmail" landing "/tmp" |
da30ae4f | 307 | config.secrets.fullPaths."webapps/webhooks" |
251c0a13 IB |
308 | ]; |
309 | }; | |
310 | phpEnv = { | |
311 | CONTACT_EMAIL = config.myEnv.tools.contact; | |
5400b9b6 | 312 | }; |
dcac3ec7 | 313 | phpPackage = pkgs.php72; |
441da8aa IB |
314 | }; |
315 | devtools = { | |
5400b9b6 IB |
316 | user = "wwwrun"; |
317 | group = "wwwrun"; | |
318 | settings = { | |
319 | "listen.owner" = "wwwrun"; | |
320 | "listen.group" = "wwwrun"; | |
321 | "pm" = "dynamic"; | |
322 | "pm.max_children" = "60"; | |
323 | "pm.start_servers" = "2"; | |
324 | "pm.min_spare_servers" = "1"; | |
325 | "pm.max_spare_servers" = "10"; | |
1922655a | 326 | |
41cce84a | 327 | "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp"; |
5400b9b6 | 328 | }; |
2053ddac | 329 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]); |
441da8aa | 330 | }; |
5400b9b6 | 331 | adminer = adminer.phpFpm; |
441da8aa | 332 | ttrss = { |
5400b9b6 IB |
333 | user = "wwwrun"; |
334 | group = "wwwrun"; | |
335 | settings = ttrss.phpFpm.pool; | |
dcac3ec7 | 336 | phpPackage = pkgs.php72; |
441da8aa IB |
337 | }; |
338 | wallabag = { | |
5400b9b6 IB |
339 | user = "wwwrun"; |
340 | group = "wwwrun"; | |
341 | settings = wallabag.phpFpm.pool; | |
2053ddac | 342 | phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]); |
441da8aa IB |
343 | }; |
344 | yourls = { | |
5400b9b6 IB |
345 | user = "wwwrun"; |
346 | group = "wwwrun"; | |
347 | settings = yourls.phpFpm.pool; | |
dcac3ec7 | 348 | phpPackage = pkgs.php72; |
441da8aa IB |
349 | }; |
350 | rompr = { | |
5400b9b6 IB |
351 | user = "wwwrun"; |
352 | group = "wwwrun"; | |
353 | settings = rompr.phpFpm.pool; | |
dcac3ec7 | 354 | phpPackage = pkgs.php72; |
441da8aa IB |
355 | }; |
356 | shaarli = { | |
5400b9b6 IB |
357 | user = "wwwrun"; |
358 | group = "wwwrun"; | |
359 | settings = shaarli.phpFpm.pool; | |
dcac3ec7 | 360 | phpPackage = pkgs.php72; |
441da8aa | 361 | }; |
7df5e532 IB |
362 | dmarc-reports = { |
363 | user = "wwwrun"; | |
364 | group = "wwwrun"; | |
365 | settings = dmarc-reports.phpFpm.pool; | |
366 | phpEnv = dmarc-reports.phpFpm.phpEnv; | |
dcac3ec7 | 367 | phpPackage = pkgs.php72; |
7df5e532 | 368 | }; |
441da8aa | 369 | dokuwiki = { |
5400b9b6 IB |
370 | user = "wwwrun"; |
371 | group = "wwwrun"; | |
372 | settings = dokuwiki.phpFpm.pool; | |
dcac3ec7 | 373 | phpPackage = pkgs.php72; |
441da8aa | 374 | }; |
a8ef1adb IB |
375 | phpbb = { |
376 | user = "wwwrun"; | |
377 | group = "wwwrun"; | |
378 | settings = phpbb.phpFpm.pool; | |
dcac3ec7 | 379 | phpPackage = pkgs.php72; |
a8ef1adb | 380 | }; |
441da8aa | 381 | ldap = { |
5400b9b6 IB |
382 | user = "wwwrun"; |
383 | group = "wwwrun"; | |
384 | settings = ldap.phpFpm.pool; | |
64608496 | 385 | phpPackage = pkgs.php72; |
441da8aa IB |
386 | }; |
387 | kanboard = { | |
5400b9b6 IB |
388 | user = "wwwrun"; |
389 | group = "wwwrun"; | |
390 | settings = kanboard.phpFpm.pool; | |
dcac3ec7 | 391 | phpPackage = pkgs.php72; |
441da8aa IB |
392 | }; |
393 | grocy = { | |
5400b9b6 IB |
394 | user = "wwwrun"; |
395 | group = "wwwrun"; | |
396 | settings = grocy.phpFpm.pool; | |
dcac3ec7 | 397 | phpPackage = pkgs.php72; |
441da8aa | 398 | }; |
10889174 IB |
399 | }; |
400 | ||
401 | system.activationScripts = { | |
4288c2f2 | 402 | adminer = adminer.activationScript; |
c7627e14 | 403 | grocy = grocy.activationScript; |
10889174 | 404 | ttrss = ttrss.activationScript; |
aebd817b | 405 | wallabag = wallabag.activationScript; |
133ebaee | 406 | yourls = yourls.activationScript; |
bfe3c9c9 | 407 | rompr = rompr.activationScript; |
95b20e17 | 408 | shaarli = shaarli.activationScript; |
b892dcbe | 409 | dokuwiki = dokuwiki.activationScript; |
a8ef1adb | 410 | phpbb = phpbb.activationScript; |
d4ed0eff | 411 | kanboard = kanboard.activationScript; |
4288c2f2 | 412 | ldap = ldap.activationScript; |
10889174 IB |
413 | }; |
414 | ||
29f8cb85 | 415 | services.websites.env.tools.watchPaths = [ |
da30ae4f | 416 | config.secrets.fullPaths."webapps/tools-shaarli" |
17f6eae9 IB |
417 | ]; |
418 | services.filesWatcher.phpfpm-wallabag = { | |
419 | restart = true; | |
da30ae4f | 420 | paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ]; |
17f6eae9 | 421 | }; |
ea3b46ee | 422 | |
10889174 IB |
423 | }; |
424 | } | |
425 |