[perso/Immae/Config/Nix.git] / modules / private / websites / tools / tools / default.nix

{ lib, pkgs, config, ... }:
let
  flakeCompat = import ../../../../../lib/flake-compat.nix;

  adminer = pkgs.callPackage ./adminer.nix {};
  ympd = pkgs.callPackage ./ympd.nix {
    env = config.myEnv.tools.ympd;
  };
  ttrss = pkgs.callPackage ./ttrss.nix {
    inherit (pkgs.webapps) ttrss ttrss-plugins;
    env = config.myEnv.tools.ttrss;
    php = pkgs.php72;
    inherit config;
  };
  kanboard = pkgs.callPackage ./kanboard.nix  {
    inherit config;
    env = config.myEnv.tools.kanboard;
  };
  wallabag = pkgs.callPackage ./wallabag.nix {
    wallabag = pkgs.webapps.wallabag.override {
      composerEnv = pkgs.composerEnv.override {
        php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
      };
    };
    env = config.myEnv.tools.wallabag;
    inherit config;
  };
  yourls = pkgs.callPackage ./yourls.nix {
    inherit (pkgs.webapps) yourls yourls-plugins;
    env = config.myEnv.tools.yourls;
    inherit config;
  };
  rompr = pkgs.callPackage ./rompr.nix {
    inherit (pkgs.webapps) rompr;
    env = config.myEnv.tools.rompr;
  };
  shaarli = pkgs.callPackage ./shaarli.nix {
    env = config.myEnv.tools.shaarli;
    inherit config;
  };
  dokuwiki = pkgs.callPackage ./dokuwiki.nix {
    inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
  };
  ldap = pkgs.callPackage ./ldap.nix {
    inherit (pkgs.webapps) phpldapadmin;
    env = config.myEnv.tools.phpldapadmin;
    inherit config;
  };
  grocy = pkgs.callPackage ./grocy.nix {
    grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
  };
  phpbb = pkgs.callPackage ./phpbb.nix {
    phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
      e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
      e.empteintesduweb.monitoranswers e.lr94.autosubscribe
      e.phpbbmodders.adduser ]);
  };
  webhooks-bin-env = pkgs.buildEnv {
    name = "webhook-env";
    paths = [ pkgs.apprise ];
    pathsToLink = [ "/bin" ];
  };
  webhooks = pkgs.callPackage ./webhooks.nix {
    env = config.myEnv.tools.webhooks;
    binEnv = webhooks-bin-env;
  };
  dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
    env = config.myEnv.tools.dmarc_reports;
    inherit config;
  };

  landing = pkgs.callPackage ./landing.nix {};

  cfg = config.myServices.websites.tools.tools;
  pcfg = config.services.phpfpm.pools;
in {
  imports =
    builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;

  options.myServices.websites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    myServices.chatonsProperties.services = {
      dokuwiki = dokuwiki.chatonsProperties;
      shaarli = shaarli.chatonsProperties;
      ttrss = ttrss.chatonsProperties;
      wallabag = wallabag.chatonsProperties;
      paste = {
        file.datetime = "2022-08-22T00:15:00";
        service = {
          name = "Paste";
          description = "A simple paster script with syntax highlight";
          website = "https://tools.immae.eu/paste/";
          logo = "https://assets.immae.eu/logo.jpg";
          status.level = "OK";
          status.description = "OK";
          registration."" = ["MEMBER" "CLIENT"];
          registration.load = "OPEN";
          install.type = "PACKAGE";
          guide.user = "https://tools.immae.eu/paste/";
        };
        software = {
          name = "Paste";
          website = "https://tools.immae.eu/paste/";
          license.url = "https://tools.immae.eu/paste/license";
          license.name = "MIT License";
          version = "Unversioned";
          source.url = "https://tools.immae.eu/paste/abcd123/py";
        };
      };
    };
    myServices.chatonsProperties.hostings = {
      dokuwiki = dokuwiki.chatonsHostingProperties;
      phpbb = phpbb.chatonsHostingProperties;
    };
    secrets.keys =
      kanboard.keys
      // ldap.keys
      // shaarli.keys
      // ttrss.keys
      // wallabag.keys
      // yourls.keys
      // dmarc-reports.keys
      // webhooks.keys;

    services.websites.env.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ dmarc-reports.apache.modules
      ++ phpbb.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.websites.env.integration.vhostConfs.devtools = {
      certName     = "integration";
      certMainHost = "tools.immae.dev";
      addToCerts   = true;
      hosts        = [ "tools.immae.dev" ];
      root         = "/var/lib/ftp/immae/devtools";
      extraConfig  = [
        ''
          Use Apaxy "/var/lib/ftp/immae/devtools" "title"
          Timeout 600
          ProxyTimeout 600
          Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
          <Directory "/var/lib/ftp/immae/devtools">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
      ];
    };

    services.websites.env.tools.vhostConfs.tools = {
      certName    = "eldiron";
      addToCerts  = true;
      hosts       = ["tools.immae.eu" ];
      root        = landing;
      extraConfig = [
        ''
          RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1
          RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1
          RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

          <Directory "${landing}">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted

            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        (adminer.apache.vhostConf pcfg.adminer.socket)
        ympd.apache.vhostConf
        (ttrss.apache.vhostConf pcfg.ttrss.socket)
        (wallabag.apache.vhostConf pcfg.wallabag.socket)
        (yourls.apache.vhostConf pcfg.yourls.socket)
        (rompr.apache.vhostConf pcfg.rompr.socket)
        (shaarli.apache.vhostConf pcfg.shaarli.socket)
        (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
        (ldap.apache.vhostConf pcfg.ldap.socket)
        (kanboard.apache.vhostConf pcfg.kanboard.socket)
        (grocy.apache.vhostConf pcfg.grocy.socket)
        (phpbb.apache.vhostConf pcfg.phpbb.socket)
        (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
        ''
          <Location "/paste/">
            ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPreserveHost on
          </Location>
          <Location "/paste">
            ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
            ProxyPreserveHost on
          </Location>

          Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
          <Directory "/var/lib/buildbot/outputs/immae/bip39">
            DirectoryIndex index.html
            AllowOverride None
            Require all granted
          </Directory>

          Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
          <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
            Options -Indexes
            DirectoryIndex index.php
            Require all granted
            AllowOverride None
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
            </FilesMatch>
          </Directory>
        ''
      ];
    };

    services.websites.env.tools.vhostConfs.outils = {
      certName   = "eldiron";
      addToCerts = true;
      hosts      = [ "outils.immae.eu" ];
      root       = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/roundcube(.*)$   https://mail.immae.eu/roundcube$1

        RedirectMatch 301 ^/jappix(.*)$      https://im.immae.fr/converse

        RedirectMatch 301 ^/vpn(.*)$         https://vpn.immae.eu$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    systemd.services = {
      phpfpm-dokuwiki = {
        after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
        wants = dokuwiki.phpFpm.serviceDeps;
      };
      phpfpm-phpbb = {
        after = lib.mkAfter phpbb.phpFpm.serviceDeps;
        wants = phpbb.phpFpm.serviceDeps;
      };
      phpfpm-kanboard = {
        after = lib.mkAfter kanboard.phpFpm.serviceDeps;
        wants = kanboard.phpFpm.serviceDeps;
      };
      phpfpm-ldap = {
        after = lib.mkAfter ldap.phpFpm.serviceDeps;
        wants = ldap.phpFpm.serviceDeps;
      };
      phpfpm-shaarli = {
        after = lib.mkAfter shaarli.phpFpm.serviceDeps;
        wants = shaarli.phpFpm.serviceDeps;
      };
      phpfpm-ttrss = {
        after = lib.mkAfter ttrss.phpFpm.serviceDeps;
        wants = ttrss.phpFpm.serviceDeps;
      };
      phpfpm-wallabag = {
        after = lib.mkAfter wallabag.phpFpm.serviceDeps;
        wants = wallabag.phpFpm.serviceDeps;
        preStart = lib.mkAfter wallabag.phpFpm.preStart;
      };
      phpfpm-yourls = {
        after = lib.mkAfter yourls.phpFpm.serviceDeps;
        wants = yourls.phpFpm.serviceDeps;
      };
      ympd = {
        description = "Standalone MPD Web GUI written in C";
        wantedBy = [ "multi-user.target" ];
        script = ''
          export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
          ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
          '';
      };
      tt-rss = {
        description = "Tiny Tiny RSS feeds update daemon";
        serviceConfig = {
          User = "wwwrun";
          ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
          StandardOutput = "syslog";
          StandardError = "syslog";
          PermissionsStartOnly = true;
        };

        wantedBy = [ "multi-user.target" ];
        requires = ["postgresql.service"];
        after = ["network.target" "postgresql.service"];
      };
    };

    services.filesWatcher.ympd = {
      restart = true;
      paths = [ config.secrets.fullPaths."mpd" ];
    };

    services.phpfpm.pools = {
      tools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          # Needed to avoid clashes in browser cookies (same domain)
          "php_value[session.name]" = "ToolsPHPSESSID";
          "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
            "/run/wrappers/bin/sendmail" landing "/tmp"
            config.secrets.fullPaths."webapps/webhooks"
            "${webhooks-bin-env}/bin"
          ];
        };
        phpEnv = {
          CONTACT_EMAIL = config.myEnv.tools.contact;
        };
        phpPackage = pkgs.php72;
      };
      devtools = {
        user = "wwwrun";
        group = "wwwrun";
        settings = {
          "listen.owner" = "wwwrun";
          "listen.group" = "wwwrun";
          "pm" = "dynamic";
          "pm.max_children" = "60";
          "pm.start_servers" = "2";
          "pm.min_spare_servers" = "1";
          "pm.max_spare_servers" = "10";

          "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
        };
        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
      };
      adminer = adminer.phpFpm;
      ttrss = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ttrss.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      wallabag = {
        user = "wwwrun";
        group = "wwwrun";
        settings = wallabag.phpFpm.pool;
        phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
      };
      yourls = {
        user = "wwwrun";
        group = "wwwrun";
        settings = yourls.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      rompr = {
        user = "wwwrun";
        group = "wwwrun";
        settings = rompr.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      shaarli = {
        user = "wwwrun";
        group = "wwwrun";
        settings = shaarli.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      dmarc-reports = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dmarc-reports.phpFpm.pool;
        phpEnv = dmarc-reports.phpFpm.phpEnv;
        phpPackage = pkgs.php72;
      };
      dokuwiki = {
        user = "wwwrun";
        group = "wwwrun";
        settings = dokuwiki.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      phpbb = {
        user = "wwwrun";
        group = "wwwrun";
        settings = phpbb.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      ldap = {
        user = "wwwrun";
        group = "wwwrun";
        settings = ldap.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      kanboard = {
        user = "wwwrun";
        group = "wwwrun";
        settings = kanboard.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
      grocy = {
        user = "wwwrun";
        group = "wwwrun";
        settings = grocy.phpFpm.pool;
        phpPackage = pkgs.php72;
      };
    };

    system.activationScripts = {
      adminer = adminer.activationScript;
      grocy = grocy.activationScript;
      ttrss = ttrss.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      phpbb = phpbb.activationScript;
      kanboard = kanboard.activationScript;
      ldap = ldap.activationScript;
    };

    services.websites.env.tools.watchPaths = [
      config.secrets.fullPaths."webapps/tools-shaarli"
    ];
    services.filesWatcher.phpfpm-wallabag = {
      restart = true;
      paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
    };

  };
}
Commit	Line	Data
ab8f306d	1	{ lib, pkgs, config, ... }:
10889174	2	let
a9f52ec5 IB	3	flakeCompat = import ../../../../../lib/flake-compat.nix;
a9f52ec5 IB	4
750fe5a4	5	adminer = pkgs.callPackage ./adminer.nix {};
4288c2f2	6	ympd = pkgs.callPackage ./ympd.nix {
ab8f306d	7	env = config.myEnv.tools.ympd;
4288c2f2 IB	8	};
	9	ttrss = pkgs.callPackage ./ttrss.nix {
	10	inherit (pkgs.webapps) ttrss ttrss-plugins;
ab8f306d	11	env = config.myEnv.tools.ttrss;
dcac3ec7	12	php = pkgs.php72;
da30ae4f	13	inherit config;
4288c2f2	14	};
4288c2f2	15	kanboard = pkgs.callPackage ./kanboard.nix {
da30ae4f	16	inherit config;
ab8f306d	17	env = config.myEnv.tools.kanboard;
4288c2f2 IB	18	};
4288c2f2 IB	19	wallabag = pkgs.callPackage ./wallabag.nix {
46c99b57 IB	20	wallabag = pkgs.webapps.wallabag.override {
46c99b57 IB	21	composerEnv = pkgs.composerEnv.override {
2053ddac	22	php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
46c99b57 IB	23	};
46c99b57 IB	24	};
ab8f306d	25	env = config.myEnv.tools.wallabag;
da30ae4f	26	inherit config;
4288c2f2 IB	27	};
	28	yourls = pkgs.callPackage ./yourls.nix {
	29	inherit (pkgs.webapps) yourls yourls-plugins;
ab8f306d	30	env = config.myEnv.tools.yourls;
da30ae4f	31	inherit config;
4288c2f2 IB	32	};
	33	rompr = pkgs.callPackage ./rompr.nix {
	34	inherit (pkgs.webapps) rompr;
ab8f306d	35	env = config.myEnv.tools.rompr;
4288c2f2 IB	36	};
4288c2f2 IB	37	shaarli = pkgs.callPackage ./shaarli.nix {
ab8f306d	38	env = config.myEnv.tools.shaarli;
da30ae4f	39	inherit config;
4288c2f2 IB	40	};
	41	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	42	inherit (pkgs.webapps) dokuwiki dokuwiki-plugins;
	43	};
	44	ldap = pkgs.callPackage ./ldap.nix {
	45	inherit (pkgs.webapps) phpldapadmin;
ab8f306d	46	env = config.myEnv.tools.phpldapadmin;
da30ae4f	47	inherit config;
4288c2f2	48	};
c7627e14	49	grocy = pkgs.callPackage ./grocy.nix {
dcac3ec7	50	grocy = pkgs.webapps.grocy.override { composerEnv = pkgs.composerEnv.override { php = pkgs.php72; }; };
c7627e14	51	};
a8ef1adb IB	52	phpbb = pkgs.callPackage ./phpbb.nix {
	53	phpbb = (pkgs.webapps.phpbb.withLangs (l: [ l.fr ])).withExts (e: [
	54	e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
	55	e.empteintesduweb.monitoranswers e.lr94.autosubscribe
	56	e.phpbbmodders.adduser ]);
	57	};
de5b6cf1 IB	58	webhooks-bin-env = pkgs.buildEnv {
	59	name = "webhook-env";
	60	paths = [ pkgs.apprise ];
	61	pathsToLink = [ "/bin" ];
	62	};
251c0a13 IB	63	webhooks = pkgs.callPackage ./webhooks.nix {
251c0a13 IB	64	env = config.myEnv.tools.webhooks;
de5b6cf1	65	binEnv = webhooks-bin-env;
251c0a13	66	};
7df5e532 IB	67	dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
7df5e532 IB	68	env = config.myEnv.tools.dmarc_reports;
da30ae4f	69	inherit config;
7df5e532	70	};
251c0a13 IB	71
251c0a13 IB	72	landing = pkgs.callPackage ./landing.nix {};
10889174	73
4288c2f2	74	cfg = config.myServices.websites.tools.tools;
5400b9b6	75	pcfg = config.services.phpfpm.pools;
10889174	76	in {
a9f52ec5 IB	77	imports =
	78	builtins.attrValues (flakeCompat ../../../../../flakes/private/paste).nixosModules;
	79
4288c2f2	80	options.myServices.websites.tools.tools = {
10889174 IB	81	enable = lib.mkEnableOption "enable tools website";
	82	};
	83
	84	config = lib.mkIf cfg.enable {
120bcf4d IB	85	myServices.chatonsProperties.services = {
	86	dokuwiki = dokuwiki.chatonsProperties;
	87	shaarli = shaarli.chatonsProperties;
	88	ttrss = ttrss.chatonsProperties;
	89	wallabag = wallabag.chatonsProperties;
	90	paste = {
	91	file.datetime = "2022-08-22T00:15:00";
	92	service = {
	93	name = "Paste";
	94	description = "A simple paster script with syntax highlight";
	95	website = "https://tools.immae.eu/paste/";
	96	logo = "https://assets.immae.eu/logo.jpg";
	97	status.level = "OK";
	98	status.description = "OK";
	99	registration."" = ["MEMBER" "CLIENT"];
	100	registration.load = "OPEN";
	101	install.type = "PACKAGE";
	102	guide.user = "https://tools.immae.eu/paste/";
	103	};
	104	software = {
	105	name = "Paste";
	106	website = "https://tools.immae.eu/paste/";
	107	license.url = "https://tools.immae.eu/paste/license";
	108	license.name = "MIT License";
	109	version = "Unversioned";
	110	source.url = "https://tools.immae.eu/paste/abcd123/py";
	111	};
	112	};
	113	};
	114	myServices.chatonsProperties.hostings = {
	115	dokuwiki = dokuwiki.chatonsHostingProperties;
	116	phpbb = phpbb.chatonsHostingProperties;
	117	};
1a718805	118	secrets.keys =
a840a21c	119	kanboard.keys
4c4652aa IB	120	// ldap.keys
	121	// shaarli.keys
	122	// ttrss.keys
	123	// wallabag.keys
	124	// yourls.keys
	125	// dmarc-reports.keys
4c4652aa	126	// webhooks.keys;
98163486	127
29f8cb85	128	services.websites.env.tools.modules =
1922655a IB	129	[ "proxy_fcgi" ]
1922655a IB	130	++ adminer.apache.modules
10889174 IB	131	++ ympd.apache.modules
10889174 IB	132	++ ttrss.apache.modules
133ebaee	133	++ wallabag.apache.modules
bfe3c9c9	134	++ yourls.apache.modules
95b20e17	135	++ rompr.apache.modules
b892dcbe	136	++ shaarli.apache.modules
f80772dc	137	++ dokuwiki.apache.modules
7df5e532	138	++ dmarc-reports.apache.modules
a8ef1adb	139	++ phpbb.apache.modules
d4ed0eff IB	140	++ ldap.apache.modules
d4ed0eff IB	141	++ kanboard.apache.modules;
10889174	142
29f8cb85	143	services.websites.env.integration.vhostConfs.devtools = {
0f71cd76	144	certName = "integration";
7c5e6fe8	145	certMainHost = "tools.immae.dev";
0f71cd76	146	addToCerts = true;
7c5e6fe8	147	hosts = [ "tools.immae.dev" ];
41cce84a	148	root = "/var/lib/ftp/immae/devtools";
0f71cd76	149	extraConfig = [
0aae0181	150	''
41cce84a	151	Use Apaxy "/var/lib/ftp/immae/devtools" "title"
9338c832 IB	152	Timeout 600
9338c832 IB	153	ProxyTimeout 600
68c45ad5	154	Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
41cce84a	155	<Directory "/var/lib/ftp/immae/devtools">
0aae0181 IB	156	DirectoryIndex index.php index.htm index.html
	157	AllowOverride all
	158	Require all granted
	159	<FilesMatch "\.php$">
5400b9b6	160	SetHandler "proxy:unix:${pcfg.devtools.socket}\|fcgi://localhost"
0aae0181 IB	161	</FilesMatch>
	162	</Directory>
	163	''
46f30ecc IB	164	];
	165	};
	166
29f8cb85	167	services.websites.env.tools.vhostConfs.tools = {
10889174	168	certName = "eldiron";
7df420c2	169	addToCerts = true;
10889174	170	hosts = ["tools.immae.eu" ];
a8ef1adb	171	root = landing;
10889174	172	extraConfig = [
1922655a	173	''
ea9c6fe8	174	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
afcc5de0	175	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
3f453c7d	176	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
afcc5de0	177
251c0a13 IB	178	<Directory "${landing}">
	179	DirectoryIndex index.html
	180	AllowOverride None
	181	Require all granted
	182
	183	<FilesMatch "\.php$">
	184	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	185	</FilesMatch>
	186	</Directory>
1922655a	187	''
5400b9b6	188	(adminer.apache.vhostConf pcfg.adminer.socket)
10889174	189	ympd.apache.vhostConf
5400b9b6 IB	190	(ttrss.apache.vhostConf pcfg.ttrss.socket)
	191	(wallabag.apache.vhostConf pcfg.wallabag.socket)
	192	(yourls.apache.vhostConf pcfg.yourls.socket)
	193	(rompr.apache.vhostConf pcfg.rompr.socket)
	194	(shaarli.apache.vhostConf pcfg.shaarli.socket)
	195	(dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
	196	(ldap.apache.vhostConf pcfg.ldap.socket)
	197	(kanboard.apache.vhostConf pcfg.kanboard.socket)
	198	(grocy.apache.vhostConf pcfg.grocy.socket)
a8ef1adb	199	(phpbb.apache.vhostConf pcfg.phpbb.socket)
7df5e532	200	(dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
ea3b46ee	201	''
a9f52ec5 IB	202	<Location "/paste/">
	203	ProxyPass unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	204	ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	205	ProxyPreserveHost on
	206	</Location>
	207	<Location "/paste">
	208	ProxyPass unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	209	ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}\|http://tools.immae.eu/paste/
	210	ProxyPreserveHost on
	211	</Location>
251c0a13	212
cb589b2e IB	213	Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
cb589b2e IB	214	<Directory "/var/lib/buildbot/outputs/immae/bip39">
251c0a13 IB	215	DirectoryIndex index.html
	216	AllowOverride None
	217	Require all granted
	218	</Directory>
	219
da30ae4f IB	220	Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
da30ae4f IB	221	<Directory "${config.secrets.fullPaths."webapps/webhooks"}">
251c0a13	222	Options -Indexes
2be8c2e6	223	DirectoryIndex index.php
251c0a13 IB	224	Require all granted
	225	AllowOverride None
	226	<FilesMatch "\.php$">
	227	SetHandler "proxy:unix:${pcfg.tools.socket}\|fcgi://localhost"
	228	</FilesMatch>
	229	</Directory>
ea3b46ee	230	''
10889174 IB	231	];
	232	};
	233
29f8cb85	234	services.websites.env.tools.vhostConfs.outils = {
7df420c2 IB	235	certName = "eldiron";
7df420c2 IB	236	addToCerts = true;
0f71cd76	237	hosts = [ "outils.immae.eu" ];
7df420c2	238	root = null;
70606070 IB	239	extraConfig = [
	240	''
	241	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	242
	243	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	244
	245	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	246	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	247
	248	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	249	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	250	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	251	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	252
	253	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	254
afcc5de0 IB	255	RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
afcc5de0 IB	256
3f453c7d IB	257	RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
3f453c7d IB	258
ea9c6fe8 IB	259	RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
ea9c6fe8 IB	260
70606070 IB	261	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	262	''
	263	];
	264	};
	265
f40f5b23 IB	266	systemd.services = {
	267	phpfpm-dokuwiki = {
	268	after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
	269	wants = dokuwiki.phpFpm.serviceDeps;
	270	};
a8ef1adb IB	271	phpfpm-phpbb = {
	272	after = lib.mkAfter phpbb.phpFpm.serviceDeps;
	273	wants = phpbb.phpFpm.serviceDeps;
	274	};
f40f5b23 IB	275	phpfpm-kanboard = {
	276	after = lib.mkAfter kanboard.phpFpm.serviceDeps;
	277	wants = kanboard.phpFpm.serviceDeps;
	278	};
	279	phpfpm-ldap = {
	280	after = lib.mkAfter ldap.phpFpm.serviceDeps;
	281	wants = ldap.phpFpm.serviceDeps;
	282	};
f40f5b23 IB	283	phpfpm-shaarli = {
	284	after = lib.mkAfter shaarli.phpFpm.serviceDeps;
	285	wants = shaarli.phpFpm.serviceDeps;
	286	};
	287	phpfpm-ttrss = {
	288	after = lib.mkAfter ttrss.phpFpm.serviceDeps;
	289	wants = ttrss.phpFpm.serviceDeps;
	290	};
	291	phpfpm-wallabag = {
	292	after = lib.mkAfter wallabag.phpFpm.serviceDeps;
	293	wants = wallabag.phpFpm.serviceDeps;
	294	preStart = lib.mkAfter wallabag.phpFpm.preStart;
	295	};
	296	phpfpm-yourls = {
	297	after = lib.mkAfter yourls.phpFpm.serviceDeps;
	298	wants = yourls.phpFpm.serviceDeps;
	299	};
	300	ympd = {
	301	description = "Standalone MPD Web GUI written in C";
	302	wantedBy = [ "multi-user.target" ];
	303	script = ''
da30ae4f	304	export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
f40f5b23 IB	305	${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
	306	'';
	307	};
	308	tt-rss = {
	309	description = "Tiny Tiny RSS feeds update daemon";
	310	serviceConfig = {
	311	User = "wwwrun";
dcac3ec7	312	ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
f40f5b23 IB	313	StandardOutput = "syslog";
	314	StandardError = "syslog";
	315	PermissionsStartOnly = true;
	316	};
	317
	318	wantedBy = [ "multi-user.target" ];
	319	requires = ["postgresql.service"];
	320	after = ["network.target" "postgresql.service"];
	321	};
	322	};
	323
17f6eae9 IB	324	services.filesWatcher.ympd = {
17f6eae9 IB	325	restart = true;
da30ae4f	326	paths = [ config.secrets.fullPaths."mpd" ];
17f6eae9 IB	327	};
17f6eae9 IB	328
441da8aa IB	329	services.phpfpm.pools = {
441da8aa IB	330	tools = {
5400b9b6 IB	331	user = "wwwrun";
	332	group = "wwwrun";
	333	settings = {
	334	"listen.owner" = "wwwrun";
	335	"listen.group" = "wwwrun";
	336	"pm" = "dynamic";
	337	"pm.max_children" = "60";
	338	"pm.start_servers" = "2";
	339	"pm.min_spare_servers" = "1";
	340	"pm.max_spare_servers" = "10";
f40f5b23	341
5400b9b6 IB	342	# Needed to avoid clashes in browser cookies (same domain)
5400b9b6 IB	343	"php_value[session.name]" = "ToolsPHPSESSID";
251c0a13	344	"php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
a8ef1adb	345	"/run/wrappers/bin/sendmail" landing "/tmp"
da30ae4f	346	config.secrets.fullPaths."webapps/webhooks"
de5b6cf1	347	"${webhooks-bin-env}/bin"
251c0a13 IB	348	];
	349	};
	350	phpEnv = {
	351	CONTACT_EMAIL = config.myEnv.tools.contact;
5400b9b6	352	};
dcac3ec7	353	phpPackage = pkgs.php72;
441da8aa IB	354	};
441da8aa IB	355	devtools = {
5400b9b6 IB	356	user = "wwwrun";
	357	group = "wwwrun";
	358	settings = {
	359	"listen.owner" = "wwwrun";
	360	"listen.group" = "wwwrun";
	361	"pm" = "dynamic";
	362	"pm.max_children" = "60";
	363	"pm.start_servers" = "2";
	364	"pm.min_spare_servers" = "1";
	365	"pm.max_spare_servers" = "10";
1922655a	366
41cce84a	367	"php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
5400b9b6	368	};
2053ddac	369	phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.redis all.apcu all.opcache ]);
441da8aa	370	};
5400b9b6	371	adminer = adminer.phpFpm;
441da8aa	372	ttrss = {
5400b9b6 IB	373	user = "wwwrun";
	374	group = "wwwrun";
	375	settings = ttrss.phpFpm.pool;
dcac3ec7	376	phpPackage = pkgs.php72;
441da8aa IB	377	};
441da8aa IB	378	wallabag = {
5400b9b6 IB	379	user = "wwwrun";
	380	group = "wwwrun";
	381	settings = wallabag.phpFpm.pool;
2053ddac	382	phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
441da8aa IB	383	};
441da8aa IB	384	yourls = {
5400b9b6 IB	385	user = "wwwrun";
	386	group = "wwwrun";
	387	settings = yourls.phpFpm.pool;
dcac3ec7	388	phpPackage = pkgs.php72;
441da8aa IB	389	};
441da8aa IB	390	rompr = {
5400b9b6 IB	391	user = "wwwrun";
	392	group = "wwwrun";
	393	settings = rompr.phpFpm.pool;
dcac3ec7	394	phpPackage = pkgs.php72;
441da8aa IB	395	};
441da8aa IB	396	shaarli = {
5400b9b6 IB	397	user = "wwwrun";
	398	group = "wwwrun";
	399	settings = shaarli.phpFpm.pool;
dcac3ec7	400	phpPackage = pkgs.php72;
441da8aa	401	};
7df5e532 IB	402	dmarc-reports = {
	403	user = "wwwrun";
	404	group = "wwwrun";
	405	settings = dmarc-reports.phpFpm.pool;
	406	phpEnv = dmarc-reports.phpFpm.phpEnv;
dcac3ec7	407	phpPackage = pkgs.php72;
7df5e532	408	};
441da8aa	409	dokuwiki = {
5400b9b6 IB	410	user = "wwwrun";
	411	group = "wwwrun";
	412	settings = dokuwiki.phpFpm.pool;
dcac3ec7	413	phpPackage = pkgs.php72;
441da8aa	414	};
a8ef1adb IB	415	phpbb = {
	416	user = "wwwrun";
	417	group = "wwwrun";
	418	settings = phpbb.phpFpm.pool;
dcac3ec7	419	phpPackage = pkgs.php72;
a8ef1adb	420	};
441da8aa	421	ldap = {
5400b9b6 IB	422	user = "wwwrun";
	423	group = "wwwrun";
	424	settings = ldap.phpFpm.pool;
64608496	425	phpPackage = pkgs.php72;
441da8aa IB	426	};
441da8aa IB	427	kanboard = {
5400b9b6 IB	428	user = "wwwrun";
	429	group = "wwwrun";
	430	settings = kanboard.phpFpm.pool;
dcac3ec7	431	phpPackage = pkgs.php72;
441da8aa IB	432	};
441da8aa IB	433	grocy = {
5400b9b6 IB	434	user = "wwwrun";
	435	group = "wwwrun";
	436	settings = grocy.phpFpm.pool;
dcac3ec7	437	phpPackage = pkgs.php72;
441da8aa	438	};
10889174 IB	439	};
	440
	441	system.activationScripts = {
4288c2f2	442	adminer = adminer.activationScript;
c7627e14	443	grocy = grocy.activationScript;
10889174	444	ttrss = ttrss.activationScript;
aebd817b	445	wallabag = wallabag.activationScript;
133ebaee	446	yourls = yourls.activationScript;
bfe3c9c9	447	rompr = rompr.activationScript;
95b20e17	448	shaarli = shaarli.activationScript;
b892dcbe	449	dokuwiki = dokuwiki.activationScript;
a8ef1adb	450	phpbb = phpbb.activationScript;
d4ed0eff	451	kanboard = kanboard.activationScript;
4288c2f2	452	ldap = ldap.activationScript;
10889174 IB	453	};
10889174 IB	454
29f8cb85	455	services.websites.env.tools.watchPaths = [
da30ae4f	456	config.secrets.fullPaths."webapps/tools-shaarli"
17f6eae9 IB	457	];
	458	services.filesWatcher.phpfpm-wallabag = {
	459	restart = true;
da30ae4f	460	paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
17f6eae9	461	};
ea3b46ee	462
10889174 IB	463	};
	464	}
	465