[perso/Immae/Config/Nix.git] / nixops / modules / websites / tools / tools / default.nix

{ lib, pkgs, config, myconfig, mylibs, ... }:
let
    adminer = pkgs.callPackage ../../commons/adminer.nix {};
    ympd = pkgs.callPackage ./ympd.nix {
      env = myconfig.env.tools.ympd;
    };
    ttrss = pkgs.callPackage ./ttrss.nix {
      inherit (mylibs) fetchedGithub fetchedGit;
      env = myconfig.env.tools.ttrss;
    };
    roundcubemail = pkgs.callPackage ./roundcubemail.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.roundcubemail;
    };
    rainloop = pkgs.callPackage ./rainloop.nix  {};
    kanboard = pkgs.callPackage ./kanboard.nix  {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.kanboard;
    };
    wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
    yourls = pkgs.callPackage ./yourls.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.yourls;
    };
    rompr = pkgs.callPackage ./rompr.nix {
      inherit (mylibs) fetchedGithub;
      env = myconfig.env.tools.rompr;
    };
    shaarli = pkgs.callPackage ./shaarli.nix {
      env = myconfig.env.tools.shaarli;
    };
    dokuwiki = pkgs.callPackage ./dokuwiki.nix {
      inherit (mylibs) fetchedGithub;
    };
    ldap = pkgs.callPackage ./ldap.nix {
      env = myconfig.env.tools.phpldapadmin;
    };

    cfg = config.services.myWebsites.tools.tools;
in {
  options.services.myWebsites.tools.tools = {
    enable = lib.mkEnableOption "enable tools website";
  };

  config = lib.mkIf cfg.enable {
    security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
    security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;

    deployment.keys =
      kanboard.keys
      // ldap.keys
      // roundcubemail.keys
      // shaarli.keys
      // ttrss.keys
      // wallabag.keys
      // yourls.keys;

    services.myWebsites.integration.modules =
      rainloop.apache.modules;

    services.myWebsites.tools.modules =
      [ "proxy_fcgi" ]
      ++ adminer.apache.modules
      ++ ympd.apache.modules
      ++ ttrss.apache.modules
      ++ roundcubemail.apache.modules
      ++ wallabag.apache.modules
      ++ yourls.apache.modules
      ++ rompr.apache.modules
      ++ shaarli.apache.modules
      ++ dokuwiki.apache.modules
      ++ ldap.apache.modules
      ++ kanboard.apache.modules;

    services.ympd = ympd.config // { enable = true; };

    services.myWebsites.integration.vhostConfs.devtools = {
      certName    = "eldiron";
      hosts       = ["devtools.immae.eu" ];
      root        = null;
      extraConfig = [
        rainloop.apache.vhostConf
      ];
    };

    services.myWebsites.tools.vhostConfs.tools = {
      certName    = "eldiron";
      hosts       = ["tools.immae.eu" ];
      root        = "/var/lib/ftp/tools.immae.eu";
      extraConfig = [
        ''
          <Directory "/var/lib/ftp/tools.immae.eu">
            DirectoryIndex index.php index.htm index.html
            AllowOverride all
            Require all granted
            <FilesMatch "\.php$">
              SetHandler "proxy:unix:/var/run/phpfpm/tools.sock|fcgi://localhost"
            </FilesMatch>
          </Directory>
          ''
        adminer.apache.vhostConf
        ympd.apache.vhostConf
        ttrss.apache.vhostConf
        roundcubemail.apache.vhostConf
        wallabag.apache.vhostConf
        yourls.apache.vhostConf
        rompr.apache.vhostConf
        shaarli.apache.vhostConf
        dokuwiki.apache.vhostConf
        ldap.apache.vhostConf
        kanboard.apache.vhostConf
      ];
    };

    security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
    services.myWebsites.tools.vhostConfs.outils = {
      certName = "eldiron";
      hosts    = [ "outils.immae.eu" ];
      root     = null;
      extraConfig = [
        ''
        RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1

        RedirectMatch 301 ^/ether(.*)$       https://ether.immae.eu$1

        RedirectMatch 301 ^/nextcloud(.*)$   https://cloud.immae.eu$1
        RedirectMatch 301 ^/owncloud(.*)$    https://cloud.immae.eu$1

        RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldavzap(.*)$   https://dav.immae.eu/infcloud$1
        RedirectMatch 301 ^/caldav.php(.*)$  https://dav.immae.eu/caldav.php$1
        RedirectMatch 301 ^/davical(.*)$     https://dav.immae.eu/davical$1

        RedirectMatch 301 ^/taskweb(.*)$     https://task.immae.eu/taskweb$1

        RedirectMatch 301 ^/(.*)$            https://tools.immae.eu/$1
        ''
      ];
    };

    services.myPhpfpm.envFile = {
      shaarli = shaarli.phpFpm.envFile;
    };

    services.myPhpfpm.serviceDependencies = {
      dokuwiki = dokuwiki.phpFpm.serviceDeps;
      kanboard = kanboard.phpFpm.serviceDeps;
      ldap = ldap.phpFpm.serviceDeps;
      rainloop = rainloop.phpFpm.serviceDeps;
      roundcubemail = roundcubemail.phpFpm.serviceDeps;
      shaarli = shaarli.phpFpm.serviceDeps;
      ttrss = ttrss.phpFpm.serviceDeps;
      wallabag = wallabag.phpFpm.serviceDeps;
      yourls = yourls.phpFpm.serviceDeps;
    };

    services.myPhpfpm.poolPhpConfigs.roundcubemail = roundcubemail.phpFpm.phpConfig;
    services.myPhpfpm.poolConfigs = {
      adminer = adminer.phpFpm.pool;
      ttrss = ttrss.phpFpm.pool;
      roundcubemail = roundcubemail.phpFpm.pool;
      wallabag = wallabag.phpFpm.pool;
      yourls = yourls.phpFpm.pool;
      rompr = rompr.phpFpm.pool;
      shaarli = shaarli.phpFpm.pool;
      dokuwiki = dokuwiki.phpFpm.pool;
      ldap = ldap.phpFpm.pool;
      rainloop = rainloop.phpFpm.pool;
      kanboard = kanboard.phpFpm.pool;
      tools = ''
        listen = /var/run/phpfpm/tools.sock
        user = wwwrun
        group = wwwrun
        listen.owner = wwwrun
        listen.group = wwwrun
        pm = dynamic
        pm.max_children = 60
        pm.start_servers = 2
        pm.min_spare_servers = 1
        pm.max_spare_servers = 10

        ; Needed to avoid clashes in browser cookies (same domain)
        php_value[session.name] = ToolsPHPSESSID
        php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
        '';
    };

    system.activationScripts = {
      ttrss = ttrss.activationScript;
      roundcubemail = roundcubemail.activationScript;
      wallabag = wallabag.activationScript;
      yourls = yourls.activationScript;
      rompr = rompr.activationScript;
      shaarli = shaarli.activationScript;
      dokuwiki = dokuwiki.activationScript;
      rainloop = rainloop.activationScript;
      kanboard = kanboard.activationScript;
    };

    system.extraSystemBuilderCmds = ''
      mkdir -p $out/webapps
      ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
      ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
      ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
      ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
      ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
      ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
      ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
      ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
      ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
      ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
      '';

    nixpkgs.overlays = [ (self: super: rec {
      ympd = super.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json);
    }) ];

    systemd.services.tt-rss = {
      description = "Tiny Tiny RSS feeds update daemon";
      serviceConfig = {
        User = "wwwrun";
        ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
        StandardOutput = "syslog";
        StandardError = "syslog";
        PermissionsStartOnly = true;
      };

      wantedBy = [ "multi-user.target" ];
      requires = ["postgresql.service"];
      after = ["network.target" "postgresql.service"];
    };

  };
}
Commit	Line	Data
9d90e7e2	1	{ lib, pkgs, config, myconfig, mylibs, ... }:
10889174 IB	2	let
10889174 IB	3	adminer = pkgs.callPackage ../../commons/adminer.nix {};
bfe3c9c9 IB	4	ympd = pkgs.callPackage ./ympd.nix {
	5	env = myconfig.env.tools.ympd;
	6	};
9d90e7e2 IB	7	ttrss = pkgs.callPackage ./ttrss.nix {
	8	inherit (mylibs) fetchedGithub fetchedGit;
	9	env = myconfig.env.tools.ttrss;
	10	};
8a2ccf84 IB	11	roundcubemail = pkgs.callPackage ./roundcubemail.nix {
	12	inherit (mylibs) fetchedGithub;
	13	env = myconfig.env.tools.roundcubemail;
	14	};
46f30ecc	15	rainloop = pkgs.callPackage ./rainloop.nix {};
d4ed0eff IB	16	kanboard = pkgs.callPackage ./kanboard.nix {
	17	inherit (mylibs) fetchedGithub;
	18	env = myconfig.env.tools.kanboard;
	19	};
9d90e7e2	20	wallabag = pkgs.callPackage ./wallabag.nix { env = myconfig.env.tools.wallabag; };
133ebaee IB	21	yourls = pkgs.callPackage ./yourls.nix {
	22	inherit (mylibs) fetchedGithub;
	23	env = myconfig.env.tools.yourls;
	24	};
bfe3c9c9 IB	25	rompr = pkgs.callPackage ./rompr.nix {
	26	inherit (mylibs) fetchedGithub;
	27	env = myconfig.env.tools.rompr;
	28	};
95b20e17 IB	29	shaarli = pkgs.callPackage ./shaarli.nix {
	30	env = myconfig.env.tools.shaarli;
	31	};
b892dcbe IB	32	dokuwiki = pkgs.callPackage ./dokuwiki.nix {
	33	inherit (mylibs) fetchedGithub;
	34	};
f80772dc IB	35	ldap = pkgs.callPackage ./ldap.nix {
	36	env = myconfig.env.tools.phpldapadmin;
	37	};
10889174 IB	38
	39	cfg = config.services.myWebsites.tools.tools;
	40	in {
	41	options.services.myWebsites.tools.tools = {
	42	enable = lib.mkEnableOption "enable tools website";
	43	};
	44
	45	config = lib.mkIf cfg.enable {
	46	security.acme.certs."eldiron".extraDomains."tools.immae.eu" = null;
46f30ecc IB	47	security.acme.certs."eldiron".extraDomains."devtools.immae.eu" = null;
46f30ecc IB	48
a840a21c IB	49	deployment.keys =
	50	kanboard.keys
	51	// ldap.keys
	52	// roundcubemail.keys
5f08b34c	53	// shaarli.keys
a840a21c IB	54	// ttrss.keys
	55	// wallabag.keys
	56	// yourls.keys;
98163486	57
46f30ecc IB	58	services.myWebsites.integration.modules =
46f30ecc IB	59	rainloop.apache.modules;
10889174 IB	60
10889174 IB	61	services.myWebsites.tools.modules =
1922655a IB	62	[ "proxy_fcgi" ]
1922655a IB	63	++ adminer.apache.modules
10889174 IB	64	++ ympd.apache.modules
10889174 IB	65	++ ttrss.apache.modules
aebd817b	66	++ roundcubemail.apache.modules
133ebaee	67	++ wallabag.apache.modules
bfe3c9c9	68	++ yourls.apache.modules
95b20e17	69	++ rompr.apache.modules
b892dcbe	70	++ shaarli.apache.modules
f80772dc	71	++ dokuwiki.apache.modules
d4ed0eff IB	72	++ ldap.apache.modules
d4ed0eff IB	73	++ kanboard.apache.modules;
10889174	74
bfe3c9c9	75	services.ympd = ympd.config // { enable = true; };
10889174	76
46f30ecc IB	77	services.myWebsites.integration.vhostConfs.devtools = {
	78	certName = "eldiron";
	79	hosts = ["devtools.immae.eu" ];
	80	root = null;
	81	extraConfig = [
	82	rainloop.apache.vhostConf
	83	];
	84	};
	85
10889174 IB	86	services.myWebsites.tools.vhostConfs.tools = {
	87	certName = "eldiron";
	88	hosts = ["tools.immae.eu" ];
1922655a	89	root = "/var/lib/ftp/tools.immae.eu";
10889174	90	extraConfig = [
1922655a IB	91	''
1922655a IB	92	<Directory "/var/lib/ftp/tools.immae.eu">
0eaac6ba	93	DirectoryIndex index.php index.htm index.html
1922655a IB	94	AllowOverride all
	95	Require all granted
	96	<FilesMatch "\.php$">
	97	SetHandler "proxy:unix:/var/run/phpfpm/tools.sock\|fcgi://localhost"
	98	</FilesMatch>
	99	</Directory>
	100	''
10889174 IB	101	adminer.apache.vhostConf
	102	ympd.apache.vhostConf
	103	ttrss.apache.vhostConf
	104	roundcubemail.apache.vhostConf
aebd817b	105	wallabag.apache.vhostConf
133ebaee	106	yourls.apache.vhostConf
bfe3c9c9	107	rompr.apache.vhostConf
95b20e17	108	shaarli.apache.vhostConf
b892dcbe	109	dokuwiki.apache.vhostConf
f80772dc	110	ldap.apache.vhostConf
d4ed0eff	111	kanboard.apache.vhostConf
10889174 IB	112	];
	113	};
	114
70606070 IB	115	security.acme.certs."eldiron".extraDomains."outils.immae.eu" = null;
	116	services.myWebsites.tools.vhostConfs.outils = {
	117	certName = "eldiron";
	118	hosts = [ "outils.immae.eu" ];
	119	root = null;
	120	extraConfig = [
	121	''
	122	RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
	123
	124	RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
	125
	126	RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
	127	RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
	128
	129	RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
	130	RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
	131	RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
	132	RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
	133
	134	RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
	135
	136	RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
	137	''
	138	];
	139	};
	140
5f08b34c IB	141	services.myPhpfpm.envFile = {
	142	shaarli = shaarli.phpFpm.envFile;
	143	};
	144
a840a21c IB	145	services.myPhpfpm.serviceDependencies = {
	146	dokuwiki = dokuwiki.phpFpm.serviceDeps;
	147	kanboard = kanboard.phpFpm.serviceDeps;
	148	ldap = ldap.phpFpm.serviceDeps;
	149	rainloop = rainloop.phpFpm.serviceDeps;
	150	roundcubemail = roundcubemail.phpFpm.serviceDeps;
5f08b34c	151	shaarli = shaarli.phpFpm.serviceDeps;
a840a21c IB	152	ttrss = ttrss.phpFpm.serviceDeps;
	153	wallabag = wallabag.phpFpm.serviceDeps;
	154	yourls = yourls.phpFpm.serviceDeps;
	155	};
	156
e2ca51b2	157	services.myPhpfpm.poolPhpConfigs.roundcubemail = roundcubemail.phpFpm.phpConfig;
10889174 IB	158	services.myPhpfpm.poolConfigs = {
	159	adminer = adminer.phpFpm.pool;
	160	ttrss = ttrss.phpFpm.pool;
	161	roundcubemail = roundcubemail.phpFpm.pool;
aebd817b	162	wallabag = wallabag.phpFpm.pool;
133ebaee	163	yourls = yourls.phpFpm.pool;
bfe3c9c9	164	rompr = rompr.phpFpm.pool;
95b20e17	165	shaarli = shaarli.phpFpm.pool;
b892dcbe	166	dokuwiki = dokuwiki.phpFpm.pool;
f80772dc	167	ldap = ldap.phpFpm.pool;
46f30ecc	168	rainloop = rainloop.phpFpm.pool;
d4ed0eff	169	kanboard = kanboard.phpFpm.pool;
1922655a IB	170	tools = ''
	171	listen = /var/run/phpfpm/tools.sock
	172	user = wwwrun
	173	group = wwwrun
	174	listen.owner = wwwrun
	175	listen.group = wwwrun
	176	pm = dynamic
	177	pm.max_children = 60
	178	pm.start_servers = 2
	179	pm.min_spare_servers = 1
	180	pm.max_spare_servers = 10
	181
	182	; Needed to avoid clashes in browser cookies (same domain)
	183	php_value[session.name] = ToolsPHPSESSID
	184	php_admin_value[open_basedir] = "/run/wrappers/bin/sendmail:/var/lib/ftp/tools.immae.eu:/tmp"
	185	'';
10889174 IB	186	};
	187
	188	system.activationScripts = {
	189	ttrss = ttrss.activationScript;
	190	roundcubemail = roundcubemail.activationScript;
aebd817b	191	wallabag = wallabag.activationScript;
133ebaee	192	yourls = yourls.activationScript;
bfe3c9c9	193	rompr = rompr.activationScript;
95b20e17	194	shaarli = shaarli.activationScript;
b892dcbe	195	dokuwiki = dokuwiki.activationScript;
46f30ecc	196	rainloop = rainloop.activationScript;
d4ed0eff	197	kanboard = kanboard.activationScript;
10889174 IB	198	};
10889174 IB	199
a95ab089 IB	200	system.extraSystemBuilderCmds = ''
	201	mkdir -p $out/webapps
	202	ln -s ${dokuwiki.webRoot} $out/webapps/${dokuwiki.apache.webappName}
	203	ln -s ${ldap.webRoot}/htdocs $out/webapps/${ldap.apache.webappName}
	204	ln -s ${rompr.webRoot} $out/webapps/${rompr.apache.webappName}
	205	ln -s ${roundcubemail.webRoot} $out/webapps/${roundcubemail.apache.webappName}
	206	ln -s ${shaarli.webRoot} $out/webapps/${shaarli.apache.webappName}
	207	ln -s ${ttrss.webRoot} $out/webapps/${ttrss.apache.webappName}
	208	ln -s ${wallabag.webRoot} $out/webapps/${wallabag.apache.webappName}
	209	ln -s ${yourls.webRoot} $out/webapps/${yourls.apache.webappName}
46f30ecc	210	ln -s ${rainloop.webRoot} $out/webapps/${rainloop.apache.webappName}
d4ed0eff	211	ln -s ${kanboard.webRoot} $out/webapps/${kanboard.apache.webappName}
a95ab089 IB	212	'';
a95ab089 IB	213
2368a4b7 IB	214	nixpkgs.overlays = [ (self: super: rec {
	215	ympd = super.ympd.overrideAttrs(old: mylibs.fetchedGithub ./ympd.json);
	216	}) ];
e229e6f2	217
10889174 IB	218	systemd.services.tt-rss = {
	219	description = "Tiny Tiny RSS feeds update daemon";
	220	serviceConfig = {
	221	User = "wwwrun";
	222	ExecStart = "${pkgs.php}/bin/php ${ttrss.webRoot}/update.php --daemon";
	223	StandardOutput = "syslog";
	224	StandardError = "syslog";
	225	PermissionsStartOnly = true;
	226	};
	227
	228	wantedBy = [ "multi-user.target" ];
	229	requires = ["postgresql.service"];
	230	after = ["network.target" "postgresql.service"];
	231	};
	232
	233	};
	234	}
	235