]>
Commit | Line | Data |
---|---|---|
1 | { lib, pkgs, config, ... }: | |
2 | let | |
3 | cfg = config.myServices.websites.immae.temp; | |
4 | varDir = "/var/lib/immae_temp"; | |
5 | env = config.myEnv.websites.immae.temp; | |
6 | in { | |
7 | options.myServices.websites.immae.temp.enable = lib.mkEnableOption "enable Temp' website"; | |
8 | ||
9 | config = lib.mkIf cfg.enable { | |
10 | services.duplyBackup.profiles.immae_temp.rootDir = varDir; | |
11 | services.duplyBackup.profiles.immae_temp_surfer.rootDir = "/var/lib/surfer"; | |
12 | services.websites.env.production.vhostConfs.immae_temp = { | |
13 | certName = "immae"; | |
14 | addToCerts = true; | |
15 | hosts = [ "temp.immae.eu" ]; | |
16 | root = null; | |
17 | extraConfig = [ '' | |
18 | ProxyVia On | |
19 | ProxyRequests Off | |
20 | ProxyPreserveHost On | |
21 | ProxyPass / unix:///run/surfer/listen.sock|http://temp.immae.eu/ | |
22 | ProxyPassReverse / unix:///run/surfer/listen.sock|http://temp.immae.eu/ | |
23 | <Proxy *> | |
24 | Options FollowSymLinks MultiViews | |
25 | AllowOverride None | |
26 | Require all granted | |
27 | </Proxy> | |
28 | '' ]; | |
29 | }; | |
30 | ||
31 | secrets.keys."webapps/surfer" = { | |
32 | permissions = "0400"; | |
33 | user = "wwwrun"; | |
34 | group = "wwwrun"; | |
35 | text = '' | |
36 | CLOUDRON_LDAP_URL=ldaps://${env.ldap.host} | |
37 | CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base} | |
38 | TOKENSTORE_FILE=/var/lib/surfer/tokens.json | |
39 | CLOUDRON_LDAP_BIND_DN=${env.ldap.dn} | |
40 | CLOUDRON_LDAP_BIND_PASSWORD=${env.ldap.password} | |
41 | CLOUDRON_LDAP_USERS_BASE_DN=${env.ldap.base} | |
42 | CLOUDRON_LDAP_FILTER="${env.ldap.filter}" | |
43 | LISTEN=/run/surfer/listen.sock | |
44 | ''; | |
45 | }; | |
46 | ||
47 | systemd.services.surfer = { | |
48 | description = "Surfer"; | |
49 | wantedBy = [ "multi-user.target" ]; | |
50 | after = [ "network.target" ]; | |
51 | ||
52 | script = '' | |
53 | exec ${pkgs.webapps.surfer}/bin/surfer-server ${varDir} | |
54 | ''; | |
55 | serviceConfig = { | |
56 | EnvironmentFile = config.secrets.fullPaths."webapps/surfer"; | |
57 | User = "wwwrun"; | |
58 | Group = "wwwrun"; | |
59 | StateDirectory = "surfer"; | |
60 | RuntimeDirectory = "surfer"; | |
61 | Type = "simple"; | |
62 | }; | |
63 | }; | |
64 | }; | |
65 | } | |
66 |