| | 1 | { lib, pkgs, config, mypackages-lib, grocy, ... }: |
| | 2 | let |
| | 3 | composerEnv = mypackages-lib.composerEnv; |
| | 4 | adminer = pkgs.callPackage ./adminer.nix { inherit config; }; |
| | 5 | ympd = pkgs.callPackage ./ympd.nix { |
| | 6 | env = config.myEnv.tools.ympd; |
| | 7 | inherit config; |
| | 8 | }; |
| | 9 | ttrss = pkgs.callPackage ./ttrss.nix { |
| | 10 | ttrss = pkgs.webapps-ttrss; |
| | 11 | ttrss-plugins = pkgs.webapps-ttrss-plugins; |
| | 12 | env = config.myEnv.tools.ttrss; |
| | 13 | php = pkgs.php72; |
| | 14 | inherit config; |
| | 15 | }; |
| | 16 | kanboard = pkgs.callPackage ./kanboard.nix { |
| | 17 | inherit config; |
| | 18 | env = config.myEnv.tools.kanboard; |
| | 19 | }; |
| | 20 | wallabag = pkgs.callPackage ./wallabag.nix { |
| | 21 | wallabag = pkgs.webapps-wallabag.override { |
| | 22 | composerEnv = composerEnv.override { |
| | 23 | php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]); |
| | 24 | }; |
| | 25 | }; |
| | 26 | env = config.myEnv.tools.wallabag; |
| | 27 | inherit config; |
| | 28 | }; |
| | 29 | yourls = pkgs.callPackage ./yourls.nix { |
| | 30 | yourls = pkgs.webapps-yourls; |
| | 31 | yourls-plugins = pkgs.webapps-yourls-plugins; |
| | 32 | env = config.myEnv.tools.yourls; |
| | 33 | inherit config; |
| | 34 | }; |
| | 35 | rompr = pkgs.callPackage ./rompr.nix { |
| | 36 | rompr = pkgs.webapps-rompr; |
| | 37 | env = config.myEnv.tools.rompr; |
| | 38 | inherit config; |
| | 39 | }; |
| | 40 | shaarli = pkgs.callPackage ./shaarli.nix { |
| | 41 | env = config.myEnv.tools.shaarli; |
| | 42 | inherit config; |
| | 43 | }; |
| | 44 | dokuwiki = pkgs.callPackage ./dokuwiki.nix { |
| | 45 | dokuwiki = pkgs.webapps-dokuwiki; |
| | 46 | dokuwiki-plugins = pkgs.webapps-dokuwiki-plugins; |
| | 47 | inherit config; |
| | 48 | }; |
| | 49 | ldap = pkgs.callPackage ./ldap.nix { |
| | 50 | phpldapadmin = pkgs.webapps-phpldapadmin; |
| | 51 | env = config.myEnv.tools.phpldapadmin; |
| | 52 | inherit config; |
| | 53 | }; |
| | 54 | grocy' = pkgs.callPackage ./grocy.nix { |
| | 55 | grocy = grocy.override { composerEnv = composerEnv.override { php = pkgs.php72; }; }; |
| | 56 | }; |
| | 57 | phpbb = pkgs.callPackage ./phpbb.nix { |
| | 58 | phpbb = (pkgs.webapps-phpbb.withLangs (l: [ l.fr ])).withExts (e: [ |
| | 59 | e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat |
| | 60 | e.empteintesduweb.monitoranswers e.lr94.autosubscribe |
| | 61 | e.phpbbmodders.adduser ]); |
| | 62 | }; |
| | 63 | webhooks-bin-env = pkgs.buildEnv { |
| | 64 | name = "webhook-env"; |
| | 65 | paths = [ pkgs.apprise ]; |
| | 66 | pathsToLink = [ "/bin" ]; |
| | 67 | }; |
| | 68 | webhooks = pkgs.callPackage ./webhooks.nix { |
| | 69 | env = config.myEnv.tools.webhooks; |
| | 70 | binEnv = webhooks-bin-env; |
| | 71 | }; |
| | 72 | dmarc-reports = pkgs.callPackage ./dmarc_reports.nix { |
| | 73 | env = config.myEnv.tools.dmarc_reports; |
| | 74 | inherit config; |
| | 75 | }; |
| | 76 | |
| | 77 | landing = pkgs.callPackage ./landing.nix { }; |
| | 78 | |
| | 79 | matrix = pkgs.element-web.override { |
| | 80 | conf = { |
| | 81 | default_server_config."m.homeserver" = { |
| | 82 | base_url = "https://synapse.immae.eu"; |
| | 83 | server_name = "immae.eu"; |
| | 84 | }; |
| | 85 | default_server_config."m.identity_server" = { |
| | 86 | base_url = "https://vector.im"; |
| | 87 | }; |
| | 88 | room_directory.servers = [ "immae.eu" "matrix.org" ]; |
| | 89 | }; |
| | 90 | }; |
| | 91 | |
| | 92 | cfg = config.myServices.websites.tools.tools; |
| | 93 | pcfg = config.services.phpfpm.pools; |
| | 94 | in { |
| | 95 | options.myServices.websites.tools.tools = { |
| | 96 | enable = lib.mkEnableOption "enable tools website"; |
| | 97 | }; |
| | 98 | |
| | 99 | config = lib.mkIf cfg.enable { |
| | 100 | # Services needing to send e-mails |
| | 101 | myServices.dns.zones."immae.eu".emailPolicies."tools".receive = true; |
| | 102 | myServices.dns.zones."immae.eu".subdomains = |
| | 103 | with config.myServices.dns.helpers; |
| | 104 | { |
| | 105 | outils = ips servers.eldiron.ips.main; |
| | 106 | tools = lib.mkMerge [ |
| | 107 | (mailCommon "immae.eu" true) |
| | 108 | mailSend |
| | 109 | (ips servers.eldiron.ips.main) |
| | 110 | ]; |
| | 111 | synapse = ips servers.zoldene.ips.main; |
| | 112 | }; |
| | 113 | |
| | 114 | services.borgBackup.profiles.global.ignoredPaths = [ |
| | 115 | "duply" |
| | 116 | "kanboard" |
| | 117 | "ntfy" |
| | 118 | ]; |
| | 119 | services.borgBackup.profiles.global.includedPaths = [ |
| | 120 | "paste" |
| | 121 | "dokuwiki/conf" |
| | 122 | "dokuwiki/data" |
| | 123 | "phpbb" |
| | 124 | "shaarli/cache" |
| | 125 | "shaarli/pagecache" |
| | 126 | "shaarli/tmp" |
| | 127 | ]; |
| | 128 | |
| | 129 | myServices.chatonsProperties.services = { |
| | 130 | adminer = adminer.chatonsProperties; |
| | 131 | dokuwiki = dokuwiki.chatonsProperties; |
| | 132 | shaarli = shaarli.chatonsProperties; |
| | 133 | ttrss = ttrss.chatonsProperties; |
| | 134 | wallabag = wallabag.chatonsProperties; |
| | 135 | paste = { |
| | 136 | file.datetime = "2022-08-22T00:15:00"; |
| | 137 | service = { |
| | 138 | name = "Paste"; |
| | 139 | description = "A simple paster script with syntax highlight"; |
| | 140 | website = "https://tools.immae.eu/paste/"; |
| | 141 | logo = "https://assets.immae.eu/logo.jpg"; |
| | 142 | status.level = "OK"; |
| | 143 | status.description = "OK"; |
| | 144 | registration."" = ["MEMBER" "CLIENT"]; |
| | 145 | registration.load = "OPEN"; |
| | 146 | install.type = "PACKAGE"; |
| | 147 | guide.user = "https://tools.immae.eu/paste/"; |
| | 148 | }; |
| | 149 | software = { |
| | 150 | name = "Paste"; |
| | 151 | website = "https://tools.immae.eu/paste/"; |
| | 152 | license.url = "https://tools.immae.eu/paste/license"; |
| | 153 | license.name = "MIT License"; |
| | 154 | version = "Unversioned"; |
| | 155 | source.url = "https://tools.immae.eu/paste/abcd123/py"; |
| | 156 | }; |
| | 157 | }; |
| | 158 | }; |
| | 159 | myServices.chatonsProperties.hostings = { |
| | 160 | dokuwiki = dokuwiki.chatonsHostingProperties; |
| | 161 | phpbb = phpbb.chatonsHostingProperties; |
| | 162 | }; |
| | 163 | secrets.keys = |
| | 164 | kanboard.keys |
| | 165 | // ldap.keys |
| | 166 | // shaarli.keys |
| | 167 | // ttrss.keys |
| | 168 | // wallabag.keys |
| | 169 | // yourls.keys |
| | 170 | // dmarc-reports.keys |
| | 171 | // webhooks.keys |
| | 172 | // ({ "webapps/tools-landing-sql-rw" = { |
| | 173 | user = "wwwrun"; |
| | 174 | group = "wwwrun"; |
| | 175 | permissions = "0400"; |
| | 176 | text = let |
| | 177 | env = config.myEnv.tools.landing; |
| | 178 | in '' |
| | 179 | SetEnv PGUSER "${env.postgresql.user}" |
| | 180 | SetEnv PGPASSWORD "${env.postgresql.password}" |
| | 181 | SetEnv PGDATABASE "${env.postgresql.database}" |
| | 182 | SetEnv PGHOST "${env.postgresql.socket}" |
| | 183 | ''; |
| | 184 | }; }); |
| | 185 | services.websites.env.tools.modules = |
| | 186 | [ "proxy_fcgi" ] |
| | 187 | ++ adminer.apache.modules |
| | 188 | ++ ympd.apache.modules |
| | 189 | ++ ttrss.apache.modules |
| | 190 | ++ wallabag.apache.modules |
| | 191 | ++ yourls.apache.modules |
| | 192 | ++ rompr.apache.modules |
| | 193 | ++ shaarli.apache.modules |
| | 194 | ++ dokuwiki.apache.modules |
| | 195 | ++ dmarc-reports.apache.modules |
| | 196 | ++ phpbb.apache.modules |
| | 197 | ++ ldap.apache.modules |
| | 198 | ++ kanboard.apache.modules; |
| | 199 | |
| | 200 | myServices.dns.zones."immae.dev" = with config.myServices.dns.helpers; { |
| | 201 | subdomains.tools = ips servers.eldiron.ips.integration; |
| | 202 | }; |
| | 203 | security.acme.certs.integration.domain = "tools.immae.dev"; |
| | 204 | services.websites.env.integration.vhostConfs.devtools = { |
| | 205 | certName = "integration"; |
| | 206 | hosts = [ "tools.immae.dev" ]; |
| | 207 | root = "/var/lib/ftp/immae/devtools"; |
| | 208 | extraConfig = [ |
| | 209 | '' |
| | 210 | Use Apaxy "/var/lib/ftp/immae/devtools" "title" |
| | 211 | Timeout 600 |
| | 212 | ProxyTimeout 600 |
| | 213 | Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}" |
| | 214 | <Directory "/var/lib/ftp/immae/devtools"> |
| | 215 | DirectoryIndex index.php index.htm index.html |
| | 216 | AllowOverride all |
| | 217 | Require all granted |
| | 218 | <FilesMatch "\.php$"> |
| | 219 | SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost" |
| | 220 | </FilesMatch> |
| | 221 | </Directory> |
| | 222 | '' |
| | 223 | ]; |
| | 224 | }; |
| | 225 | |
| | 226 | |
| | 227 | security.acme.certs.eldiron.extraDomainNames = [ "outils.immae.eu" "tools.immae.eu" ]; |
| | 228 | services.websites.env.tools.vhostConfs.tools = { |
| | 229 | certName = "eldiron"; |
| | 230 | hosts = ["tools.immae.eu" ]; |
| | 231 | root = landing; |
| | 232 | extraConfig = [ |
| | 233 | '' |
| | 234 | RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1 |
| | 235 | RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1 |
| | 236 | RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse |
| | 237 | |
| | 238 | <Directory "${landing}"> |
| | 239 | Include ${config.secrets.fullPaths."webapps/tools-landing-sql-rw"} |
| | 240 | DirectoryIndex index.html |
| | 241 | AllowOverride None |
| | 242 | Require all granted |
| | 243 | |
| | 244 | <FilesMatch "\.php$"> |
| | 245 | SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost" |
| | 246 | </FilesMatch> |
| | 247 | </Directory> |
| | 248 | '' |
| | 249 | (adminer.apache.vhostConf pcfg.adminer.socket) |
| | 250 | ympd.apache.vhostConf |
| | 251 | (ttrss.apache.vhostConf pcfg.ttrss.socket) |
| | 252 | (wallabag.apache.vhostConf pcfg.wallabag.socket) |
| | 253 | (yourls.apache.vhostConf pcfg.yourls.socket) |
| | 254 | (rompr.apache.vhostConf pcfg.rompr.socket) |
| | 255 | (shaarli.apache.vhostConf pcfg.shaarli.socket) |
| | 256 | (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket) |
| | 257 | (ldap.apache.vhostConf pcfg.ldap.socket) |
| | 258 | (kanboard.apache.vhostConf pcfg.kanboard.socket) |
| | 259 | (grocy'.apache.vhostConf pcfg.grocy.socket) |
| | 260 | (phpbb.apache.vhostConf pcfg.phpbb.socket) |
| | 261 | (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket) |
| | 262 | '' |
| | 263 | <Location "/paste/"> |
| | 264 | ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/ |
| | 265 | ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/ |
| | 266 | ProxyPreserveHost on |
| | 267 | </Location> |
| | 268 | <Location "/paste"> |
| | 269 | ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/ |
| | 270 | ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/ |
| | 271 | ProxyPreserveHost on |
| | 272 | </Location> |
| | 273 | |
| | 274 | <Location "/ntfy/"> |
| | 275 | SetEnv proxy-nokeepalive 1 |
| | 276 | SetEnv proxy-sendchunked 1 |
| | 277 | LimitRequestBody 102400 |
| | 278 | |
| | 279 | RewriteEngine On |
| | 280 | |
| | 281 | # FIXME: why is landing prefixed in the url? |
| | 282 | RewriteCond %{HTTP:Upgrade} websocket [NC] |
| | 283 | RewriteCond %{HTTP:Connection} upgrade [NC] |
| | 284 | RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|ws://tools.immae.eu/$2 [P,NE,QSA,L] |
| | 285 | |
| | 286 | RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|http://tools.immae.eu/$2 [P,NE,QSA,L] |
| | 287 | </Location> |
| | 288 | Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39 |
| | 289 | <Directory "/var/lib/buildbot/outputs/immae/bip39"> |
| | 290 | DirectoryIndex index.html |
| | 291 | AllowOverride None |
| | 292 | Require all granted |
| | 293 | </Directory> |
| | 294 | |
| | 295 | Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"} |
| | 296 | <Directory "${config.secrets.fullPaths."webapps/webhooks"}"> |
| | 297 | Options -Indexes |
| | 298 | DirectoryIndex index.php |
| | 299 | Require all granted |
| | 300 | AllowOverride None |
| | 301 | <FilesMatch "\.php$"> |
| | 302 | SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost" |
| | 303 | </FilesMatch> |
| | 304 | </Directory> |
| | 305 | |
| | 306 | Alias /matrix ${matrix} |
| | 307 | <Directory "${matrix}"> |
| | 308 | DirectoryIndex index.html |
| | 309 | AllowOverride None |
| | 310 | Require all granted |
| | 311 | </Directory> |
| | 312 | '' |
| | 313 | ]; |
| | 314 | }; |
| | 315 | |
| | 316 | services.websites.env.tools.vhostConfs.outils = { |
| | 317 | certName = "eldiron"; |
| | 318 | hosts = [ "outils.immae.eu" ]; |
| | 319 | root = null; |
| | 320 | extraConfig = [ |
| | 321 | '' |
| | 322 | RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1 |
| | 323 | |
| | 324 | RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1 |
| | 325 | |
| | 326 | RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1 |
| | 327 | RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1 |
| | 328 | |
| | 329 | RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1 |
| | 330 | RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1 |
| | 331 | RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1 |
| | 332 | RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1 |
| | 333 | |
| | 334 | RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1 |
| | 335 | |
| | 336 | RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1 |
| | 337 | |
| | 338 | RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse |
| | 339 | |
| | 340 | RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1 |
| | 341 | |
| | 342 | RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1 |
| | 343 | '' |
| | 344 | ]; |
| | 345 | }; |
| | 346 | |
| | 347 | systemd.services = { |
| | 348 | phpfpm-dokuwiki = { |
| | 349 | after = lib.mkAfter dokuwiki.phpFpm.serviceDeps; |
| | 350 | wants = dokuwiki.phpFpm.serviceDeps; |
| | 351 | }; |
| | 352 | phpfpm-phpbb = { |
| | 353 | after = lib.mkAfter phpbb.phpFpm.serviceDeps; |
| | 354 | wants = phpbb.phpFpm.serviceDeps; |
| | 355 | }; |
| | 356 | phpfpm-kanboard = { |
| | 357 | after = lib.mkAfter kanboard.phpFpm.serviceDeps; |
| | 358 | wants = kanboard.phpFpm.serviceDeps; |
| | 359 | }; |
| | 360 | phpfpm-ldap = { |
| | 361 | after = lib.mkAfter ldap.phpFpm.serviceDeps; |
| | 362 | wants = ldap.phpFpm.serviceDeps; |
| | 363 | }; |
| | 364 | phpfpm-shaarli = { |
| | 365 | after = lib.mkAfter shaarli.phpFpm.serviceDeps; |
| | 366 | wants = shaarli.phpFpm.serviceDeps; |
| | 367 | }; |
| | 368 | phpfpm-ttrss = { |
| | 369 | after = lib.mkAfter ttrss.phpFpm.serviceDeps; |
| | 370 | wants = ttrss.phpFpm.serviceDeps; |
| | 371 | }; |
| | 372 | phpfpm-wallabag = { |
| | 373 | after = lib.mkAfter wallabag.phpFpm.serviceDeps; |
| | 374 | wants = wallabag.phpFpm.serviceDeps; |
| | 375 | preStart = lib.mkAfter wallabag.phpFpm.preStart; |
| | 376 | }; |
| | 377 | phpfpm-yourls = { |
| | 378 | after = lib.mkAfter yourls.phpFpm.serviceDeps; |
| | 379 | wants = yourls.phpFpm.serviceDeps; |
| | 380 | }; |
| | 381 | ntfy = { |
| | 382 | description = "send push notifications to your phone or desktop via scripts from any computer"; |
| | 383 | wantedBy = [ "multi-user.target" ]; |
| | 384 | serviceConfig = { |
| | 385 | ExecStart = "${pkgs.ntfy-sh}/bin/ntfy serve --listen-http '' --listen-unix %t/ntfy/ntfy.sock --cache-file %S/ntfy/cache.db --cache-duration 120h --behind-proxy --attachment-cache-dir %S/ntfy/attachments --base-url https://tools.immae.eu/ntfy"; |
| | 386 | Type = "simple"; |
| | 387 | WorkingDirectory = "%S/ntfy"; |
| | 388 | RuntimeDirectory = "ntfy"; |
| | 389 | StateDirectory = "ntfy"; |
| | 390 | User = "wwwrun"; |
| | 391 | }; |
| | 392 | }; |
| | 393 | ympd = { |
| | 394 | description = "Standalone MPD Web GUI written in C"; |
| | 395 | wantedBy = [ "multi-user.target" ]; |
| | 396 | script = '' |
| | 397 | export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"}) |
| | 398 | ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody |
| | 399 | ''; |
| | 400 | }; |
| | 401 | tt-rss = { |
| | 402 | description = "Tiny Tiny RSS feeds update daemon"; |
| | 403 | serviceConfig = { |
| | 404 | User = "wwwrun"; |
| | 405 | ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon"; |
| | 406 | StandardOutput = "syslog"; |
| | 407 | StandardError = "syslog"; |
| | 408 | PermissionsStartOnly = true; |
| | 409 | }; |
| | 410 | |
| | 411 | wantedBy = [ "multi-user.target" ]; |
| | 412 | requires = ["postgresql.service"]; |
| | 413 | after = ["network.target" "postgresql.service"]; |
| | 414 | }; |
| | 415 | }; |
| | 416 | |
| | 417 | services.filesWatcher.ympd = { |
| | 418 | restart = true; |
| | 419 | paths = [ config.secrets.fullPaths."mpd" ]; |
| | 420 | }; |
| | 421 | |
| | 422 | services.paste = { |
| | 423 | enable = true; |
| | 424 | webDirectory = "/paste"; |
| | 425 | }; |
| | 426 | |
| | 427 | services.phpfpm.pools = { |
| | 428 | tools = { |
| | 429 | user = "wwwrun"; |
| | 430 | group = "wwwrun"; |
| | 431 | settings = { |
| | 432 | "listen.owner" = "wwwrun"; |
| | 433 | "listen.group" = "wwwrun"; |
| | 434 | "pm" = "dynamic"; |
| | 435 | "pm.max_children" = "60"; |
| | 436 | "pm.start_servers" = "2"; |
| | 437 | "pm.min_spare_servers" = "1"; |
| | 438 | "pm.max_spare_servers" = "10"; |
| | 439 | |
| | 440 | "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i"; |
| | 441 | "php_admin_value[session.save_handler]" = "redis"; |
| | 442 | "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Tools:'"; |
| | 443 | # Needed to avoid clashes in browser cookies (same domain) |
| | 444 | "php_value[session.name]" = "ToolsPHPSESSID"; |
| | 445 | "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [ |
| | 446 | "/run/wrappers/bin/sendmail" landing "/tmp" |
| | 447 | config.secrets.fullPaths."webapps/webhooks" |
| | 448 | "${webhooks-bin-env}/bin" |
| | 449 | ]; |
| | 450 | }; |
| | 451 | phpEnv = { |
| | 452 | CONTACT_EMAIL = config.myEnv.tools.contact; |
| | 453 | }; |
| | 454 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]); |
| | 455 | }; |
| | 456 | devtools = { |
| | 457 | user = "wwwrun"; |
| | 458 | group = "wwwrun"; |
| | 459 | settings = { |
| | 460 | "listen.owner" = "wwwrun"; |
| | 461 | "listen.group" = "wwwrun"; |
| | 462 | "pm" = "dynamic"; |
| | 463 | "pm.max_children" = "60"; |
| | 464 | "pm.start_servers" = "2"; |
| | 465 | "pm.min_spare_servers" = "1"; |
| | 466 | "pm.max_spare_servers" = "10"; |
| | 467 | |
| | 468 | "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i"; |
| | 469 | "php_admin_value[session.save_handler]" = "redis"; |
| | 470 | "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Devtools:'"; |
| | 471 | "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp"; |
| | 472 | }; |
| | 473 | phpPackage = pkgs.php82.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.sqlite3 all.redis all.apcu all.opcache ]); |
| | 474 | }; |
| | 475 | adminer = adminer.phpFpm; |
| | 476 | ttrss = { |
| | 477 | user = "wwwrun"; |
| | 478 | group = "wwwrun"; |
| | 479 | settings = ttrss.phpFpm.pool; |
| | 480 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); |
| | 481 | }; |
| | 482 | wallabag = { |
| | 483 | user = "wwwrun"; |
| | 484 | group = "wwwrun"; |
| | 485 | settings = wallabag.phpFpm.pool; |
| | 486 | phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy all.redis]); |
| | 487 | }; |
| | 488 | yourls = { |
| | 489 | user = "wwwrun"; |
| | 490 | group = "wwwrun"; |
| | 491 | settings = yourls.phpFpm.pool; |
| | 492 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); |
| | 493 | }; |
| | 494 | rompr = { |
| | 495 | user = "wwwrun"; |
| | 496 | group = "wwwrun"; |
| | 497 | settings = rompr.phpFpm.pool; |
| | 498 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); |
| | 499 | }; |
| | 500 | shaarli = { |
| | 501 | user = "wwwrun"; |
| | 502 | group = "wwwrun"; |
| | 503 | settings = shaarli.phpFpm.pool; |
| | 504 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); |
| | 505 | }; |
| | 506 | dmarc-reports = { |
| | 507 | user = "wwwrun"; |
| | 508 | group = "wwwrun"; |
| | 509 | settings = dmarc-reports.phpFpm.pool; |
| | 510 | phpEnv = dmarc-reports.phpFpm.phpEnv; |
| | 511 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); |
| | 512 | }; |
| | 513 | dokuwiki = { |
| | 514 | user = "wwwrun"; |
| | 515 | group = "wwwrun"; |
| | 516 | settings = dokuwiki.phpFpm.pool; |
| | 517 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); |
| | 518 | }; |
| | 519 | phpbb = { |
| | 520 | user = "wwwrun"; |
| | 521 | group = "wwwrun"; |
| | 522 | settings = phpbb.phpFpm.pool; |
| | 523 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); |
| | 524 | }; |
| | 525 | ldap = { |
| | 526 | user = "wwwrun"; |
| | 527 | group = "wwwrun"; |
| | 528 | settings = ldap.phpFpm.pool; |
| | 529 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); |
| | 530 | }; |
| | 531 | kanboard = { |
| | 532 | user = "wwwrun"; |
| | 533 | group = "wwwrun"; |
| | 534 | settings = kanboard.phpFpm.pool; |
| | 535 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); |
| | 536 | }; |
| | 537 | grocy = { |
| | 538 | user = "wwwrun"; |
| | 539 | group = "wwwrun"; |
| | 540 | settings = grocy'.phpFpm.pool; |
| | 541 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); |
| | 542 | }; |
| | 543 | }; |
| | 544 | |
| | 545 | system.activationScripts = { |
| | 546 | grocy = grocy'.activationScript; |
| | 547 | ttrss = ttrss.activationScript; |
| | 548 | wallabag = wallabag.activationScript; |
| | 549 | rompr = rompr.activationScript; |
| | 550 | shaarli = shaarli.activationScript; |
| | 551 | dokuwiki = dokuwiki.activationScript; |
| | 552 | phpbb = phpbb.activationScript; |
| | 553 | kanboard = kanboard.activationScript; |
| | 554 | }; |
| | 555 | |
| | 556 | services.websites.env.tools.watchPaths = [ |
| | 557 | config.secrets.fullPaths."webapps/tools-shaarli" |
| | 558 | ]; |
| | 559 | services.filesWatcher.phpfpm-wallabag = { |
| | 560 | restart = true; |
| | 561 | paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ]; |
| | 562 | }; |
| | 563 | |
| | 564 | myServices.monitoring.fromMasterActivatedPlugins = lib.mkMerge [ |
| | 565 | ttrss.monitoringPlugins |
| | 566 | rompr.monitoringPlugins |
| | 567 | wallabag.monitoringPlugins |
| | 568 | yourls.monitoringPlugins |
| | 569 | ympd.monitoringPlugins |
| | 570 | dokuwiki.monitoringPlugins |
| | 571 | shaarli.monitoringPlugins |
| | 572 | ldap.monitoringPlugins |
| | 573 | adminer.monitoringPlugins |
| | 574 | ]; |
| | 575 | myServices.monitoring.fromMasterObjects = lib.mkMerge [ |
| | 576 | ttrss.monitoringObjects |
| | 577 | rompr.monitoringObjects |
| | 578 | wallabag.monitoringObjects |
| | 579 | yourls.monitoringObjects |
| | 580 | ympd.monitoringObjects |
| | 581 | dokuwiki.monitoringObjects |
| | 582 | shaarli.monitoringObjects |
| | 583 | ldap.monitoringObjects |
| | 584 | adminer.monitoringObjects |
| | 585 | ]; |
| | 586 | }; |
| | 587 | } |
| | 588 | |
projects / perso / Immae / Config / Nix.git / blame_incremental