]> git.immae.eu Git - perso/Immae/Config/Nix.git/blame_incremental - systems/eldiron/websites/tools/default.nix
Bump homer
[perso/Immae/Config/Nix.git] / systems / eldiron / websites / tools / default.nix
... / ...
CommitLineData
1{ lib, pkgs, config, mypackages-lib, grocy, ... }:
2let
3 composerEnv = mypackages-lib.composerEnv;
4 adminer = pkgs.callPackage ./adminer.nix { inherit config; };
5 ympd = pkgs.callPackage ./ympd.nix {
6 env = config.myEnv.tools.ympd;
7 inherit config;
8 };
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 ttrss = pkgs.webapps-ttrss;
11 ttrss-plugins = pkgs.webapps-ttrss-plugins;
12 env = config.myEnv.tools.ttrss;
13 php = pkgs.php72;
14 inherit config;
15 };
16 kanboard = pkgs.callPackage ./kanboard.nix {
17 inherit config;
18 env = config.myEnv.tools.kanboard;
19 };
20 wallabag = pkgs.callPackage ./wallabag.nix {
21 wallabag = pkgs.webapps-wallabag.override {
22 composerEnv = composerEnv.override {
23 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
24 };
25 };
26 env = config.myEnv.tools.wallabag;
27 inherit config;
28 };
29 yourls = pkgs.callPackage ./yourls.nix {
30 yourls = pkgs.webapps-yourls;
31 yourls-plugins = pkgs.webapps-yourls-plugins;
32 env = config.myEnv.tools.yourls;
33 inherit config;
34 };
35 rompr = pkgs.callPackage ./rompr.nix {
36 rompr = pkgs.webapps-rompr;
37 env = config.myEnv.tools.rompr;
38 inherit config;
39 };
40 shaarli = pkgs.callPackage ./shaarli.nix {
41 env = config.myEnv.tools.shaarli;
42 inherit config;
43 };
44 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
45 dokuwiki = pkgs.webapps-dokuwiki;
46 dokuwiki-plugins = pkgs.webapps-dokuwiki-plugins;
47 inherit config;
48 };
49 ldap = pkgs.callPackage ./ldap.nix {
50 phpldapadmin = pkgs.webapps-phpldapadmin;
51 env = config.myEnv.tools.phpldapadmin;
52 inherit config;
53 };
54 grocy' = pkgs.callPackage ./grocy.nix {
55 grocy = grocy.override { composerEnv = composerEnv.override { php = pkgs.php72; }; };
56 };
57 phpbb = pkgs.callPackage ./phpbb.nix {
58 phpbb = (pkgs.webapps-phpbb.withLangs (l: [ l.fr ])).withExts (e: [
59 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
60 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
61 e.phpbbmodders.adduser ]);
62 };
63 webhooks-bin-env = pkgs.buildEnv {
64 name = "webhook-env";
65 paths = [ pkgs.apprise ];
66 pathsToLink = [ "/bin" ];
67 };
68 webhooks = pkgs.callPackage ./webhooks.nix {
69 env = config.myEnv.tools.webhooks;
70 binEnv = webhooks-bin-env;
71 };
72 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
73 env = config.myEnv.tools.dmarc_reports;
74 inherit config;
75 };
76
77 landing = pkgs.callPackage ./landing.nix { };
78
79 matrix = pkgs.element-web.override {
80 conf = {
81 default_server_config."m.homeserver" = {
82 base_url = "https://synapse.immae.eu";
83 server_name = "immae.eu";
84 };
85 default_server_config."m.identity_server" = {
86 base_url = "https://vector.im";
87 };
88 room_directory.servers = [ "immae.eu" "matrix.org" ];
89 };
90 };
91
92 cfg = config.myServices.websites.tools.tools;
93 pcfg = config.services.phpfpm.pools;
94in {
95 options.myServices.websites.tools.tools = {
96 enable = lib.mkEnableOption "enable tools website";
97 };
98
99 config = lib.mkIf cfg.enable {
100 # Services needing to send e-mails
101 myServices.dns.zones."immae.eu".emailPolicies."tools".receive = true;
102 myServices.dns.zones."immae.eu".subdomains =
103 with config.myServices.dns.helpers;
104 {
105 outils = ips servers.eldiron.ips.main;
106 tools = lib.mkMerge [
107 (mailCommon "immae.eu" true)
108 mailSend
109 (ips servers.eldiron.ips.main)
110 ];
111 };
112
113 services.borgBackup.profiles.global.ignoredPaths = [
114 "duply"
115 "kanboard"
116 "ntfy"
117 ];
118 services.borgBackup.profiles.global.includedPaths = [
119 "paste"
120 "dokuwiki/conf"
121 "dokuwiki/data"
122 "phpbb"
123 "shaarli/cache"
124 "shaarli/pagecache"
125 "shaarli/tmp"
126 ];
127
128 myServices.chatonsProperties.services = {
129 adminer = adminer.chatonsProperties;
130 dokuwiki = dokuwiki.chatonsProperties;
131 shaarli = shaarli.chatonsProperties;
132 ttrss = ttrss.chatonsProperties;
133 wallabag = wallabag.chatonsProperties;
134 paste = {
135 file.datetime = "2022-08-22T00:15:00";
136 service = {
137 name = "Paste";
138 description = "A simple paster script with syntax highlight";
139 website = "https://tools.immae.eu/paste/";
140 logo = "https://assets.immae.eu/logo.jpg";
141 status.level = "OK";
142 status.description = "OK";
143 registration."" = ["MEMBER" "CLIENT"];
144 registration.load = "OPEN";
145 install.type = "PACKAGE";
146 guide.user = "https://tools.immae.eu/paste/";
147 };
148 software = {
149 name = "Paste";
150 website = "https://tools.immae.eu/paste/";
151 license.url = "https://tools.immae.eu/paste/license";
152 license.name = "MIT License";
153 version = "Unversioned";
154 source.url = "https://tools.immae.eu/paste/abcd123/py";
155 };
156 };
157 };
158 myServices.chatonsProperties.hostings = {
159 dokuwiki = dokuwiki.chatonsHostingProperties;
160 phpbb = phpbb.chatonsHostingProperties;
161 };
162 secrets.keys =
163 kanboard.keys
164 // ldap.keys
165 // shaarli.keys
166 // ttrss.keys
167 // wallabag.keys
168 // yourls.keys
169 // dmarc-reports.keys
170 // webhooks.keys
171 // ({ "webapps/tools-landing-sql-rw" = {
172 user = "wwwrun";
173 group = "wwwrun";
174 permissions = "0400";
175 text = let
176 env = config.myEnv.tools.landing;
177 in ''
178 SetEnv PGUSER "${env.postgresql.user}"
179 SetEnv PGPASSWORD "${env.postgresql.password}"
180 SetEnv PGDATABASE "${env.postgresql.database}"
181 SetEnv PGHOST "${env.postgresql.socket}"
182 '';
183 }; });
184 services.websites.env.tools.modules =
185 [ "proxy_fcgi" ]
186 ++ adminer.apache.modules
187 ++ ympd.apache.modules
188 ++ ttrss.apache.modules
189 ++ wallabag.apache.modules
190 ++ yourls.apache.modules
191 ++ rompr.apache.modules
192 ++ shaarli.apache.modules
193 ++ dokuwiki.apache.modules
194 ++ dmarc-reports.apache.modules
195 ++ phpbb.apache.modules
196 ++ ldap.apache.modules
197 ++ kanboard.apache.modules;
198
199 myServices.dns.zones."immae.dev" = with config.myServices.dns.helpers; {
200 subdomains.tools = ips servers.eldiron.ips.integration;
201 };
202 security.acme.certs.integration.domain = "tools.immae.dev";
203 services.websites.env.integration.vhostConfs.devtools = {
204 certName = "integration";
205 hosts = [ "tools.immae.dev" ];
206 root = "/var/lib/ftp/immae/devtools";
207 extraConfig = [
208 ''
209 Use Apaxy "/var/lib/ftp/immae/devtools" "title"
210 Timeout 600
211 ProxyTimeout 600
212 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
213 <Directory "/var/lib/ftp/immae/devtools">
214 DirectoryIndex index.php index.htm index.html
215 AllowOverride all
216 Require all granted
217 <FilesMatch "\.php$">
218 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
219 </FilesMatch>
220 </Directory>
221 ''
222 ];
223 };
224
225
226 security.acme.certs.eldiron.extraDomainNames = [ "outils.immae.eu" "tools.immae.eu" ];
227 services.websites.env.tools.vhostConfs.tools = {
228 certName = "eldiron";
229 hosts = ["tools.immae.eu" ];
230 root = landing;
231 extraConfig = [
232 ''
233 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
234 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
235 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
236
237 <Directory "${landing}">
238 Include ${config.secrets.fullPaths."webapps/tools-landing-sql-rw"}
239 DirectoryIndex index.html
240 AllowOverride None
241 Require all granted
242
243 <FilesMatch "\.php$">
244 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
245 </FilesMatch>
246 </Directory>
247 ''
248 (adminer.apache.vhostConf pcfg.adminer.socket)
249 ympd.apache.vhostConf
250 (ttrss.apache.vhostConf pcfg.ttrss.socket)
251 (wallabag.apache.vhostConf pcfg.wallabag.socket)
252 (yourls.apache.vhostConf pcfg.yourls.socket)
253 (rompr.apache.vhostConf pcfg.rompr.socket)
254 (shaarli.apache.vhostConf pcfg.shaarli.socket)
255 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
256 (ldap.apache.vhostConf pcfg.ldap.socket)
257 (kanboard.apache.vhostConf pcfg.kanboard.socket)
258 (grocy'.apache.vhostConf pcfg.grocy.socket)
259 (phpbb.apache.vhostConf pcfg.phpbb.socket)
260 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
261 ''
262 <Location "/paste/">
263 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
264 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
265 ProxyPreserveHost on
266 </Location>
267 <Location "/paste">
268 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
269 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
270 ProxyPreserveHost on
271 </Location>
272
273 <Location "/ntfy/">
274 SetEnv proxy-nokeepalive 1
275 SetEnv proxy-sendchunked 1
276 LimitRequestBody 102400
277
278 RewriteEngine On
279
280 # FIXME: why is landing prefixed in the url?
281 RewriteCond %{HTTP:Upgrade} websocket [NC]
282 RewriteCond %{HTTP:Connection} upgrade [NC]
283 RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|ws://tools.immae.eu/$2 [P,NE,QSA,L]
284
285 RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|http://tools.immae.eu/$2 [P,NE,QSA,L]
286 </Location>
287 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
288 <Directory "/var/lib/buildbot/outputs/immae/bip39">
289 DirectoryIndex index.html
290 AllowOverride None
291 Require all granted
292 </Directory>
293
294 Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
295 <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
296 Options -Indexes
297 DirectoryIndex index.php
298 Require all granted
299 AllowOverride None
300 <FilesMatch "\.php$">
301 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
302 </FilesMatch>
303 </Directory>
304
305 Alias /matrix ${matrix}
306 <Directory "${matrix}">
307 DirectoryIndex index.html
308 AllowOverride None
309 Require all granted
310 </Directory>
311 ''
312 ];
313 };
314
315 services.websites.env.tools.vhostConfs.outils = {
316 certName = "eldiron";
317 hosts = [ "outils.immae.eu" ];
318 root = null;
319 extraConfig = [
320 ''
321 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
322
323 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
324
325 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
326 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
327
328 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
329 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
330 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
331 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
332
333 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
334
335 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
336
337 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
338
339 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
340
341 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
342 ''
343 ];
344 };
345
346 systemd.services = {
347 phpfpm-dokuwiki = {
348 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
349 wants = dokuwiki.phpFpm.serviceDeps;
350 };
351 phpfpm-phpbb = {
352 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
353 wants = phpbb.phpFpm.serviceDeps;
354 };
355 phpfpm-kanboard = {
356 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
357 wants = kanboard.phpFpm.serviceDeps;
358 };
359 phpfpm-ldap = {
360 after = lib.mkAfter ldap.phpFpm.serviceDeps;
361 wants = ldap.phpFpm.serviceDeps;
362 };
363 phpfpm-shaarli = {
364 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
365 wants = shaarli.phpFpm.serviceDeps;
366 };
367 phpfpm-ttrss = {
368 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
369 wants = ttrss.phpFpm.serviceDeps;
370 };
371 phpfpm-wallabag = {
372 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
373 wants = wallabag.phpFpm.serviceDeps;
374 preStart = lib.mkAfter wallabag.phpFpm.preStart;
375 };
376 phpfpm-yourls = {
377 after = lib.mkAfter yourls.phpFpm.serviceDeps;
378 wants = yourls.phpFpm.serviceDeps;
379 };
380 ntfy = {
381 description = "send push notifications to your phone or desktop via scripts from any computer";
382 wantedBy = [ "multi-user.target" ];
383 serviceConfig = {
384 ExecStart = "${pkgs.ntfy-sh}/bin/ntfy serve --listen-http '' --listen-unix %t/ntfy/ntfy.sock --cache-file %S/ntfy/cache.db --cache-duration 120h --behind-proxy --attachment-cache-dir %S/ntfy/attachments --base-url https://tools.immae.eu/ntfy";
385 Type = "simple";
386 WorkingDirectory = "%S/ntfy";
387 RuntimeDirectory = "ntfy";
388 StateDirectory = "ntfy";
389 User = "wwwrun";
390 };
391 };
392 ympd = {
393 description = "Standalone MPD Web GUI written in C";
394 wantedBy = [ "multi-user.target" ];
395 script = ''
396 export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
397 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
398 '';
399 };
400 tt-rss = {
401 description = "Tiny Tiny RSS feeds update daemon";
402 serviceConfig = {
403 User = "wwwrun";
404 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
405 StandardOutput = "syslog";
406 StandardError = "syslog";
407 PermissionsStartOnly = true;
408 };
409
410 wantedBy = [ "multi-user.target" ];
411 requires = ["postgresql.service"];
412 after = ["network.target" "postgresql.service"];
413 };
414 };
415
416 services.filesWatcher.ympd = {
417 restart = true;
418 paths = [ config.secrets.fullPaths."mpd" ];
419 };
420
421 services.paste = {
422 enable = true;
423 webDirectory = "/paste";
424 };
425
426 services.phpfpm.pools = {
427 tools = {
428 user = "wwwrun";
429 group = "wwwrun";
430 settings = {
431 "listen.owner" = "wwwrun";
432 "listen.group" = "wwwrun";
433 "pm" = "dynamic";
434 "pm.max_children" = "60";
435 "pm.start_servers" = "2";
436 "pm.min_spare_servers" = "1";
437 "pm.max_spare_servers" = "10";
438
439 "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
440 "php_admin_value[session.save_handler]" = "redis";
441 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Tools:'";
442 # Needed to avoid clashes in browser cookies (same domain)
443 "php_value[session.name]" = "ToolsPHPSESSID";
444 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
445 "/run/wrappers/bin/sendmail" landing "/tmp"
446 config.secrets.fullPaths."webapps/webhooks"
447 "${webhooks-bin-env}/bin"
448 ];
449 };
450 phpEnv = {
451 CONTACT_EMAIL = config.myEnv.tools.contact;
452 };
453 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
454 };
455 devtools = {
456 user = "wwwrun";
457 group = "wwwrun";
458 settings = {
459 "listen.owner" = "wwwrun";
460 "listen.group" = "wwwrun";
461 "pm" = "dynamic";
462 "pm.max_children" = "60";
463 "pm.start_servers" = "2";
464 "pm.min_spare_servers" = "1";
465 "pm.max_spare_servers" = "10";
466
467 "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
468 "php_admin_value[session.save_handler]" = "redis";
469 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Devtools:'";
470 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
471 };
472 phpPackage = pkgs.php82.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.sqlite3 all.redis all.apcu all.opcache ]);
473 };
474 adminer = adminer.phpFpm;
475 ttrss = {
476 user = "wwwrun";
477 group = "wwwrun";
478 settings = ttrss.phpFpm.pool;
479 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
480 };
481 wallabag = {
482 user = "wwwrun";
483 group = "wwwrun";
484 settings = wallabag.phpFpm.pool;
485 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy all.redis]);
486 };
487 yourls = {
488 user = "wwwrun";
489 group = "wwwrun";
490 settings = yourls.phpFpm.pool;
491 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
492 };
493 rompr = {
494 user = "wwwrun";
495 group = "wwwrun";
496 settings = rompr.phpFpm.pool;
497 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
498 };
499 shaarli = {
500 user = "wwwrun";
501 group = "wwwrun";
502 settings = shaarli.phpFpm.pool;
503 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
504 };
505 dmarc-reports = {
506 user = "wwwrun";
507 group = "wwwrun";
508 settings = dmarc-reports.phpFpm.pool;
509 phpEnv = dmarc-reports.phpFpm.phpEnv;
510 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
511 };
512 dokuwiki = {
513 user = "wwwrun";
514 group = "wwwrun";
515 settings = dokuwiki.phpFpm.pool;
516 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
517 };
518 phpbb = {
519 user = "wwwrun";
520 group = "wwwrun";
521 settings = phpbb.phpFpm.pool;
522 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
523 };
524 ldap = {
525 user = "wwwrun";
526 group = "wwwrun";
527 settings = ldap.phpFpm.pool;
528 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
529 };
530 kanboard = {
531 user = "wwwrun";
532 group = "wwwrun";
533 settings = kanboard.phpFpm.pool;
534 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
535 };
536 grocy = {
537 user = "wwwrun";
538 group = "wwwrun";
539 settings = grocy'.phpFpm.pool;
540 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
541 };
542 };
543
544 system.activationScripts = {
545 grocy = grocy'.activationScript;
546 ttrss = ttrss.activationScript;
547 wallabag = wallabag.activationScript;
548 rompr = rompr.activationScript;
549 shaarli = shaarli.activationScript;
550 dokuwiki = dokuwiki.activationScript;
551 phpbb = phpbb.activationScript;
552 kanboard = kanboard.activationScript;
553 };
554
555 services.websites.env.tools.watchPaths = [
556 config.secrets.fullPaths."webapps/tools-shaarli"
557 ];
558 services.filesWatcher.phpfpm-wallabag = {
559 restart = true;
560 paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
561 };
562
563 myServices.monitoring.fromMasterActivatedPlugins = lib.mkMerge [
564 ttrss.monitoringPlugins
565 rompr.monitoringPlugins
566 wallabag.monitoringPlugins
567 yourls.monitoringPlugins
568 ympd.monitoringPlugins
569 dokuwiki.monitoringPlugins
570 shaarli.monitoringPlugins
571 ldap.monitoringPlugins
572 adminer.monitoringPlugins
573 ];
574 myServices.monitoring.fromMasterObjects = lib.mkMerge [
575 ttrss.monitoringObjects
576 rompr.monitoringObjects
577 wallabag.monitoringObjects
578 yourls.monitoringObjects
579 ympd.monitoringObjects
580 dokuwiki.monitoringObjects
581 shaarli.monitoringObjects
582 ldap.monitoringObjects
583 adminer.monitoringObjects
584 ];
585 };
586}
587