]> git.immae.eu Git - perso/Immae/Config/Nix.git/blame_incremental - systems/eldiron/websites/tools/default.nix
Move backup directory to host subdir
[perso/Immae/Config/Nix.git] / systems / eldiron / websites / tools / default.nix
... / ...
CommitLineData
1{ lib, pkgs, config, mypackages-lib, grocy, ... }:
2let
3 composerEnv = mypackages-lib.composerEnv;
4 adminer = pkgs.callPackage ./adminer.nix { inherit config; };
5 ympd = pkgs.callPackage ./ympd.nix {
6 env = config.myEnv.tools.ympd;
7 inherit config;
8 };
9 ttrss = pkgs.callPackage ./ttrss.nix {
10 ttrss = pkgs.webapps-ttrss;
11 ttrss-plugins = pkgs.webapps-ttrss-plugins;
12 env = config.myEnv.tools.ttrss;
13 php = pkgs.php72;
14 inherit config;
15 };
16 kanboard = pkgs.callPackage ./kanboard.nix {
17 inherit config;
18 env = config.myEnv.tools.kanboard;
19 };
20 wallabag = pkgs.callPackage ./wallabag.nix {
21 wallabag = pkgs.webapps-wallabag.override {
22 composerEnv = composerEnv.override {
23 php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]);
24 };
25 };
26 env = config.myEnv.tools.wallabag;
27 inherit config;
28 };
29 yourls = pkgs.callPackage ./yourls.nix {
30 yourls = pkgs.webapps-yourls;
31 yourls-plugins = pkgs.webapps-yourls-plugins;
32 env = config.myEnv.tools.yourls;
33 inherit config;
34 };
35 rompr = pkgs.callPackage ./rompr.nix {
36 rompr = pkgs.webapps-rompr;
37 env = config.myEnv.tools.rompr;
38 inherit config;
39 };
40 shaarli = pkgs.callPackage ./shaarli.nix {
41 env = config.myEnv.tools.shaarli;
42 inherit config;
43 };
44 dokuwiki = pkgs.callPackage ./dokuwiki.nix {
45 dokuwiki = pkgs.webapps-dokuwiki;
46 dokuwiki-plugins = pkgs.webapps-dokuwiki-plugins;
47 inherit config;
48 };
49 ldap = pkgs.callPackage ./ldap.nix {
50 phpldapadmin = pkgs.webapps-phpldapadmin;
51 env = config.myEnv.tools.phpldapadmin;
52 inherit config;
53 };
54 grocy' = pkgs.callPackage ./grocy.nix {
55 grocy = grocy.override { composerEnv = composerEnv.override { php = pkgs.php72; }; };
56 };
57 phpbb = pkgs.callPackage ./phpbb.nix {
58 phpbb = (pkgs.webapps-phpbb.withLangs (l: [ l.fr ])).withExts (e: [
59 e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat
60 e.empteintesduweb.monitoranswers e.lr94.autosubscribe
61 e.phpbbmodders.adduser ]);
62 };
63 webhooks-bin-env = pkgs.buildEnv {
64 name = "webhook-env";
65 paths = [ pkgs.apprise ];
66 pathsToLink = [ "/bin" ];
67 };
68 webhooks = pkgs.callPackage ./webhooks.nix {
69 env = config.myEnv.tools.webhooks;
70 binEnv = webhooks-bin-env;
71 };
72 dmarc-reports = pkgs.callPackage ./dmarc_reports.nix {
73 env = config.myEnv.tools.dmarc_reports;
74 inherit config;
75 };
76
77 landing = pkgs.callPackage ./landing.nix { };
78
79 matrix = pkgs.element-web.override {
80 conf = {
81 default_server_config."m.homeserver" = {
82 base_url = "https://synapse.immae.eu";
83 server_name = "immae.eu";
84 };
85 default_server_config."m.identity_server" = {
86 base_url = "https://vector.im";
87 };
88 room_directory.servers = [ "immae.eu" "matrix.org" ];
89 };
90 };
91
92 cfg = config.myServices.websites.tools.tools;
93 pcfg = config.services.phpfpm.pools;
94in {
95 options.myServices.websites.tools.tools = {
96 enable = lib.mkEnableOption "enable tools website";
97 };
98
99 config = lib.mkIf cfg.enable {
100 # Services needing to send e-mails
101 myServices.dns.zones."immae.eu".emailPolicies."tools".receive = true;
102 myServices.dns.zones."immae.eu".subdomains =
103 with config.myServices.dns.helpers;
104 {
105 outils = ips servers.eldiron.ips.main;
106 tools = lib.mkMerge [
107 (mailCommon "immae.eu" true)
108 mailSend
109 (ips servers.eldiron.ips.main)
110 ];
111 synapse = ips servers.zoldene.ips.main;
112 };
113
114 services.borgBackup.profiles.global.ignoredPaths = [
115 "duply"
116 "kanboard"
117 "ntfy"
118 ];
119 services.borgBackup.profiles.global.includedPaths = [
120 "paste"
121 "dokuwiki/conf"
122 "dokuwiki/data"
123 "phpbb"
124 "shaarli/cache"
125 "shaarli/pagecache"
126 "shaarli/tmp"
127 ];
128
129 myServices.chatonsProperties.services = {
130 adminer = adminer.chatonsProperties;
131 dokuwiki = dokuwiki.chatonsProperties;
132 shaarli = shaarli.chatonsProperties;
133 ttrss = ttrss.chatonsProperties;
134 wallabag = wallabag.chatonsProperties;
135 paste = {
136 file.datetime = "2022-08-22T00:15:00";
137 service = {
138 name = "Paste";
139 description = "A simple paster script with syntax highlight";
140 website = "https://tools.immae.eu/paste/";
141 logo = "https://assets.immae.eu/logo.jpg";
142 status.level = "OK";
143 status.description = "OK";
144 registration."" = ["MEMBER" "CLIENT"];
145 registration.load = "OPEN";
146 install.type = "PACKAGE";
147 guide.user = "https://tools.immae.eu/paste/";
148 };
149 software = {
150 name = "Paste";
151 website = "https://tools.immae.eu/paste/";
152 license.url = "https://tools.immae.eu/paste/license";
153 license.name = "MIT License";
154 version = "Unversioned";
155 source.url = "https://tools.immae.eu/paste/abcd123/py";
156 };
157 };
158 };
159 myServices.chatonsProperties.hostings = {
160 dokuwiki = dokuwiki.chatonsHostingProperties;
161 phpbb = phpbb.chatonsHostingProperties;
162 };
163 secrets.keys =
164 kanboard.keys
165 // ldap.keys
166 // shaarli.keys
167 // ttrss.keys
168 // wallabag.keys
169 // yourls.keys
170 // dmarc-reports.keys
171 // webhooks.keys
172 // ({ "webapps/tools-landing-sql-rw" = {
173 user = "wwwrun";
174 group = "wwwrun";
175 permissions = "0400";
176 text = let
177 env = config.myEnv.tools.landing;
178 in ''
179 SetEnv PGUSER "${env.postgresql.user}"
180 SetEnv PGPASSWORD "${env.postgresql.password}"
181 SetEnv PGDATABASE "${env.postgresql.database}"
182 SetEnv PGHOST "${env.postgresql.socket}"
183 '';
184 }; });
185 services.websites.env.tools.modules =
186 [ "proxy_fcgi" ]
187 ++ adminer.apache.modules
188 ++ ympd.apache.modules
189 ++ ttrss.apache.modules
190 ++ wallabag.apache.modules
191 ++ yourls.apache.modules
192 ++ rompr.apache.modules
193 ++ shaarli.apache.modules
194 ++ dokuwiki.apache.modules
195 ++ dmarc-reports.apache.modules
196 ++ phpbb.apache.modules
197 ++ ldap.apache.modules
198 ++ kanboard.apache.modules;
199
200 myServices.dns.zones."immae.dev" = with config.myServices.dns.helpers; {
201 subdomains.tools = ips servers.eldiron.ips.integration;
202 };
203 security.acme.certs.integration.domain = "tools.immae.dev";
204 services.websites.env.integration.vhostConfs.devtools = {
205 certName = "integration";
206 hosts = [ "tools.immae.dev" ];
207 root = "/var/lib/ftp/immae/devtools";
208 extraConfig = [
209 ''
210 Use Apaxy "/var/lib/ftp/immae/devtools" "title"
211 Timeout 600
212 ProxyTimeout 600
213 Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}"
214 <Directory "/var/lib/ftp/immae/devtools">
215 DirectoryIndex index.php index.htm index.html
216 AllowOverride all
217 Require all granted
218 <FilesMatch "\.php$">
219 SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost"
220 </FilesMatch>
221 </Directory>
222 ''
223 ];
224 };
225
226
227 security.acme.certs.eldiron.extraDomainNames = [ "outils.immae.eu" "tools.immae.eu" ];
228 services.websites.env.tools.vhostConfs.tools = {
229 certName = "eldiron";
230 hosts = ["tools.immae.eu" ];
231 root = landing;
232 extraConfig = [
233 ''
234 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
235 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
236 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
237
238 <Directory "${landing}">
239 Include ${config.secrets.fullPaths."webapps/tools-landing-sql-rw"}
240 DirectoryIndex index.html
241 AllowOverride None
242 Require all granted
243
244 <FilesMatch "\.php$">
245 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
246 </FilesMatch>
247 </Directory>
248 ''
249 (adminer.apache.vhostConf pcfg.adminer.socket)
250 ympd.apache.vhostConf
251 (ttrss.apache.vhostConf pcfg.ttrss.socket)
252 (wallabag.apache.vhostConf pcfg.wallabag.socket)
253 (yourls.apache.vhostConf pcfg.yourls.socket)
254 (rompr.apache.vhostConf pcfg.rompr.socket)
255 (shaarli.apache.vhostConf pcfg.shaarli.socket)
256 (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket)
257 (ldap.apache.vhostConf pcfg.ldap.socket)
258 (kanboard.apache.vhostConf pcfg.kanboard.socket)
259 (grocy'.apache.vhostConf pcfg.grocy.socket)
260 (phpbb.apache.vhostConf pcfg.phpbb.socket)
261 (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket)
262 ''
263 <Location "/paste/">
264 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
265 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
266 ProxyPreserveHost on
267 </Location>
268 <Location "/paste">
269 ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
270 ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/
271 ProxyPreserveHost on
272 </Location>
273
274 <Location "/ntfy/">
275 SetEnv proxy-nokeepalive 1
276 SetEnv proxy-sendchunked 1
277 LimitRequestBody 102400
278
279 RewriteEngine On
280
281 # FIXME: why is landing prefixed in the url?
282 RewriteCond %{HTTP:Upgrade} websocket [NC]
283 RewriteCond %{HTTP:Connection} upgrade [NC]
284 RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|ws://tools.immae.eu/$2 [P,NE,QSA,L]
285
286 RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|http://tools.immae.eu/$2 [P,NE,QSA,L]
287 </Location>
288 Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39
289 <Directory "/var/lib/buildbot/outputs/immae/bip39">
290 DirectoryIndex index.html
291 AllowOverride None
292 Require all granted
293 </Directory>
294
295 Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"}
296 <Directory "${config.secrets.fullPaths."webapps/webhooks"}">
297 Options -Indexes
298 DirectoryIndex index.php
299 Require all granted
300 AllowOverride None
301 <FilesMatch "\.php$">
302 SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost"
303 </FilesMatch>
304 </Directory>
305
306 Alias /matrix ${matrix}
307 <Directory "${matrix}">
308 DirectoryIndex index.html
309 AllowOverride None
310 Require all granted
311 </Directory>
312 ''
313 ];
314 };
315
316 services.websites.env.tools.vhostConfs.outils = {
317 certName = "eldiron";
318 hosts = [ "outils.immae.eu" ];
319 root = null;
320 extraConfig = [
321 ''
322 RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1
323
324 RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1
325
326 RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1
327 RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1
328
329 RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1
330 RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1
331 RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1
332 RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1
333
334 RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1
335
336 RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1
337
338 RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse
339
340 RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1
341
342 RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1
343 ''
344 ];
345 };
346
347 systemd.services = {
348 phpfpm-dokuwiki = {
349 after = lib.mkAfter dokuwiki.phpFpm.serviceDeps;
350 wants = dokuwiki.phpFpm.serviceDeps;
351 };
352 phpfpm-phpbb = {
353 after = lib.mkAfter phpbb.phpFpm.serviceDeps;
354 wants = phpbb.phpFpm.serviceDeps;
355 };
356 phpfpm-kanboard = {
357 after = lib.mkAfter kanboard.phpFpm.serviceDeps;
358 wants = kanboard.phpFpm.serviceDeps;
359 };
360 phpfpm-ldap = {
361 after = lib.mkAfter ldap.phpFpm.serviceDeps;
362 wants = ldap.phpFpm.serviceDeps;
363 };
364 phpfpm-shaarli = {
365 after = lib.mkAfter shaarli.phpFpm.serviceDeps;
366 wants = shaarli.phpFpm.serviceDeps;
367 };
368 phpfpm-ttrss = {
369 after = lib.mkAfter ttrss.phpFpm.serviceDeps;
370 wants = ttrss.phpFpm.serviceDeps;
371 };
372 phpfpm-wallabag = {
373 after = lib.mkAfter wallabag.phpFpm.serviceDeps;
374 wants = wallabag.phpFpm.serviceDeps;
375 preStart = lib.mkAfter wallabag.phpFpm.preStart;
376 };
377 phpfpm-yourls = {
378 after = lib.mkAfter yourls.phpFpm.serviceDeps;
379 wants = yourls.phpFpm.serviceDeps;
380 };
381 ntfy = {
382 description = "send push notifications to your phone or desktop via scripts from any computer";
383 wantedBy = [ "multi-user.target" ];
384 serviceConfig = {
385 ExecStart = "${pkgs.ntfy-sh}/bin/ntfy serve --listen-http '' --listen-unix %t/ntfy/ntfy.sock --cache-file %S/ntfy/cache.db --cache-duration 120h --behind-proxy --attachment-cache-dir %S/ntfy/attachments --base-url https://tools.immae.eu/ntfy";
386 Type = "simple";
387 WorkingDirectory = "%S/ntfy";
388 RuntimeDirectory = "ntfy";
389 StateDirectory = "ntfy";
390 User = "wwwrun";
391 };
392 };
393 ympd = {
394 description = "Standalone MPD Web GUI written in C";
395 wantedBy = [ "multi-user.target" ];
396 script = ''
397 export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"})
398 ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody
399 '';
400 };
401 tt-rss = {
402 description = "Tiny Tiny RSS feeds update daemon";
403 serviceConfig = {
404 User = "wwwrun";
405 ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon";
406 StandardOutput = "syslog";
407 StandardError = "syslog";
408 PermissionsStartOnly = true;
409 };
410
411 wantedBy = [ "multi-user.target" ];
412 requires = ["postgresql.service"];
413 after = ["network.target" "postgresql.service"];
414 };
415 };
416
417 services.filesWatcher.ympd = {
418 restart = true;
419 paths = [ config.secrets.fullPaths."mpd" ];
420 };
421
422 services.paste = {
423 enable = true;
424 webDirectory = "/paste";
425 };
426
427 services.phpfpm.pools = {
428 tools = {
429 user = "wwwrun";
430 group = "wwwrun";
431 settings = {
432 "listen.owner" = "wwwrun";
433 "listen.group" = "wwwrun";
434 "pm" = "dynamic";
435 "pm.max_children" = "60";
436 "pm.start_servers" = "2";
437 "pm.min_spare_servers" = "1";
438 "pm.max_spare_servers" = "10";
439
440 "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
441 "php_admin_value[session.save_handler]" = "redis";
442 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Tools:'";
443 # Needed to avoid clashes in browser cookies (same domain)
444 "php_value[session.name]" = "ToolsPHPSESSID";
445 "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [
446 "/run/wrappers/bin/sendmail" landing "/tmp"
447 config.secrets.fullPaths."webapps/webhooks"
448 "${webhooks-bin-env}/bin"
449 ];
450 };
451 phpEnv = {
452 CONTACT_EMAIL = config.myEnv.tools.contact;
453 };
454 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
455 };
456 devtools = {
457 user = "wwwrun";
458 group = "wwwrun";
459 settings = {
460 "listen.owner" = "wwwrun";
461 "listen.group" = "wwwrun";
462 "pm" = "dynamic";
463 "pm.max_children" = "60";
464 "pm.start_servers" = "2";
465 "pm.min_spare_servers" = "1";
466 "pm.max_spare_servers" = "10";
467
468 "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i";
469 "php_admin_value[session.save_handler]" = "redis";
470 "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Devtools:'";
471 "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp";
472 };
473 phpPackage = pkgs.php82.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.sqlite3 all.redis all.apcu all.opcache ]);
474 };
475 adminer = adminer.phpFpm;
476 ttrss = {
477 user = "wwwrun";
478 group = "wwwrun";
479 settings = ttrss.phpFpm.pool;
480 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
481 };
482 wallabag = {
483 user = "wwwrun";
484 group = "wwwrun";
485 settings = wallabag.phpFpm.pool;
486 phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy all.redis]);
487 };
488 yourls = {
489 user = "wwwrun";
490 group = "wwwrun";
491 settings = yourls.phpFpm.pool;
492 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
493 };
494 rompr = {
495 user = "wwwrun";
496 group = "wwwrun";
497 settings = rompr.phpFpm.pool;
498 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
499 };
500 shaarli = {
501 user = "wwwrun";
502 group = "wwwrun";
503 settings = shaarli.phpFpm.pool;
504 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
505 };
506 dmarc-reports = {
507 user = "wwwrun";
508 group = "wwwrun";
509 settings = dmarc-reports.phpFpm.pool;
510 phpEnv = dmarc-reports.phpFpm.phpEnv;
511 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
512 };
513 dokuwiki = {
514 user = "wwwrun";
515 group = "wwwrun";
516 settings = dokuwiki.phpFpm.pool;
517 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
518 };
519 phpbb = {
520 user = "wwwrun";
521 group = "wwwrun";
522 settings = phpbb.phpFpm.pool;
523 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
524 };
525 ldap = {
526 user = "wwwrun";
527 group = "wwwrun";
528 settings = ldap.phpFpm.pool;
529 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
530 };
531 kanboard = {
532 user = "wwwrun";
533 group = "wwwrun";
534 settings = kanboard.phpFpm.pool;
535 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
536 };
537 grocy = {
538 user = "wwwrun";
539 group = "wwwrun";
540 settings = grocy'.phpFpm.pool;
541 phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]);
542 };
543 };
544
545 system.activationScripts = {
546 grocy = grocy'.activationScript;
547 ttrss = ttrss.activationScript;
548 wallabag = wallabag.activationScript;
549 rompr = rompr.activationScript;
550 shaarli = shaarli.activationScript;
551 dokuwiki = dokuwiki.activationScript;
552 phpbb = phpbb.activationScript;
553 kanboard = kanboard.activationScript;
554 };
555
556 services.websites.env.tools.watchPaths = [
557 config.secrets.fullPaths."webapps/tools-shaarli"
558 ];
559 services.filesWatcher.phpfpm-wallabag = {
560 restart = true;
561 paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ];
562 };
563
564 myServices.monitoring.fromMasterActivatedPlugins = lib.mkMerge [
565 ttrss.monitoringPlugins
566 rompr.monitoringPlugins
567 wallabag.monitoringPlugins
568 yourls.monitoringPlugins
569 ympd.monitoringPlugins
570 dokuwiki.monitoringPlugins
571 shaarli.monitoringPlugins
572 ldap.monitoringPlugins
573 adminer.monitoringPlugins
574 ];
575 myServices.monitoring.fromMasterObjects = lib.mkMerge [
576 ttrss.monitoringObjects
577 rompr.monitoringObjects
578 wallabag.monitoringObjects
579 yourls.monitoringObjects
580 ympd.monitoringObjects
581 dokuwiki.monitoringObjects
582 shaarli.monitoringObjects
583 ldap.monitoringObjects
584 adminer.monitoringObjects
585 ];
586 };
587}
588