| | 1 | { lib, pkgs, config, mypackages-lib, grocy, ... }: |
| | 2 | let |
| | 3 | composerEnv = mypackages-lib.composerEnv; |
| | 4 | adminer = pkgs.callPackage ./adminer.nix { inherit config; }; |
| | 5 | ympd = pkgs.callPackage ./ympd.nix { |
| | 6 | env = config.myEnv.tools.ympd; |
| | 7 | inherit config; |
| | 8 | }; |
| | 9 | ttrss = pkgs.callPackage ./ttrss.nix { |
| | 10 | ttrss = pkgs.webapps-ttrss; |
| | 11 | ttrss-plugins = pkgs.webapps-ttrss-plugins; |
| | 12 | env = config.myEnv.tools.ttrss; |
| | 13 | php = pkgs.php72; |
| | 14 | inherit config; |
| | 15 | }; |
| | 16 | kanboard = pkgs.callPackage ./kanboard.nix { |
| | 17 | inherit config; |
| | 18 | env = config.myEnv.tools.kanboard; |
| | 19 | }; |
| | 20 | wallabag = pkgs.callPackage ./wallabag.nix { |
| | 21 | wallabag = pkgs.webapps-wallabag.override { |
| | 22 | composerEnv = composerEnv.override { |
| | 23 | php = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy]); |
| | 24 | }; |
| | 25 | }; |
| | 26 | env = config.myEnv.tools.wallabag; |
| | 27 | inherit config; |
| | 28 | }; |
| | 29 | yourls = pkgs.callPackage ./yourls.nix { |
| | 30 | yourls = pkgs.webapps-yourls; |
| | 31 | yourls-plugins = pkgs.webapps-yourls-plugins; |
| | 32 | env = config.myEnv.tools.yourls; |
| | 33 | inherit config; |
| | 34 | }; |
| | 35 | rompr = pkgs.callPackage ./rompr.nix { |
| | 36 | rompr = pkgs.webapps-rompr; |
| | 37 | env = config.myEnv.tools.rompr; |
| | 38 | inherit config; |
| | 39 | }; |
| | 40 | shaarli = pkgs.callPackage ./shaarli.nix { |
| | 41 | env = config.myEnv.tools.shaarli; |
| | 42 | inherit config; |
| | 43 | }; |
| | 44 | dokuwiki = pkgs.callPackage ./dokuwiki.nix { |
| | 45 | dokuwiki = pkgs.webapps-dokuwiki; |
| | 46 | dokuwiki-plugins = pkgs.webapps-dokuwiki-plugins; |
| | 47 | inherit config; |
| | 48 | }; |
| | 49 | ldap = pkgs.callPackage ./ldap.nix { |
| | 50 | phpldapadmin = pkgs.webapps-phpldapadmin; |
| | 51 | env = config.myEnv.tools.phpldapadmin; |
| | 52 | inherit config; |
| | 53 | }; |
| | 54 | grocy' = pkgs.callPackage ./grocy.nix { |
| | 55 | grocy = grocy.override { composerEnv = composerEnv.override { php = pkgs.php72; }; }; |
| | 56 | }; |
| | 57 | phpbb = pkgs.callPackage ./phpbb.nix { |
| | 58 | phpbb = (pkgs.webapps-phpbb.withLangs (l: [ l.fr ])).withExts (e: [ |
| | 59 | e.alfredoramos.markdown e.davidiq.mailinglist e.dmzx.mchat |
| | 60 | e.empteintesduweb.monitoranswers e.lr94.autosubscribe |
| | 61 | e.phpbbmodders.adduser ]); |
| | 62 | }; |
| | 63 | webhooks-bin-env = pkgs.buildEnv { |
| | 64 | name = "webhook-env"; |
| | 65 | paths = [ pkgs.apprise ]; |
| | 66 | pathsToLink = [ "/bin" ]; |
| | 67 | }; |
| | 68 | webhooks = pkgs.callPackage ./webhooks.nix { |
| | 69 | env = config.myEnv.tools.webhooks; |
| | 70 | binEnv = webhooks-bin-env; |
| | 71 | }; |
| | 72 | dmarc-reports = pkgs.callPackage ./dmarc_reports.nix { |
| | 73 | env = config.myEnv.tools.dmarc_reports; |
| | 74 | inherit config; |
| | 75 | }; |
| | 76 | |
| | 77 | landing = pkgs.callPackage ./landing.nix { }; |
| | 78 | |
| | 79 | matrix = pkgs.element-web.override { |
| | 80 | conf = { |
| | 81 | default_server_config."m.homeserver" = { |
| | 82 | base_url = "https://synapse.immae.eu"; |
| | 83 | server_name = "immae.eu"; |
| | 84 | }; |
| | 85 | default_server_config."m.identity_server" = { |
| | 86 | base_url = "https://vector.im"; |
| | 87 | }; |
| | 88 | room_directory.servers = [ "immae.eu" "matrix.org" ]; |
| | 89 | }; |
| | 90 | }; |
| | 91 | |
| | 92 | cfg = config.myServices.websites.tools.tools; |
| | 93 | pcfg = config.services.phpfpm.pools; |
| | 94 | in { |
| | 95 | options.myServices.websites.tools.tools = { |
| | 96 | enable = lib.mkEnableOption "enable tools website"; |
| | 97 | }; |
| | 98 | |
| | 99 | config = lib.mkIf cfg.enable { |
| | 100 | # Services needing to send e-mails |
| | 101 | myServices.dns.zones."immae.eu".emailPolicies."tools".receive = true; |
| | 102 | myServices.dns.zones."immae.eu".subdomains = |
| | 103 | with config.myServices.dns.helpers; |
| | 104 | { |
| | 105 | outils = ips servers.eldiron.ips.main; |
| | 106 | tools = lib.mkMerge [ |
| | 107 | (mailCommon "immae.eu" true) |
| | 108 | mailSend |
| | 109 | (ips servers.eldiron.ips.main) |
| | 110 | ]; |
| | 111 | }; |
| | 112 | |
| | 113 | services.borgBackup.profiles.global.ignoredPaths = [ |
| | 114 | "duply" |
| | 115 | "kanboard" |
| | 116 | "ntfy" |
| | 117 | ]; |
| | 118 | services.borgBackup.profiles.global.includedPaths = [ |
| | 119 | "paste" |
| | 120 | "dokuwiki/conf" |
| | 121 | "dokuwiki/data" |
| | 122 | "phpbb" |
| | 123 | "shaarli/cache" |
| | 124 | "shaarli/pagecache" |
| | 125 | "shaarli/tmp" |
| | 126 | ]; |
| | 127 | |
| | 128 | myServices.chatonsProperties.services = { |
| | 129 | adminer = adminer.chatonsProperties; |
| | 130 | dokuwiki = dokuwiki.chatonsProperties; |
| | 131 | shaarli = shaarli.chatonsProperties; |
| | 132 | ttrss = ttrss.chatonsProperties; |
| | 133 | wallabag = wallabag.chatonsProperties; |
| | 134 | paste = { |
| | 135 | file.datetime = "2022-08-22T00:15:00"; |
| | 136 | service = { |
| | 137 | name = "Paste"; |
| | 138 | description = "A simple paster script with syntax highlight"; |
| | 139 | website = "https://tools.immae.eu/paste/"; |
| | 140 | logo = "https://assets.immae.eu/logo.jpg"; |
| | 141 | status.level = "OK"; |
| | 142 | status.description = "OK"; |
| | 143 | registration."" = ["MEMBER" "CLIENT"]; |
| | 144 | registration.load = "OPEN"; |
| | 145 | install.type = "PACKAGE"; |
| | 146 | guide.user = "https://tools.immae.eu/paste/"; |
| | 147 | }; |
| | 148 | software = { |
| | 149 | name = "Paste"; |
| | 150 | website = "https://tools.immae.eu/paste/"; |
| | 151 | license.url = "https://tools.immae.eu/paste/license"; |
| | 152 | license.name = "MIT License"; |
| | 153 | version = "Unversioned"; |
| | 154 | source.url = "https://tools.immae.eu/paste/abcd123/py"; |
| | 155 | }; |
| | 156 | }; |
| | 157 | }; |
| | 158 | myServices.chatonsProperties.hostings = { |
| | 159 | dokuwiki = dokuwiki.chatonsHostingProperties; |
| | 160 | phpbb = phpbb.chatonsHostingProperties; |
| | 161 | }; |
| | 162 | secrets.keys = |
| | 163 | kanboard.keys |
| | 164 | // ldap.keys |
| | 165 | // shaarli.keys |
| | 166 | // ttrss.keys |
| | 167 | // wallabag.keys |
| | 168 | // yourls.keys |
| | 169 | // dmarc-reports.keys |
| | 170 | // webhooks.keys |
| | 171 | // ({ "webapps/tools-landing-sql-rw" = { |
| | 172 | user = "wwwrun"; |
| | 173 | group = "wwwrun"; |
| | 174 | permissions = "0400"; |
| | 175 | text = let |
| | 176 | env = config.myEnv.tools.landing; |
| | 177 | in '' |
| | 178 | SetEnv PGUSER "${env.postgresql.user}" |
| | 179 | SetEnv PGPASSWORD "${env.postgresql.password}" |
| | 180 | SetEnv PGDATABASE "${env.postgresql.database}" |
| | 181 | SetEnv PGHOST "${env.postgresql.socket}" |
| | 182 | ''; |
| | 183 | }; }); |
| | 184 | services.websites.env.tools.modules = |
| | 185 | [ "proxy_fcgi" ] |
| | 186 | ++ adminer.apache.modules |
| | 187 | ++ ympd.apache.modules |
| | 188 | ++ ttrss.apache.modules |
| | 189 | ++ wallabag.apache.modules |
| | 190 | ++ yourls.apache.modules |
| | 191 | ++ rompr.apache.modules |
| | 192 | ++ shaarli.apache.modules |
| | 193 | ++ dokuwiki.apache.modules |
| | 194 | ++ dmarc-reports.apache.modules |
| | 195 | ++ phpbb.apache.modules |
| | 196 | ++ ldap.apache.modules |
| | 197 | ++ kanboard.apache.modules; |
| | 198 | |
| | 199 | myServices.dns.zones."immae.dev" = with config.myServices.dns.helpers; { |
| | 200 | subdomains.tools = ips servers.eldiron.ips.integration; |
| | 201 | }; |
| | 202 | security.acme.certs.integration.domain = "tools.immae.dev"; |
| | 203 | services.websites.env.integration.vhostConfs.devtools = { |
| | 204 | certName = "integration"; |
| | 205 | hosts = [ "tools.immae.dev" ]; |
| | 206 | root = "/var/lib/ftp/immae/devtools"; |
| | 207 | extraConfig = [ |
| | 208 | '' |
| | 209 | Use Apaxy "/var/lib/ftp/immae/devtools" "title" |
| | 210 | Timeout 600 |
| | 211 | ProxyTimeout 600 |
| | 212 | Header always set Content-Security-Policy-Report-Only "${config.myEnv.tools.csp_reports.policies.inline}" |
| | 213 | <Directory "/var/lib/ftp/immae/devtools"> |
| | 214 | DirectoryIndex index.php index.htm index.html |
| | 215 | AllowOverride all |
| | 216 | Require all granted |
| | 217 | <FilesMatch "\.php$"> |
| | 218 | SetHandler "proxy:unix:${pcfg.devtools.socket}|fcgi://localhost" |
| | 219 | </FilesMatch> |
| | 220 | </Directory> |
| | 221 | '' |
| | 222 | ]; |
| | 223 | }; |
| | 224 | |
| | 225 | |
| | 226 | security.acme.certs.eldiron.extraDomainNames = [ "outils.immae.eu" "tools.immae.eu" ]; |
| | 227 | services.websites.env.tools.vhostConfs.tools = { |
| | 228 | certName = "eldiron"; |
| | 229 | hosts = ["tools.immae.eu" ]; |
| | 230 | root = landing; |
| | 231 | extraConfig = [ |
| | 232 | '' |
| | 233 | RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1 |
| | 234 | RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1 |
| | 235 | RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse |
| | 236 | |
| | 237 | <Directory "${landing}"> |
| | 238 | Include ${config.secrets.fullPaths."webapps/tools-landing-sql-rw"} |
| | 239 | DirectoryIndex index.html |
| | 240 | AllowOverride None |
| | 241 | Require all granted |
| | 242 | |
| | 243 | <FilesMatch "\.php$"> |
| | 244 | SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost" |
| | 245 | </FilesMatch> |
| | 246 | </Directory> |
| | 247 | '' |
| | 248 | (adminer.apache.vhostConf pcfg.adminer.socket) |
| | 249 | ympd.apache.vhostConf |
| | 250 | (ttrss.apache.vhostConf pcfg.ttrss.socket) |
| | 251 | (wallabag.apache.vhostConf pcfg.wallabag.socket) |
| | 252 | (yourls.apache.vhostConf pcfg.yourls.socket) |
| | 253 | (rompr.apache.vhostConf pcfg.rompr.socket) |
| | 254 | (shaarli.apache.vhostConf pcfg.shaarli.socket) |
| | 255 | (dokuwiki.apache.vhostConf pcfg.dokuwiki.socket) |
| | 256 | (ldap.apache.vhostConf pcfg.ldap.socket) |
| | 257 | (kanboard.apache.vhostConf pcfg.kanboard.socket) |
| | 258 | (grocy'.apache.vhostConf pcfg.grocy.socket) |
| | 259 | (phpbb.apache.vhostConf pcfg.phpbb.socket) |
| | 260 | (dmarc-reports.apache.vhostConf pcfg.dmarc-reports.socket) |
| | 261 | '' |
| | 262 | <Location "/paste/"> |
| | 263 | ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/ |
| | 264 | ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/ |
| | 265 | ProxyPreserveHost on |
| | 266 | </Location> |
| | 267 | <Location "/paste"> |
| | 268 | ProxyPass unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/ |
| | 269 | ProxyPassReverse unix://${config.services.paste.sockets.gunicorn}|http://tools.immae.eu/paste/ |
| | 270 | ProxyPreserveHost on |
| | 271 | </Location> |
| | 272 | |
| | 273 | <Location "/ntfy/"> |
| | 274 | SetEnv proxy-nokeepalive 1 |
| | 275 | SetEnv proxy-sendchunked 1 |
| | 276 | LimitRequestBody 102400 |
| | 277 | |
| | 278 | RewriteEngine On |
| | 279 | |
| | 280 | # FIXME: why is landing prefixed in the url? |
| | 281 | RewriteCond %{HTTP:Upgrade} websocket [NC] |
| | 282 | RewriteCond %{HTTP:Connection} upgrade [NC] |
| | 283 | RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|ws://tools.immae.eu/$2 [P,NE,QSA,L] |
| | 284 | |
| | 285 | RewriteRule ^(${landing}/ntfy)?/?(.*) unix:///run/ntfy/ntfy.sock|http://tools.immae.eu/$2 [P,NE,QSA,L] |
| | 286 | </Location> |
| | 287 | Alias /BIP39 /var/lib/buildbot/outputs/immae/bip39 |
| | 288 | <Directory "/var/lib/buildbot/outputs/immae/bip39"> |
| | 289 | DirectoryIndex index.html |
| | 290 | AllowOverride None |
| | 291 | Require all granted |
| | 292 | </Directory> |
| | 293 | |
| | 294 | Alias /webhooks ${config.secrets.fullPaths."webapps/webhooks"} |
| | 295 | <Directory "${config.secrets.fullPaths."webapps/webhooks"}"> |
| | 296 | Options -Indexes |
| | 297 | DirectoryIndex index.php |
| | 298 | Require all granted |
| | 299 | AllowOverride None |
| | 300 | <FilesMatch "\.php$"> |
| | 301 | SetHandler "proxy:unix:${pcfg.tools.socket}|fcgi://localhost" |
| | 302 | </FilesMatch> |
| | 303 | </Directory> |
| | 304 | |
| | 305 | Alias /matrix ${matrix} |
| | 306 | <Directory "${matrix}"> |
| | 307 | DirectoryIndex index.html |
| | 308 | AllowOverride None |
| | 309 | Require all granted |
| | 310 | </Directory> |
| | 311 | '' |
| | 312 | ]; |
| | 313 | }; |
| | 314 | |
| | 315 | services.websites.env.tools.vhostConfs.outils = { |
| | 316 | certName = "eldiron"; |
| | 317 | hosts = [ "outils.immae.eu" ]; |
| | 318 | root = null; |
| | 319 | extraConfig = [ |
| | 320 | '' |
| | 321 | RedirectMatch 301 ^/mediagoblin(.*)$ https://mgoblin.immae.eu$1 |
| | 322 | |
| | 323 | RedirectMatch 301 ^/ether(.*)$ https://ether.immae.eu$1 |
| | 324 | |
| | 325 | RedirectMatch 301 ^/nextcloud(.*)$ https://cloud.immae.eu$1 |
| | 326 | RedirectMatch 301 ^/owncloud(.*)$ https://cloud.immae.eu$1 |
| | 327 | |
| | 328 | RedirectMatch 301 ^/carddavmate(.*)$ https://dav.immae.eu/infcloud$1 |
| | 329 | RedirectMatch 301 ^/caldavzap(.*)$ https://dav.immae.eu/infcloud$1 |
| | 330 | RedirectMatch 301 ^/caldav.php(.*)$ https://dav.immae.eu/caldav.php$1 |
| | 331 | RedirectMatch 301 ^/davical(.*)$ https://dav.immae.eu/davical$1 |
| | 332 | |
| | 333 | RedirectMatch 301 ^/taskweb(.*)$ https://task.immae.eu/taskweb$1 |
| | 334 | |
| | 335 | RedirectMatch 301 ^/roundcube(.*)$ https://mail.immae.eu/roundcube$1 |
| | 336 | |
| | 337 | RedirectMatch 301 ^/jappix(.*)$ https://im.immae.fr/converse |
| | 338 | |
| | 339 | RedirectMatch 301 ^/vpn(.*)$ https://vpn.immae.eu$1 |
| | 340 | |
| | 341 | RedirectMatch 301 ^/(.*)$ https://tools.immae.eu/$1 |
| | 342 | '' |
| | 343 | ]; |
| | 344 | }; |
| | 345 | |
| | 346 | systemd.services = { |
| | 347 | phpfpm-dokuwiki = { |
| | 348 | after = lib.mkAfter dokuwiki.phpFpm.serviceDeps; |
| | 349 | wants = dokuwiki.phpFpm.serviceDeps; |
| | 350 | }; |
| | 351 | phpfpm-phpbb = { |
| | 352 | after = lib.mkAfter phpbb.phpFpm.serviceDeps; |
| | 353 | wants = phpbb.phpFpm.serviceDeps; |
| | 354 | }; |
| | 355 | phpfpm-kanboard = { |
| | 356 | after = lib.mkAfter kanboard.phpFpm.serviceDeps; |
| | 357 | wants = kanboard.phpFpm.serviceDeps; |
| | 358 | }; |
| | 359 | phpfpm-ldap = { |
| | 360 | after = lib.mkAfter ldap.phpFpm.serviceDeps; |
| | 361 | wants = ldap.phpFpm.serviceDeps; |
| | 362 | }; |
| | 363 | phpfpm-shaarli = { |
| | 364 | after = lib.mkAfter shaarli.phpFpm.serviceDeps; |
| | 365 | wants = shaarli.phpFpm.serviceDeps; |
| | 366 | }; |
| | 367 | phpfpm-ttrss = { |
| | 368 | after = lib.mkAfter ttrss.phpFpm.serviceDeps; |
| | 369 | wants = ttrss.phpFpm.serviceDeps; |
| | 370 | }; |
| | 371 | phpfpm-wallabag = { |
| | 372 | after = lib.mkAfter wallabag.phpFpm.serviceDeps; |
| | 373 | wants = wallabag.phpFpm.serviceDeps; |
| | 374 | preStart = lib.mkAfter wallabag.phpFpm.preStart; |
| | 375 | }; |
| | 376 | phpfpm-yourls = { |
| | 377 | after = lib.mkAfter yourls.phpFpm.serviceDeps; |
| | 378 | wants = yourls.phpFpm.serviceDeps; |
| | 379 | }; |
| | 380 | ntfy = { |
| | 381 | description = "send push notifications to your phone or desktop via scripts from any computer"; |
| | 382 | wantedBy = [ "multi-user.target" ]; |
| | 383 | serviceConfig = { |
| | 384 | ExecStart = "${pkgs.ntfy-sh}/bin/ntfy serve --listen-http '' --listen-unix %t/ntfy/ntfy.sock --cache-file %S/ntfy/cache.db --cache-duration 120h --behind-proxy --attachment-cache-dir %S/ntfy/attachments --base-url https://tools.immae.eu/ntfy"; |
| | 385 | Type = "simple"; |
| | 386 | WorkingDirectory = "%S/ntfy"; |
| | 387 | RuntimeDirectory = "ntfy"; |
| | 388 | StateDirectory = "ntfy"; |
| | 389 | User = "wwwrun"; |
| | 390 | }; |
| | 391 | }; |
| | 392 | ympd = { |
| | 393 | description = "Standalone MPD Web GUI written in C"; |
| | 394 | wantedBy = [ "multi-user.target" ]; |
| | 395 | script = '' |
| | 396 | export MPD_PASSWORD=$(cat ${config.secrets.fullPaths."mpd"}) |
| | 397 | ${pkgs.ympd}/bin/ympd --host ${ympd.config.host} --port ${toString ympd.config.port} --webport ${ympd.config.webPort} --user nobody |
| | 398 | ''; |
| | 399 | }; |
| | 400 | tt-rss = { |
| | 401 | description = "Tiny Tiny RSS feeds update daemon"; |
| | 402 | serviceConfig = { |
| | 403 | User = "wwwrun"; |
| | 404 | ExecStart = "${pkgs.php72}/bin/php ${ttrss.webRoot}/update.php --daemon"; |
| | 405 | StandardOutput = "syslog"; |
| | 406 | StandardError = "syslog"; |
| | 407 | PermissionsStartOnly = true; |
| | 408 | }; |
| | 409 | |
| | 410 | wantedBy = [ "multi-user.target" ]; |
| | 411 | requires = ["postgresql.service"]; |
| | 412 | after = ["network.target" "postgresql.service"]; |
| | 413 | }; |
| | 414 | }; |
| | 415 | |
| | 416 | services.filesWatcher.ympd = { |
| | 417 | restart = true; |
| | 418 | paths = [ config.secrets.fullPaths."mpd" ]; |
| | 419 | }; |
| | 420 | |
| | 421 | services.paste = { |
| | 422 | enable = true; |
| | 423 | webDirectory = "/paste"; |
| | 424 | }; |
| | 425 | |
| | 426 | services.phpfpm.pools = { |
| | 427 | tools = { |
| | 428 | user = "wwwrun"; |
| | 429 | group = "wwwrun"; |
| | 430 | settings = { |
| | 431 | "listen.owner" = "wwwrun"; |
| | 432 | "listen.group" = "wwwrun"; |
| | 433 | "pm" = "dynamic"; |
| | 434 | "pm.max_children" = "60"; |
| | 435 | "pm.start_servers" = "2"; |
| | 436 | "pm.min_spare_servers" = "1"; |
| | 437 | "pm.max_spare_servers" = "10"; |
| | 438 | |
| | 439 | "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i"; |
| | 440 | "php_admin_value[session.save_handler]" = "redis"; |
| | 441 | "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Tools:'"; |
| | 442 | # Needed to avoid clashes in browser cookies (same domain) |
| | 443 | "php_value[session.name]" = "ToolsPHPSESSID"; |
| | 444 | "php_admin_value[open_basedir]" = builtins.concatStringsSep ":" [ |
| | 445 | "/run/wrappers/bin/sendmail" landing "/tmp" |
| | 446 | config.secrets.fullPaths."webapps/webhooks" |
| | 447 | "${webhooks-bin-env}/bin" |
| | 448 | ]; |
| | 449 | }; |
| | 450 | phpEnv = { |
| | 451 | CONTACT_EMAIL = config.myEnv.tools.contact; |
| | 452 | }; |
| | 453 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]); |
| | 454 | }; |
| | 455 | devtools = { |
| | 456 | user = "wwwrun"; |
| | 457 | group = "wwwrun"; |
| | 458 | settings = { |
| | 459 | "listen.owner" = "wwwrun"; |
| | 460 | "listen.group" = "wwwrun"; |
| | 461 | "pm" = "dynamic"; |
| | 462 | "pm.max_children" = "60"; |
| | 463 | "pm.start_servers" = "2"; |
| | 464 | "pm.min_spare_servers" = "1"; |
| | 465 | "pm.max_spare_servers" = "10"; |
| | 466 | |
| | 467 | "php_admin_value[sendmail_path]" = "/run/wrappers/bin/sendmail -t -i"; |
| | 468 | "php_admin_value[session.save_handler]" = "redis"; |
| | 469 | "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Devtools:'"; |
| | 470 | "php_admin_value[open_basedir]" = "/run/wrappers/bin/sendmail:/var/lib/ftp/immae/devtools:/tmp"; |
| | 471 | }; |
| | 472 | phpPackage = pkgs.php82.withExtensions({ enabled, all }: enabled ++ [all.mysqli all.sqlite3 all.redis all.apcu all.opcache ]); |
| | 473 | }; |
| | 474 | adminer = adminer.phpFpm; |
| | 475 | ttrss = { |
| | 476 | user = "wwwrun"; |
| | 477 | group = "wwwrun"; |
| | 478 | settings = ttrss.phpFpm.pool; |
| | 479 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); |
| | 480 | }; |
| | 481 | wallabag = { |
| | 482 | user = "wwwrun"; |
| | 483 | group = "wwwrun"; |
| | 484 | settings = wallabag.phpFpm.pool; |
| | 485 | phpPackage = pkgs.php73.withExtensions({ enabled, all }: enabled ++ [all.tidy all.redis]); |
| | 486 | }; |
| | 487 | yourls = { |
| | 488 | user = "wwwrun"; |
| | 489 | group = "wwwrun"; |
| | 490 | settings = yourls.phpFpm.pool; |
| | 491 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); |
| | 492 | }; |
| | 493 | rompr = { |
| | 494 | user = "wwwrun"; |
| | 495 | group = "wwwrun"; |
| | 496 | settings = rompr.phpFpm.pool; |
| | 497 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); |
| | 498 | }; |
| | 499 | shaarli = { |
| | 500 | user = "wwwrun"; |
| | 501 | group = "wwwrun"; |
| | 502 | settings = shaarli.phpFpm.pool; |
| | 503 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); |
| | 504 | }; |
| | 505 | dmarc-reports = { |
| | 506 | user = "wwwrun"; |
| | 507 | group = "wwwrun"; |
| | 508 | settings = dmarc-reports.phpFpm.pool; |
| | 509 | phpEnv = dmarc-reports.phpFpm.phpEnv; |
| | 510 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); |
| | 511 | }; |
| | 512 | dokuwiki = { |
| | 513 | user = "wwwrun"; |
| | 514 | group = "wwwrun"; |
| | 515 | settings = dokuwiki.phpFpm.pool; |
| | 516 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); |
| | 517 | }; |
| | 518 | phpbb = { |
| | 519 | user = "wwwrun"; |
| | 520 | group = "wwwrun"; |
| | 521 | settings = phpbb.phpFpm.pool; |
| | 522 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); |
| | 523 | }; |
| | 524 | ldap = { |
| | 525 | user = "wwwrun"; |
| | 526 | group = "wwwrun"; |
| | 527 | settings = ldap.phpFpm.pool; |
| | 528 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); |
| | 529 | }; |
| | 530 | kanboard = { |
| | 531 | user = "wwwrun"; |
| | 532 | group = "wwwrun"; |
| | 533 | settings = kanboard.phpFpm.pool; |
| | 534 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); |
| | 535 | }; |
| | 536 | grocy = { |
| | 537 | user = "wwwrun"; |
| | 538 | group = "wwwrun"; |
| | 539 | settings = grocy'.phpFpm.pool; |
| | 540 | phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [all.redis]); |
| | 541 | }; |
| | 542 | }; |
| | 543 | |
| | 544 | system.activationScripts = { |
| | 545 | grocy = grocy'.activationScript; |
| | 546 | ttrss = ttrss.activationScript; |
| | 547 | wallabag = wallabag.activationScript; |
| | 548 | rompr = rompr.activationScript; |
| | 549 | shaarli = shaarli.activationScript; |
| | 550 | dokuwiki = dokuwiki.activationScript; |
| | 551 | phpbb = phpbb.activationScript; |
| | 552 | kanboard = kanboard.activationScript; |
| | 553 | }; |
| | 554 | |
| | 555 | services.websites.env.tools.watchPaths = [ |
| | 556 | config.secrets.fullPaths."webapps/tools-shaarli" |
| | 557 | ]; |
| | 558 | services.filesWatcher.phpfpm-wallabag = { |
| | 559 | restart = true; |
| | 560 | paths = [ config.secrets.fullPaths."webapps/tools-wallabag" ]; |
| | 561 | }; |
| | 562 | |
| | 563 | myServices.monitoring.fromMasterActivatedPlugins = lib.mkMerge [ |
| | 564 | ttrss.monitoringPlugins |
| | 565 | rompr.monitoringPlugins |
| | 566 | wallabag.monitoringPlugins |
| | 567 | yourls.monitoringPlugins |
| | 568 | ympd.monitoringPlugins |
| | 569 | dokuwiki.monitoringPlugins |
| | 570 | shaarli.monitoringPlugins |
| | 571 | ldap.monitoringPlugins |
| | 572 | adminer.monitoringPlugins |
| | 573 | ]; |
| | 574 | myServices.monitoring.fromMasterObjects = lib.mkMerge [ |
| | 575 | ttrss.monitoringObjects |
| | 576 | rompr.monitoringObjects |
| | 577 | wallabag.monitoringObjects |
| | 578 | yourls.monitoringObjects |
| | 579 | ympd.monitoringObjects |
| | 580 | dokuwiki.monitoringObjects |
| | 581 | shaarli.monitoringObjects |
| | 582 | ldap.monitoringObjects |
| | 583 | adminer.monitoringObjects |
| | 584 | ]; |
| | 585 | }; |
| | 586 | } |
| | 587 | |
projects / perso / Immae / Config / Nix.git / blame_incremental