modules/private/websites/immae/production.nix

   1 { lib, pkgs, config,  ... }:
   2 let
   3   cfg = config.myServices.websites.immae.production;
   4   varDir = "/var/lib/buildbot/outputs/immae/blog";
   5   coursDir = "/var/lib/buildbot/outputs/immae/cours";
   6   rechercheDir = "/var/lib/buildbot/outputs/immae/recherche";
   7   recettesDir = "/var/lib/buildbot/outputs/immae/recettes";
   8   jardinDir = "/var/lib/buildbot/outputs/immae/jardin";
   9   historyDir = "/var/lib/buildbot/outputs/immae/history";
  10   docsDir = "/var/lib/buildbot/outputs/immae/docs/";
  11   env = config.myEnv.websites.immae;
  12 in {
  13   options.myServices.websites.immae.production.enable = lib.mkEnableOption "enable Immae's website";
  14
  15   config = lib.mkIf cfg.enable {
  16     myServices.chatonsProperties.enable = true;
  17     services.webstats.sites = [ { name = "www.immae.eu"; } ];
  18
  19     services.websites.env.production.vhostConfs.immae_production = {
  20       certName     = "immae";
  21       addToCerts   = true;
  22       certMainHost = "www.immae.eu";
  23       hosts        = [ "www.immae.eu" "immae.eu" ];
  24       root         = varDir;
  25       extraConfig  = [
  26         ''
  27         Use Stats www.immae.eu
  28         Header always set Strict-Transport-Security "max-age=31536000"
  29
  30         <LocationMatch /.well-known/(webfinger|host-meta)>
  31           Header always set Referrer-Policy "strict-origin-when-cross-origin"
  32           RequestHeader set X-Forwarded-Proto "https"
  33
  34           RewriteRule ^(.*)$ https://mastodon.immae.eu%{REQUEST_URI} [QSA,L]
  35         </LocationMatch>
  36
  37         RewriteEngine On
  38         RewriteCond "%{REQUEST_URI}" "!^/.well-known/(webfinger|host-meta)"
  39         RewriteCond "%{HTTP_HOST}" "!^www\.immae\.eu$" [NC]
  40         RewriteRule ^(.+)$ https://www.immae.eu$1 [R=302,L]
  41
  42         <Directory ${varDir}>
  43           DirectoryIndex index.htm index.html
  44           Options Indexes FollowSymLinks MultiViews Includes
  45           AllowOverride All
  46           Require all granted
  47         </Directory>
  48
  49         Alias /.well-known/matrix ${./matrix}
  50         <Directory ${./matrix}>
  51           Options Indexes FollowSymLinks MultiViews Includes
  52           AllowOverride None
  53           Require all granted
  54           Header always set Access-Control-Allow-Origin "*"
  55         </Directory>
  56
  57         Alias /cours ${coursDir}
  58         <Directory ${coursDir}>
  59           DirectoryIndex index.htm index.html
  60           Options Indexes FollowSymLinks MultiViews Includes
  61           AllowOverride All
  62           Require all granted
  63         </Directory>
  64
  65         Alias /docs ${docsDir}
  66         <Directory ${docsDir}>
  67           DirectoryIndex index.htm index.html
  68           Options Indexes FollowSymLinks MultiViews Includes
  69           AllowOverride All
  70           Require all granted
  71         </Directory>
  72
  73         Alias /eurl ${./sarl}
  74         Alias /eurl ${./sarl}
  75         <Directory ${./sarl}>
  76           DirectoryIndex index.htm index.html
  77           Options Indexes FollowSymLinks MultiViews Includes
  78           AllowOverride None
  79           Require all granted
  80         </Directory>
  81
  82         Alias /recherche ${rechercheDir}
  83         <Directory ${rechercheDir}>
  84           DirectoryIndex index.htm index.html
  85           Options Indexes FollowSymLinks MultiViews Includes
  86           AllowOverride All
  87           Require all granted
  88         </Directory>
  89
  90         Alias /recettes ${recettesDir}
  91         <Directory ${recettesDir}>
  92           DirectoryIndex index.htm index.html
  93           Options Indexes FollowSymLinks MultiViews Includes
  94           AllowOverride All
  95           Require all granted
  96         </Directory>
  97
  98         Alias /jardin ${jardinDir}
  99         <Directory ${jardinDir}>
 100           DirectoryIndex index.htm index.html
 101           Options Indexes FollowSymLinks MultiViews Includes
 102           AllowOverride All
 103           Require all granted
 104         </Directory>
 105
 106         Alias /history ${historyDir}
 107         <Directory ${historyDir}>
 108           DirectoryIndex index.html
 109           AllowOverride None
 110           Require all granted
 111         </Directory>
 112         ''
 113       ];
 114     };
 115
 116     services.websites.env.production.vhostConfs.immae_fr = {
 117       certName    = "immae";
 118       addToCerts  = true;
 119       hosts       = [ "www.immae.fr" "immae.fr" ];
 120       root        = null;
 121       extraConfig = [ ''
 122         RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://www.immae.eu/chapeaux/
 123         '' ];
 124     };
 125
 126     services.websites.env.production.vhostConfs.immae_bouya = {
 127       certName    = "immae";
 128       addToCerts  = true;
 129       hosts       = [ "bouya.org" "www.bouya.org" ];
 130       root        = rechercheDir;
 131       extraConfig = [ ''
 132         <Directory ${rechercheDir}>
 133           DirectoryIndex index.htm index.html
 134           Options Indexes FollowSymLinks MultiViews Includes
 135           AllowOverride All
 136           Require all granted
 137         </Directory>
 138         '' ];
 139     };
 140   };
 141 }