modules/private/websites/immae/production.nix

   1 { lib, pkgs, config,  ... }:
   2 let
   3   cfg = config.myServices.websites.immae.production;
   4   varDir = "/var/lib/buildbot/outputs/immae/blog";
   5   coursDir = "/var/lib/buildbot/outputs/immae/cours";
   6   rechercheDir = "/var/lib/buildbot/outputs/immae/recherche";
   7   recettesDir = "/var/lib/buildbot/outputs/immae/recettes";
   8   historyDir = "/var/lib/buildbot/outputs/immae/history";
   9   docsDir = "/var/lib/buildbot/outputs/immae/docs/";
  10   env = config.myEnv.websites.immae;
  11 in {
  12   options.myServices.websites.immae.production.enable = lib.mkEnableOption "enable Immae's website";
  13
  14   config = lib.mkIf cfg.enable {
  15     myServices.chatonsProperties.enable = true;
  16     services.webstats.sites = [ { name = "www.immae.eu"; } ];
  17
  18     services.websites.env.production.vhostConfs.immae_production = {
  19       certName     = "immae";
  20       addToCerts   = true;
  21       certMainHost = "www.immae.eu";
  22       hosts        = [ "www.immae.eu" "immae.eu" ];
  23       root         = varDir;
  24       extraConfig  = [
  25         ''
  26         Use Stats www.immae.eu
  27         Header always set Strict-Transport-Security "max-age=31536000"
  28
  29         <LocationMatch /.well-known/(webfinger|host-meta)>
  30           Header always set Referrer-Policy "strict-origin-when-cross-origin"
  31           RequestHeader set X-Forwarded-Proto "https"
  32
  33           RewriteRule ^(.*)$ https://mastodon.immae.eu%{REQUEST_URI} [QSA,L]
  34         </LocationMatch>
  35
  36         RewriteEngine On
  37         RewriteCond "%{REQUEST_URI}" "!^/.well-known/(webfinger|host-meta)"
  38         RewriteCond "%{HTTP_HOST}" "!^www\.immae\.eu$" [NC]
  39         RewriteRule ^(.+)$ https://www.immae.eu$1 [R=302,L]
  40
  41         <Directory ${varDir}>
  42           DirectoryIndex index.htm index.html
  43           Options Indexes FollowSymLinks MultiViews Includes
  44           AllowOverride All
  45           Require all granted
  46         </Directory>
  47
  48         Alias /.well-known/matrix ${./matrix}
  49         <Directory ${./matrix}>
  50           Options Indexes FollowSymLinks MultiViews Includes
  51           AllowOverride None
  52           Require all granted
  53           Header always set Access-Control-Allow-Origin "*"
  54         </Directory>
  55
  56         Alias /cours ${coursDir}
  57         <Directory ${coursDir}>
  58           DirectoryIndex index.htm index.html
  59           Options Indexes FollowSymLinks MultiViews Includes
  60           AllowOverride All
  61           Require all granted
  62         </Directory>
  63
  64         Alias /docs ${docsDir}
  65         <Directory ${docsDir}>
  66           DirectoryIndex index.htm index.html
  67           Options Indexes FollowSymLinks MultiViews Includes
  68           AllowOverride All
  69           Require all granted
  70         </Directory>
  71
  72         Alias /eurl ${./sarl}
  73         Alias /eurl ${./sarl}
  74         <Directory ${./sarl}>
  75           DirectoryIndex index.htm index.html
  76           Options Indexes FollowSymLinks MultiViews Includes
  77           AllowOverride None
  78           Require all granted
  79         </Directory>
  80
  81         Alias /recherche ${rechercheDir}
  82         <Directory ${rechercheDir}>
  83           DirectoryIndex index.htm index.html
  84           Options Indexes FollowSymLinks MultiViews Includes
  85           AllowOverride All
  86           Require all granted
  87         </Directory>
  88
  89         Alias /recettes ${recettesDir}
  90         <Directory ${recettesDir}>
  91           DirectoryIndex index.htm index.html
  92           Options Indexes FollowSymLinks MultiViews Includes
  93           AllowOverride All
  94           Require all granted
  95         </Directory>
  96
  97         Alias /history ${historyDir}
  98         <Directory ${historyDir}>
  99           DirectoryIndex index.html
 100           AllowOverride None
 101           Require all granted
 102         </Directory>
 103         ''
 104       ];
 105     };
 106
 107     services.websites.env.production.vhostConfs.immae_fr = {
 108       certName    = "immae";
 109       addToCerts  = true;
 110       hosts       = [ "www.immae.fr" "immae.fr" ];
 111       root        = null;
 112       extraConfig = [ ''
 113         RedirectMatch 301 ^/((?!\.well-known.*$).*)$ https://www.immae.eu/chapeaux/
 114         '' ];
 115     };
 116
 117     services.websites.env.production.vhostConfs.immae_bouya = {
 118       certName    = "immae";
 119       addToCerts  = true;
 120       hosts       = [ "bouya.org" "www.bouya.org" ];
 121       root        = rechercheDir;
 122       extraConfig = [ ''
 123         <Directory ${rechercheDir}>
 124           DirectoryIndex index.htm index.html
 125           Options Indexes FollowSymLinks MultiViews Includes
 126           AllowOverride All
 127           Require all granted
 128         </Directory>
 129         '' ];
 130     };
 131   };
 132 }